Arm flexes flexibility with Pelion IoT announcement

The pervasiveness of Arm-based silicon – it’s everywhere from cars to signage to smartphones to supercomputers – makes the company a natural fit for an internet of things platform like the one it just announced.The Pelion IoT Platform's main selling point is its universality – the company boasts that it’s able to handle “any device, any data, any cloud” – in a marketplace overflowing with vertical-specific solutions. (GE and Siemens make industrial IoT products, other companies make platforms designed specifically to work well in healthcare, fleet management, or agricultural environments, and so on.)[ Check out our corporate guide to addressing IoT security. ] Pelion can sit on an edge device, in a data center, or even in an endpoint, integrating devices into a working ecosystem, although the focus is on the edge.To read this article in full, please click here

Stuff The Internet Says On Scalability For August 3rd, 2018

Hey, it's HighScalability time:

 

Everything starts with Doug Engelbart — Jane Metcalfe.
It was the very first time (1968) the world had ever seen a mouse, seen outline processing, seen hypertext, seen mixed text and graphics, seen real-time video conferencing. — Doug Engelbart (Valley of Genius).
ARPA funded the demo at a cost of $1 million. Most importantly? It was the first use of a todo list as an example. A tradition unlike any other.

 

Do you like this sort of Stuff? Please lend me your support on Patreon. It would mean a great deal to me. And if you know anyone looking for a simple book that uses lots of pictures and lots of examples to explain the cloud, then please recommend my new book: Explain the Cloud Like I'm 10. They'll love you even more.

 

The one thing private equity firms typically overlook when funding startup WISPs…professional network engineers.

22893884 - telecommunications radio tower or mobile phone base station with engineers in concept background

.

Funding a new WISP

There are a number of ways to fund a startup Wireless Internet Service Provider (WISP), but the two we most commonly see as network engineering consultants at IP ArchiTechs are self funded by individuals/partners or by leveraging private equity (PE) money.

Private equity has become increasingly popular in the last few years if we are to use our consulting clients as a basis for comparison.

It’s not hard to see why, while you can (and many do) start a WISP on a shoestring budget, getting a significant chunk of initial funding to cover the costs of tower construction/leasing, network equipment, sales/marketing, etc is very attractive as it allows a WISP to build a network that might otherwise take several years of organic growth to achieve.

 

Network Engineering – the missing ingredient

Many startup WISPs are often borne out of necessity – fast, reliable or economical Internet access – one or more of these is missing in the areas we see WISPs develop.

Typically the stakeholders come from a variety of backgrounds some of which are technical and some aren’t – all of them, however, share a vision of building out Internet access and solving problems Continue reading

The one thing private equity firms typically overlook when funding startup WISPs…professional network engineers.

22893884 - telecommunications radio tower or mobile phone base station with engineers in concept background

.

Funding a new WISP

There are a number of ways to fund a startup Wireless Internet Service Provider (WISP), but the two we most commonly see as network engineering consultants at IP ArchiTechs are self funded by individuals/partners or by leveraging private equity (PE) money.

Private equity has become increasingly popular in the last few years if we are to use our consulting clients as a basis for comparison.

It’s not hard to see why, while you can (and many do) start a WISP on a shoestring budget, getting a significant chunk of initial funding to cover the costs of tower construction/leasing, network equipment, sales/marketing, etc is very attractive as it allows a WISP to build a network that might otherwise take several years of organic growth to achieve.

 

Network Engineering – the missing ingredient

Many startup WISPs are often borne out of necessity – fast, reliable or economical Internet access – one or more of these is missing in the areas we see WISPs develop.

Typically the stakeholders come from a variety of backgrounds some of which are technical and some aren’t – all of them, however, share a vision of building out Internet access and solving problems Continue reading

oVirt SAML with keyloak using 389ds user federation

In this post I will introduce how simple it is to integrate SAML with oVirt using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider. As SAML is not integrated into oVirt directly, we use Apache to do the SAML authentication for us. The mod_auth_mellon module nicely covers all needed functionality.

mod_auth_mellon configuration

First we need to configure oVirt's apache. SSH to the oVirt engine and create a directory where we'll store all SAML related certificates.

ssh root@engine
yum install -y mod_auth_mellon
mkdir -p /etc/httpd/saml2

When we install the mod_auth_mellon package, it will create /etc/httpd/conf.d/auth_mellon.conf. We need to modify this file to our needs, as follows:

<Location />
    MellonEnable "info"
    MellonDecoder "none"
    MellonVariable "cookie"
    MellonSecureCookie On
    MellonSessionDump On
    MellonSamlResponseDump On
    MellonSessionLength 86400

    MellonUser "NAME_ID"
    MellonEndpointPath /saml2

    MellonSPCertFile /etc/httpd/saml2/ovirtsp-cert.cert
    MellonSPPrivateKeyFile /etc/httpd/saml2/ovirtsp-key.key
    MellonSPMetadataFile /etc/httpd/saml2/ovirtsp-metadata.xml
    MellonIdPMetadataFile /etc/httpd/saml2/idp-metadata.xml

    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
    RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
    RequestHeader set X-Remote-User %{REMOTE_USER}s
</Location>

<LocationMatch ^/ovirt-engine/sso/(interactive-login-negotiate|oauth/token-http-auth)|^/ovirt-engine/api>
  <If "req('Authorization') !~ /^(Bearer| Continue reading

oVirt SAML with keyloak using 389ds user federation

In this post I will introduce how simple it is to integrate SAML with oVirt using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider. As SAML is not integrated into oVirt directly, we use Apache to do the SAML authentication for us. The mod_auth_mellon module nicely covers all needed functionality.

mod_auth_mellon configuration

First we need to configure oVirt's apache. SSH to the oVirt engine and create a directory where we'll store all SAML related certificates.

ssh root@engine
yum install -y mod_auth_mellon
mkdir -p /etc/httpd/saml2

When we install the mod_auth_mellon package, it will create /etc/httpd/conf.d/auth_mellon.conf. We need to modify this file to our needs, as follows:

<Location />
    MellonEnable "info"
    MellonDecoder "none"
    MellonVariable "cookie"
    MellonSecureCookie On
    MellonSessionDump On
    MellonSamlResponseDump On
    MellonSessionLength 86400

    MellonUser "NAME_ID"
    MellonEndpointPath /saml2

    MellonSPCertFile /etc/httpd/saml2/ovirtsp-cert.cert
    MellonSPPrivateKeyFile /etc/httpd/saml2/ovirtsp-key.key
    MellonSPMetadataFile /etc/httpd/saml2/ovirtsp-metadata.xml
    MellonIdPMetadataFile /etc/httpd/saml2/idp-metadata.xml

    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
    RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
    RequestHeader set X-Remote-User %{REMOTE_USER}s
</Location>

<LocationMatch ^/ovirt-engine/sso/(interactive-login-negotiate|oauth/token-http-auth)|^/ovirt-engine/api>
  <If "req('Authorization') !~ /^(Bearer| Continue reading

Cisco and the Two-Factor Two-Step

In case you missed the news, Cisco announced yesterday that they are buying Duo Security. This is a great move on Cisco’s part. They need to beef up their security portfolio to compete against not only Palo Alto Networks but also against all the up-and-coming startups that are trying to solve problems that are largely being ignored by large enterprise security vendors. But how does an authentication vendor help Cisco?

Who Are You?

The world relies on passwords to run. Banks, email, and even your mobile device has some kind of passcode. We memorize them, write them down, or sometimes just use a password manager (like 1Password) to keep them safe. But passwords can be guessed. Trivial passwords are especially vulnerable. And when you factor in things like rainbow tables, it gets even scarier.

The most secure systems require you to have some additional form of authentication. You may have heard this termed as Two Factor Authentication (2FA). 2FA makes sure that no one is just going to be able to guess your password. The most commonly accepted forms of multi-factor authentication are:

  • Something You Know – Password, PIN, etc
  • Something You Have – Credit Card, Auth token, Continue reading

ISOC advocating IoT Trust at APAN 46

APAN 46 is being held on 5-9 August 2018 in Auckland, New Zealand, with the Internet Society being one of the sponsors. I’ll also be talking about IoT Security and the OTA IoT Trust Framework, as well as using the opportunity to continue to raise awareness of the MANRS Routing Security Initiative amongst network operators in the Asia-Pacific region.

The Asia Pacific Advanced Network (APAN) supports the research and education networks in the region to help them to connect to each other and to other R&E networks around the world, provides opportunities to exchange knowledge, and coordinates common activities, services and applications for its membership. It was established back in 1997, and this is the second of its two annual meetings for 2018.

I’ll be speaking during the Internet-of-Things session next Wednesday (8 August 2018 @ 09.00-10.30 UTC+12), and will discuss how IoT is responsible for huge growth in the number of unmanaged or minimally-managed devices connected to the Internet, but do we really know who or what is communicating with them, and the information they are collecting and sending? I’ll also present ISOC’s Online Trust Alliance’s initiative to develop the IoT Trust Framework which is backed Continue reading

Network World: Edge, Intent-based networking are all the rage; IT networking budgets rise

As distributed resources from wired, wireless, cloud and Internet of Things networks grow, the need for a more intelligent network edge is growing with it.Network World’s 8th annual State of the Network survey shows the growing importance of edge networking, finding that 56% of respondents have plans for edge computing in their organizations. [ Related: How to plan a software-defined data-center network ] Typically, edge networking entails sending data to a local device that includes compute, storage and network connectivity in a small form factor. Data is processed at the edge, and all or a portion of it is sent to the central processing or storage repository in a corporate data center or infrastructure-as-a-service (IaaS) cloud.To read this article in full, please click here

Network World: Edge, Intent-based networking are all the rage; IT networking budgets rise

As distributed resources from wired, wireless, cloud and Internet of Things networks grow, the need for a more intelligent network edge is growing with it.Network World’s 8th annual State of the Network survey shows the growing importance of edge networking, finding that 56% of respondents have plans for edge computing in their organizations. [ Related: How to plan a software-defined data-center network ] Typically, edge networking entails sending data to a local device that includes compute, storage and network connectivity in a small form factor. Data is processed at the edge, and all or a portion of it is sent to the central processing or storage repository in a corporate data center or infrastructure-as-a-service (IaaS) cloud.To read this article in full, please click here

Network World: Edge, Intent-based networking are all the rage; IT networking budgets rise

As distributed resources from wired, wireless, cloud and Internet of Things networks grow, the need for a more intelligent network edge is growing with it.Network World’s 8th annual State of the Network survey shows the growing importance of edge networking, finding that 56% of respondents have plans for edge computing in their organizations. [ Related: How to plan a software-defined data-center network ] Typically, edge networking entails sending data to a local device that includes compute, storage and network connectivity in a small form factor. Data is processed at the edge, and all or a portion of it is sent to the central processing or storage repository in a corporate data center or infrastructure-as-a-service (IaaS) cloud.To read this article in full, please click here

Worth Reading: Every Silver Lining has a Cloud

All the tools you built during those last two years work only because they have direct knowledge of the system components down to the metal, or at least as close to the metal as possible. Once you move a system into the cloud, your application is sharing resources with other, competing systems, and if you are taking advantage of elastic pricing, then your machines may not even be running until the cloud provider deems them necessary. —George V. Neville-Neil @ACM

1 1,519 1,520 1,521 1,522 1,523 3,849