NSX Cloud Blog Series Part 2: A Consistent Security Posture Across Your Hybrid Cloud

We now dig deeper into the cloud security use-case.  As more and more companies embrace cloud, the cloud IT teams are tasked with the responsibility of ensuring that these cloud deployments are secure. Cloud inherently brings in new environments, and these cloud security teams are now faced with ensuring Enterprise security policy consistency across these multiple disparate cloud environments.

 

VMware NSX Cloud addresses these challenges, offering a common security and micro-segmentation platform across the on-premises and cloud environment. Together with NSX Data Center, it provides a single pane of glass to provision and manages consistent security controls not only for cross-cloud communication but also within each cloud.

 

Let’s start with VISIBILITY. You can’t protect what you can’t see. As a cloud infrastructure/security team, you may have to manage 1 AWS cloud account (subscription in Azure) and 1 AWS VPC (VNET in Azure) … or you may be managing 500+ accounts/subscriptions, each having multiple VPCs / VNETs. As cloud deployments bring automation and higher levels of agility, the cloud footprint that you would be responsible for can quickly become large and constantly evolve. How do you ensure that this dynamic environment is secure?

 

Focused on this specific Continue reading

Get ready for upcoming 6G wireless, too

Coinciding with a signing-off of global standardizations for the as-yet-unlaunched 5G radio technology by 3GPP this month we get news of initial development plans for faster 6G wireless. The Center for Converged TeraHertz Communications and Sensing (ComSenTer) says it’s investigating new radio technologies that will make up 6G.One hundred gigabits-per-second speeds will be streamed to 6G users with very low latency, the group says on its website.To read this article in full, please click here

BrandPost: Celebrating the Rise of 400G

Ciena Helen XenosSenior Director, Portfolio Marketing The era of 400G was in full force at OFC (The Optical Fiber Communication Conference and Exhibition), and we took some time to celebrate this milestone. Here are what our customers have to say about their 400G success – and what it means for the industry.If you needed another leading indicator that 400G is the next big thing in optical networks, look no further than the OFC ’18 conference recently held in San Diego.  The show was abuzz with vendor plans for new technologies that squeeze more bandwidth than ever down an optical channel.  These 400G-capable coherent solutions offer better system performance and tunable capacity from 100G to 400G per wavelength. To read this article in full, please click here

T-25 days until Chrome starts flagging HTTP sites as “Not Secure”

T-25 days until Chrome starts flagging HTTP sites as

Less than one month from today, on July 23, Google will start prominently labeling any site loaded in Chrome without HTTPS as "Not Secure".

Checking
Domain already redirects to HTTPS
Domain will be labeled "Not Secure"
Error
Current (Chrome 67)
http:// 
Current (Chrome 67)
https:// 
July 2018 (Chrome 68)
https:// 
July 2018 (Chrome 68)
http:// 

When we wrote about Google’s plans back in February, the percent of sites loaded over HTTPS clocked in at 69.7%. Just one year prior to that only 52.5% of sites were loaded using SSL/TLS—the encryption protocol behind HTTPS—so tremendous progress has been made.

Unfortunately, quite a few Continue reading

IDG Contributor Network: The ‘made up’ jargon of networking

Like any industry, networking has a proprietary slew of acronyms and jargon that only insiders understand. Look no further than Network World’s searchable glossary of wireless terms.Turns out, multiplexing has nothing to do with going to the movies at a place with more than one theater.I also like to think that each networker has their own favorite list of terms, ready to share at a moment’s notice during family dinners, holidays and networking events … or maybe that’s just me?To read this article in full, please click here

IDG Contributor Network: The ‘made up’ jargon of networking

Like any industry, networking has a proprietary slew of acronyms and jargon that only insiders understand. Look no further than Network World’s searchable glossary of wireless terms.Turns out, multiplexing has nothing to do with going to the movies at a place with more than one theater.I also like to think that each networker has their own favorite list of terms, ready to share at a moment’s notice during family dinners, holidays and networking events … or maybe that’s just me?To read this article in full, please click here

Techniques of a Network Detective: A New Series

Put your detective hat on your head and your Network Detective badge on your lapel.  Introducing a new blog series – Techniques of a Network Detective.  This series will focus on the detective work (troubleshooting side) of our jobs as network engineers.

For over 30 years I’ve been playing in the “world of IT”. During those years there have been a lot of changes in our world. But through all that change, there has been a thread, for me, that has always remained constant. A thread and a passion that always seemed to be with me in every job over all these years.

Troubleshooting!

Being a “Network Detective” is much the same as being a regular detective in many ways.  As a Network Detective we get put on a “case” – the “Case of the Missing Packets” maybe.  We go to the crime scene and try to find answers so we can solve the “who done it”

nd1

When a “crime” happens you need to be right there interviewing the suspects, surveying the crime scene, asking the right questions.  Trying to quickly figure out what is happening, where it is happening, and why it Continue reading

How to plan a software-defined data-center network

The data-center network is a critical component of enterprise IT’s strategy to create private and hybrid-cloud architectures. It is software that must deliver improved automation, agility, security and analytics to the data center network. It should allow for the seamless integration of enterprise-owned applications with public cloud services. Over time, leading edge software will enable the migration to intent-based data-center networks with full automation and rapid remediation of application-performance issues.To read this article in full, please click here(Insider Story)

How to plan a software-defined data-center network

The data-center network is a critical component of enterprise IT’s strategy to create private and hybrid-cloud architectures. It is software that must deliver improved automation, agility, security and analytics to the data center network. It should allow for the seamless integration of enterprise-owned applications with public cloud services. Over time, leading edge software will enable the migration to intent-based data-center networks with full automation and rapid remediation of application-performance issues.To read this article in full, please click here(Insider Story)

How to plan a software-defined data-center network

The data-center network is a critical component of enterprise IT’s strategy to create private and hybrid-cloud architectures. It is software that must deliver improved automation, agility, security and analytics to the data center network. It should allow for the seamless integration of enterprise-owned applications with public cloud services. Over time, leading edge software will enable the migration to intent-based data-center networks with full automation and rapid remediation of application-performance issues.To read this article in full, please click here(Insider Story)

More Handy CLI Tools for JSON

In late 2015 I wrote a post about a command-line tool named jq, which is used for parsing JSON data. Since that time I’ve referenced jq in a number of different blog posts (like this one). However, jq is not the only game in town for parsing JSON data at the command line. In this post, I’ll share a couple more handy CLI tools for working with JSON data.

(By the way, if you’re new to JSON, check out this post for a gentle introduction.)

JMESPath and jp

JMESPath is used by both Amazon Web Services (AWS) in their AWS CLI as well as by Microsoft in the Azure CLI. For examples of JMESPath in action, see the AWS CLI documentation on the --query functionality, which makes use of server-side JMESPath queries to reduce the amount of data returned by an AWS CLI command (as opposed to filtering on the client side).

However, you can also use JMESPath on the client-side through the jp command-line utility. As a client-side parsing tool, jp is similar in behavior to jq, but I find the JMESPath query language to be a bit easier to use than jq in Continue reading

How not to structure your database-backed web applications: a study of performance bugs in the wild

How not to structure your database-backed web applications: a study of performance bugs in the wild Yang et al., ICSE’18

This is a fascinating study of the problems people get into when using ORMs to handle persistence concerns in their web applications. The authors study real-world applications and distil a catalogue of common performance anti-patterns. There are a bunch of familiar things in the list, and a few that surprised me with the amount of difference they can make. By fixing many of the issues that they find, Yang et al., are able to quantify how many lines of code it takes to address the issue, and what performance improvement the fix delivers.

To prove our point, we manually fix 64 performance issues in [the latest versions of the applications under study] and obtain a median speed-up of 2x (and up to 39x max) with fewer than 5 lines of code change in most cases.

The Hyperloop website provides access to a tool you can use to identify and solve some of the common performance issues in your own (Rails) apps.

I’m going to skip the intro parts about what ORMs do and how a typical web app Continue reading

Lessons from nPetya one year later

This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estimating it cost them $300 million. Shipping giant Maersk and drug giant Merck suffered losses on a similar scale. Many are discussing lessons we should learn from this, but they are the wrong lessons.


An example is this quote in a recent article:
"One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains." 
This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen.

But this is wrong, at least in the case of NotPetya.

NotPetya's spread was initiated through the Ukraining company MeDoc, which provided tax accounting software. It had an auto-update process for keeping its software up-to-date. This was subverted in order to deliver the initial NotPetya Continue reading
1 1,552 1,553 1,554 1,555 1,556 3,841