Spirent Sharpens Its Focus on 5G and Lifecycle Service Assurance
In the first half of 2018, Spirent boasted a number of 5G development wins and partnerships, including one with China Mobile.
Arista Lifts Its Mojo by Acquiring a Cognitive WiFi Company
At first blush, a WiFi acquisition seems a little far afield for a data center switching company. And Jefferies analyst George Notter expressed that same sentiment. But Arista makes a good argument for it.
Nutanix Boosts Its Cloud Stack With $165M Frame Acquisition
Adobe, Siemens, VMware, and Autodesk, are some of Frame’s customers using the infrastructure-agnostic platform to deliver apps from the cloud.
Segment Struggled With Microservices, Went Back to Monolith
The data aggregation platform provider jumped in early on using microservices but found scaling and monitoring challenges actually hurt productivity.
Deploying Secure Kubernetes Containers in Production: Understanding the Threats
Inadequate container security is increasingly leading to strikes related to ransomware, cryptomining, data theft, and service disruption attacks.
Show 401: A Deeper Understanding Of Free Range Routing (FRR)
Free Range Routing (FRR) is an open source routing project. It’s designed to provide a full routing stack that can run on top of a network OS. FRR is itself a fork from the Quagga routing project.
On today’s Weekly Show, recorded live from IETF 102, we talk with Donald Sharp to learn about FRR, understand its capabilities, and get an update on roadmap features.
We also get a behind-the-scenes look at how new features are chosen, architectural issues that can lead to performance bottlenecks (and how to overcome them), and the challenge of making a programmatic interface for a project that was not originally conceived with that in mind.
We also discuss open source communities–how to understand them, the sorts of people that are involved with them, and the role a developer plays vs. a product consumer.
Then we get specific as to how someone with no previous project involvement can vet the community, decide to become involved, and add value to the group at large–even if they aren t developers.
Donald Sharp is Principal Engineer at Cumulus Networks and a lead contributor to the FRR project.
Show Links:
Free Range Routing Home Page – frrouting.org
Container Conference Presentation
This week, I did a presentation in Container Conference, Bangalore. The conference was well conducted and it was attended by 400+ quality attendees. I enjoyed some of the sessions and also had fun talking to attendees. The topic I presented was “Deep dive into Kubernetes Networking”. Other than covering Kubernetes networking basics, I also touched … Continue reading Container Conference Presentation
Stuff The Internet Says On Scalability For August 3rd, 2018
Hey, it's HighScalability time:
Everything starts with Doug Engelbart — Jane Metcalfe.
It was the very first time (1968) the world had ever seen a mouse, seen outline processing, seen hypertext, seen mixed text and graphics, seen real-time video conferencing. — Doug Engelbart (Valley of Genius).
ARPA funded the demo at a cost of $1 million. Most importantly? It was the first use of a todo list as an example. A tradition unlike any other.
Do you like this sort of Stuff? Please lend me your support on Patreon. It would mean a great deal to me. And if you know anyone looking for a simple book that uses lots of pictures and lots of examples to explain the cloud, then please recommend my new book: Explain the Cloud Like I'm 10. They'll love you even more.
- $1 trillion: Apple; 45: mean founder age for fastest growing new ventures; 1 trillion: files created by Trinity in 2 minutes; $3.93 billion: Baidu's AI driven quarterly revenues; 13.7: microsecond error in GPS timestamps for nearly 14 hours; 240 million: Apple CarPlay cars by 2023; 99%: confidence setting Continue reading
SDxCentral’s Weekly Roundup — August 3, 2018
Huawei's first half of 2018 revenues increased 15 percent year over year; Harbor joins CNCF; Linux Foundation and Hyperledger continue to grow.
ARM Spells Out Its New IoT Platform — Pelion
The company says the Pelion IoT Platform “definitely complements our chip design business.”
The one thing private equity firms typically overlook when funding startup WISPs…professional network engineers.
.
Funding a new WISP
There are a number of ways to fund a startup Wireless Internet Service Provider (WISP), but the two we most commonly see as network engineering consultants at IP ArchiTechs are self funded by individuals/partners or by leveraging private equity (PE) money.
Private equity has become increasingly popular in the last few years if we are to use our consulting clients as a basis for comparison.
It’s not hard to see why, while you can (and many do) start a WISP on a shoestring budget, getting a significant chunk of initial funding to cover the costs of tower construction/leasing, network equipment, sales/marketing, etc is very attractive as it allows a WISP to build a network that might otherwise take several years of organic growth to achieve.
Network Engineering – the missing ingredient
Many startup WISPs are often borne out of necessity – fast, reliable or economical Internet access – one or more of these is missing in the areas we see WISPs develop.
Typically the stakeholders come from a variety of backgrounds some of which are technical and some aren’t – all of them, however, share a vision of building out Internet access and solving problems Continue reading
The one thing private equity firms typically overlook when funding startup WISPs…professional network engineers.
.
Funding a new WISP
There are a number of ways to fund a startup Wireless Internet Service Provider (WISP), but the two we most commonly see as network engineering consultants at IP ArchiTechs are self funded by individuals/partners or by leveraging private equity (PE) money.
Private equity has become increasingly popular in the last few years if we are to use our consulting clients as a basis for comparison.
It’s not hard to see why, while you can (and many do) start a WISP on a shoestring budget, getting a significant chunk of initial funding to cover the costs of tower construction/leasing, network equipment, sales/marketing, etc is very attractive as it allows a WISP to build a network that might otherwise take several years of organic growth to achieve.
Network Engineering – the missing ingredient
Many startup WISPs are often borne out of necessity – fast, reliable or economical Internet access – one or more of these is missing in the areas we see WISPs develop.
Typically the stakeholders come from a variety of backgrounds some of which are technical and some aren’t – all of them, however, share a vision of building out Internet access and solving problems Continue reading
Response: How the Hippies Destroyed the Internet | July 2018 | Communications of the ACM
Does it simplify to Freedom vs Cost of Access
oVirt SAML with keyloak using 389ds user federation
In this post I will introduce how simple it is to integrate SAML with oVirt using Keycloak and LDAP user federation.
Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider.
As SAML is not integrated into oVirt directly, we use Apache to do the SAML authentication for us. The mod_auth_mellon module nicely covers all needed functionality.
mod_auth_mellon configuration
First we need to configure oVirt's apache. SSH to the oVirt engine and create a directory where we'll store all SAML related certificates.
ssh root@engine
yum install -y mod_auth_mellon
mkdir -p /etc/httpd/saml2
When we install the mod_auth_mellon package, it will create /etc/httpd/conf.d/auth_mellon.conf.
We need to modify this file to our needs, as follows:
<Location />
MellonEnable "info"
MellonDecoder "none"
MellonVariable "cookie"
MellonSecureCookie On
MellonSessionDump On
MellonSamlResponseDump On
MellonSessionLength 86400
MellonUser "NAME_ID"
MellonEndpointPath /saml2
MellonSPCertFile /etc/httpd/saml2/ovirtsp-cert.cert
MellonSPPrivateKeyFile /etc/httpd/saml2/ovirtsp-key.key
MellonSPMetadataFile /etc/httpd/saml2/ovirtsp-metadata.xml
MellonIdPMetadataFile /etc/httpd/saml2/idp-metadata.xml
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
RequestHeader set X-Remote-User %{REMOTE_USER}s
</Location>
<LocationMatch ^/ovirt-engine/sso/(interactive-login-negotiate|oauth/token-http-auth)|^/ovirt-engine/api>
<If "req('Authorization') !~ /^(Bearer| Continue readingoVirt SAML with keyloak using 389ds user federation
In this post I will introduce how simple it is to integrate SAML with oVirt using Keycloak and LDAP user federation.
Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider.
As SAML is not integrated into oVirt directly, we use Apache to do the SAML authentication for us. The mod_auth_mellon module nicely covers all needed functionality.
mod_auth_mellon configuration
First we need to configure oVirt's apache. SSH to the oVirt engine and create a directory where we'll store all SAML related certificates.
ssh root@engine
yum install -y mod_auth_mellon
mkdir -p /etc/httpd/saml2
When we install the mod_auth_mellon package, it will create /etc/httpd/conf.d/auth_mellon.conf.
We need to modify this file to our needs, as follows:
<Location />
MellonEnable "info"
MellonDecoder "none"
MellonVariable "cookie"
MellonSecureCookie On
MellonSessionDump On
MellonSamlResponseDump On
MellonSessionLength 86400
MellonUser "NAME_ID"
MellonEndpointPath /saml2
MellonSPCertFile /etc/httpd/saml2/ovirtsp-cert.cert
MellonSPPrivateKeyFile /etc/httpd/saml2/ovirtsp-key.key
MellonSPMetadataFile /etc/httpd/saml2/ovirtsp-metadata.xml
MellonIdPMetadataFile /etc/httpd/saml2/idp-metadata.xml
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
RequestHeader set X-Remote-User %{REMOTE_USER}s
</Location>
<LocationMatch ^/ovirt-engine/sso/(interactive-login-negotiate|oauth/token-http-auth)|^/ovirt-engine/api>
<If "req('Authorization') !~ /^(Bearer| Continue readingShort Take – SDN Is Not Devops
In this short take, Russ White talks about the differences between SDN and Devops. Some may consider this obvious, but the differentiation is a bit more nuanced when looking at the goals of both.
Russ White
The post Short Take – SDN Is Not Devops appeared first on Network Collective.
Cisco and the Two-Factor Two-Step
In case you missed the news, Cisco announced yesterday that they are buying Duo Security. This is a great move on Cisco’s part. They need to beef up their security portfolio to compete against not only Palo Alto Networks but also against all the up-and-coming startups that are trying to solve problems that are largely being ignored by large enterprise security vendors. But how does an authentication vendor help Cisco?
Who Are You?
The world relies on passwords to run. Banks, email, and even your mobile device has some kind of passcode. We memorize them, write them down, or sometimes just use a password manager (like 1Password) to keep them safe. But passwords can be guessed. Trivial passwords are especially vulnerable. And when you factor in things like rainbow tables, it gets even scarier.
The most secure systems require you to have some additional form of authentication. You may have heard this termed as Two Factor Authentication (2FA). 2FA makes sure that no one is just going to be able to guess your password. The most commonly accepted forms of multi-factor authentication are:
- Something You Know – Password, PIN, etc
- Something You Have – Credit Card, Auth token, Continue reading
Network Security Analysis: A New Approach
A collaborative, peer-to-peer strategy provides several advantages over the traditional siloed approach to detecting and mitigating cyberthreats.