U.S. Lawmakers Attack Google for Its Huawei Relationship

The lawmakers claim Google is “more willing to support the Chinese Communist Party than the U.S. military.”

DroneDeploy and Cloudflare Workers

Images courtesty of DroneDeploy

When we launched Workers a few months ago, much of the focus was on use cases surrounding websites running on origins that needed extra oomph. With Workers you can easily take a site, introduce a raft of personalization capabilities, A/B test changes or even aggregate a set of API responses around a range of services. In short by layering in Cloudflare Workers we can take origin websites and do transformational things.

One of the joys of a platform, is that you never know where you are going to see the next use case. Enter DroneDeploy

DroneDeploy is a cloud platform that makes it easy to collect and analyze drone imagery and data. Simply install DroneDeploy on your mobile device and connect to a DJI drone. DroneDeploy flies the drone, collects the imagery, then stitches the photos into maps.

The maps can show things like crop conditions & stress, construction project progress, or even thermal temperature ranges across vast solar farms or for search and rescue situations.

Using plant health algorithms applied to drone-generated maps, growers can pinpoint crop stress in their fields and stomp out pests, disease, or irrigation issues.

With Thermal Live Map, it’s possible Continue reading

Forcepoint, McAfee, and Symantec Join Silver Peak SD-WAN Security Alliance

The Silver Peak security alliance ecosystem enables customer to choose from eight different security offerings.

Intel CEO Krzanich Resigns Over Past Relationship With Employee

The company's board of directors named CFO Robert Swan as interim CEO while it searches for a successor.

We’re Going to Visit All 203 Nations

In November 2017, the Internet Society hosted the inaugural Indigenous Connectivity Summit in Santa Fe, New Mexico. The event brought together community network operators, Internet service providers, community members, researchers, policy makers, and Indigenous leadership. One of the participants shared her story.

Denise Williams,Coast Salish from Cowichan Tribes on Vancouver Island, began her career as an ESL teacher, with the idea that she would travel the world teaching English. A chance encounter on a bus – “I’m from a small town so I talk to whoever is in my vicinity,” says Williams – served as an entry point to work as a policy analyst for Indigenous and Northern Affairs Canada, which led to Education Technology work at the First Nations Education Steering Committee. “I learned the way that digital technologies either advance or detract from a community’s ability to nurture curiosity in their youth,” says Williams. “I came from no understanding of networks to it becoming my life’s work. I don’t know if i found it or it found me.”

In 2015, Williams took the reigns of the totally defunded First Nations Technology Council, and through strategic planning and vision, has grown the organization’s programs in talent development, Continue reading

Worth Reading: Meet Bro

In a nutshell, Bro transforms network traffic — in all its volume, variety, and downright weirdness — into exceptionally useful real-time data for security operations. Through deep packet inspection, Bro can extract hundreds of security-relevant fields from dozens of protocols and present them in a way that makes sense to security operations center engineers. —Greg Bell @Dark Reading

HPE Boots Up Sandbox Of The Machine For Early Users

It has been four years since Kirk Bresniker, HPE Fellow, vice president, and chief architect at Hewlett Packard Labs, stood before a crowd of journalists and analysts at the company’s Discover show and announced plans to create a new computing architecture that puts the focus on memory and will eventually use such technologies as silicon photonics and memristors. …

HPE Boots Up Sandbox Of The Machine For Early Users was written by Jeffrey Burt at .

Network professionals should think SD-Branch, not just SD-WAN

Earlier this year, fellow industry analyst Lee Doyle wrote a blog post on the software-defined branch (SD-Branch) market hitting $3 billion by 2022. Doyle defines the SD-Branch as having SD-WAN, routing, network security, and LAN/Wi-Fi functions all in one platform with integrated, centralized management. An SD-Branch can be thought of as the next step after SD-WAN, as the latter transforms the transport and the former focuses on things in the branch, such as optimizing user experience and improving security.I don’t often critique other analysts work, as their opinion is theirs and not everyone agrees. However, in this case, I don't think “all in one platform” should be a requirement. The integrated and centralized management hits the nail on the head, but the software should act as a management overlay, so even though the infrastructure isn’t a “single box,” it’s managed like it.To read this article in full, please click here

Network professionals should think SD-Branch, not just SD-WAN

Earlier this year, fellow industry analyst Lee Doyle wrote a blog post on the software-defined branch (SD-Branch) market hitting $3 billion by 2022. Doyle defines the SD-Branch as having SD-WAN, routing, network security, and LAN/Wi-Fi functions all in one platform with integrated, centralized management. An SD-Branch can be thought of as the next step after SD-WAN, as the latter transforms the transport and the former focuses on things in the branch, such as optimizing user experience and improving security.I don’t often critique other analysts work, as their opinion is theirs and not everyone agrees. However, in this case, I don't think “all in one platform” should be a requirement. The integrated and centralized management hits the nail on the head, but the software should act as a management overlay, so even though the infrastructure isn’t a “single box,” it’s managed like it.To read this article in full, please click here

An Introduction to Windows Security with Ansible

Welcome to another installment of our Windows-centric Getting Started Series! In the prior posts we talked about connecting to Windows machines, gave a brief introduction on using Ansible with Active Directory, and discussed package management options on Windows with Ansible. In this post we’ll talk a little about applying security methodologies and practices in relation to our original topics.

The Triad

In order to discuss security issues in relation to Ansible and Windows, we’ll be applying concepts from the popular CIA Triad: Confidentiality, Integrity, and Availability. 

Confidentiality is pretty self-evident — protecting confidentiality helps restrict private data to only authorized users and helps to prevent non-authorized ones from seeing it. The way this is accomplished involves several techniques such as authentication, authorization, and encryption. When working with Windows, this means making sure the hosts know all of the necessary identities, that each user is appropriately verified, and that the data is protected (by, for example, encryption) so that it can only be accessed by authorized parties.

Integrity is about making sure that the data is not tampered with or damaged so that it is unusable. When you’re sending data across a network you want to make sure that it arrives Continue reading

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

Why Spanning Tree Is Important: A Demo

Upcoming Webinars and Events: Autumn 2018

On Tuesday I had the last webinar in spring 2018. One more online course session and it will be time for long summer break. In the meantime, we’re already planning the autumn events:

• We’ll start with Lean Start in Network Automation workshop in Zurich, Switzerland, on August 30^th. Register here.
• Building Network Automation Solutions online course starts on September 20^th.

We also have the first webinars scheduled:

• We’ll start with two introductory webinars: SDDC 101 on August 28^th and SD-WAN Overview on September 4^th.
• The first session of technical deep dive into VMware NSX will be on September 11^th.
• Amazon Web Service Networking workshop was a huge success, and we’ll turn it into a webinar in early October.
• There will be an interesting math-focused webinar on October 8^th;
• Dinesh Dutt will talk about fabric troubleshooting in mid-November;

You can attend all these webinars with an ipSpace.net webinar subscription.

Generalized data structure synthesis

Generalized data structure synthesis Loncaric et al., ICSE’18

Many systems have a few key data structures at their heart. Finding correct and efficient implementations for these data structures is not always easy. Today’s paper introduces Cozy (https://cozy.uwplse.org), which can handle this task for you given a high-level specification of the state, queries, and update operations that need to be supported.

Cozy has three goals: to reduce programmer effort, to produce bug-free code, and to match the performance of handwritten code. We found that using Cozy requires an order of magnitude fewer lines of code than manual implementation, makes no mistakes even when human programmers do, and often matches the performance of handwritten code.

Let’s start out by looking at four case studies from the evaluation, to get a feel for where Cozy applies.

• ZTopo is a topological map viewer implemented in C++. A core data structure is the map tile cache for map tiles that are asynchronously loaded over the network and cached on disk or in memory.
• Sat4j is a Boolean sat solver implemented in Java. A core data structure is the variable store.
• Openfire is a large scalable IRC server implemented in Java. Continue reading

Create a nested virtual machine in a Microsoft Azure Linux VM

Microsoft Azure unofficially supports nested virtualization using KVM on Linux virtual machines, which makes it possible to build network emulation scenarios in the cloud using the same technologies you would use if you were using your own PC or a local server.

In this post, I will show you how to set up a Linux virtual machine in Microsoft Azure and then create a nested virtual machine inside the Azure virtual machine. This is a simple example, but you may use the same procedure as a starting point to create more complex network emulation scenarios using nested virtualization.

Prerequisites

To follow this tutorial, you need an Azure account. Microsoft offers a free-trial period that provides up to $300 in credits for up to 30 days. Creating a free trial account is easy: follow the instructions at: https://azure.microsoft.com/free.

If you have not used MS Azure before, I recommend the free training offered on their web site. The first course you should take is the beginner-level Azure Administrator course, which demonstrates all the basic topics you will need to understands when managing virtual machines in Azure.

In this tutorial, I will use the Azure CLI to create and manage Continue reading

Serverless SDN – Network Engineering Analysis of Appswitch

Virtual networking has been one of the hottest areas of research and development in recent years. Kubernetes alone has, at the time of writing, 20 different networking plugins, some of which can be combined to build even more plugins. However, if we dig a bit deeper, most of these plugins and solutions are built out of two very simple constructs:

• a virtual switch - anything from a linux bridge through VPP and IOVisor to OVS
• ACL/NAT - most commonly implemented as iptables, with anything from netfilter to eBPF under the hood

Note1: for the purpose of this article I won’t consider service meshes as a network solution, although it clearly is one, simply because it operates higher than TCP/IP and ultimately still requires network plumbing to be in place

If those look familiar, you’re not mistaken, they are the same exact things that were used to connect VMs together and enforce network security policies at the dawn of SDN era almost a decade ago. Although some of these technologies have gone a long way in both features and performance, they still treat containers the same way they treated VMs. There are a few exceptions that don’t involve the above Continue reading

Argo Tunnels: Spread the Load

We recently announced Argo Tunnel which allows you to deploy your applications anywhere, even if your webserver is sitting behind a NAT or firewall. Now, with support for load balancing, you can spread the traffic across your tunnels.

A Quick Argo Tunnel Recap

Argo Tunnel allows you to expose your web server to the internet without having to open routes in your firewall or setup dedicated routes. Your servers stay safe inside your infrastructure. All you need to do is install cloudflared (our open source agent) and point it to your server. cloudflared will establish secure connections to our global network and securely forward requests to your service. Since cloudflared initializes the connection, you don't need to open a hole in your firewall or create a complex routing policy. Think of it as a lightweight GRE tunnel from Cloudflare to your server.

Tunnels and Load Balancers

CC BY-NC-ND 2.0 image by Carey Lyons

If you are running a simple service as a proof of concept or for local development, a single Argo Tunnel can be enough. For real-world deployments though, you almost always want multiple instances of your service running on seperate machines, availability zones, or even countries. Cloudflare’s Continue reading

HPE CEO: Software-Defined Is a Gimmick. We Have Edge to Cloud

Antonio Neri says software defined is just a means to deliver a true edge-to-cloud architecture. He says HPE can deliver, but Dell can’t.

NGINX Series C Gathers $43M from Goldman Sachs

The company is looking to boost its product offerings based on its NGINX Plus platform, as well as target Kubernetes and Istio.