Network professionals should think SD-Branch, not just SD-WAN

Earlier this year, fellow industry analyst Lee Doyle wrote a blog post on the software-defined branch (SD-Branch) market hitting $3 billion by 2022. Doyle defines the SD-Branch as having SD-WAN, routing, network security, and LAN/Wi-Fi functions all in one platform with integrated, centralized management. An SD-Branch can be thought of as the next step after SD-WAN, as the latter transforms the transport and the former focuses on things in the branch, such as optimizing user experience and improving security.I don’t often critique other analysts work, as their opinion is theirs and not everyone agrees. However, in this case, I don't think “all in one platform” should be a requirement. The integrated and centralized management hits the nail on the head, but the software should act as a management overlay, so even though the infrastructure isn’t a “single box,” it’s managed like it.To read this article in full, please click here

Network professionals should think SD-Branch, not just SD-WAN

Earlier this year, fellow industry analyst Lee Doyle wrote a blog post on the software-defined branch (SD-Branch) market hitting $3 billion by 2022. Doyle defines the SD-Branch as having SD-WAN, routing, network security, and LAN/Wi-Fi functions all in one platform with integrated, centralized management. An SD-Branch can be thought of as the next step after SD-WAN, as the latter transforms the transport and the former focuses on things in the branch, such as optimizing user experience and improving security.I don’t often critique other analysts work, as their opinion is theirs and not everyone agrees. However, in this case, I don't think “all in one platform” should be a requirement. The integrated and centralized management hits the nail on the head, but the software should act as a management overlay, so even though the infrastructure isn’t a “single box,” it’s managed like it.To read this article in full, please click here

An Introduction to Windows Security with Ansible

Ansible-Get-Started-Windows-1-2

Welcome to another installment of our Windows-centric Getting Started Series! In the prior posts we talked about connecting to Windows machines, gave a brief introduction on using Ansible with Active Directory, and discussed package management options on Windows with Ansible. In this post we’ll talk a little about applying security methodologies and practices in relation to our original topics.


The Triad

In order to discuss security issues in relation to Ansible and Windows, we’ll be applying concepts from the popular CIA Triad: Confidentiality, Integrity, and Availability. 

Triad-Diagram

Confidentiality is pretty self-evident — protecting confidentiality helps restrict private data to only authorized users and helps to prevent non-authorized ones from seeing it. The way this is accomplished involves several techniques such as authentication, authorization, and encryption. When working with Windows, this means making sure the hosts know all of the necessary identities, that each user is appropriately verified, and that the data is protected (by, for example, encryption) so that it can only be accessed by authorized parties.

Integrity is about making sure that the data is not tampered with or damaged so that it is unusable. When you’re sending data across a network you want to make sure that it arrives Continue reading

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

Upcoming Webinars and Events: Autumn 2018

On Tuesday I had the last webinar in spring 2018. One more online course session and it will be time for long summer break. In the meantime, we’re already planning the autumn events:

We also have the first webinars scheduled:

You can attend all these webinars with an ipSpace.net webinar subscription.

Generalized data structure synthesis

Generalized data structure synthesis Loncaric et al., ICSE’18

Many systems have a few key data structures at their heart. Finding correct and efficient implementations for these data structures is not always easy. Today’s paper introduces Cozy (https://cozy.uwplse.org), which can handle this task for you given a high-level specification of the state, queries, and update operations that need to be supported.

Cozy has three goals: to reduce programmer effort, to produce bug-free code, and to match the performance of handwritten code. We found that using Cozy requires an order of magnitude fewer lines of code than manual implementation, makes no mistakes even when human programmers do, and often matches the performance of handwritten code.

Let’s start out by looking at four case studies from the evaluation, to get a feel for where Cozy applies.

  • ZTopo is a topological map viewer implemented in C++. A core data structure is the map tile cache for map tiles that are asynchronously loaded over the network and cached on disk or in memory.
  • Sat4j is a Boolean sat solver implemented in Java. A core data structure is the variable store.
  • Openfire is a large scalable IRC server implemented in Java. Continue reading

Create a nested virtual machine in a Microsoft Azure Linux VM

Microsoft Azure unofficially supports nested virtualization using KVM on Linux virtual machines, which makes it possible to build network emulation scenarios in the cloud using the same technologies you would use if you were using your own PC or a local server.

In this post, I will show you how to set up a Linux virtual machine in Microsoft Azure and then create a nested virtual machine inside the Azure virtual machine. This is a simple example, but you may use the same procedure as a starting point to create more complex network emulation scenarios using nested virtualization.

Prerequisites

To follow this tutorial, you need an Azure account. Microsoft offers a free-trial period that provides up to $300 in credits for up to 30 days. Creating a free trial account is easy: follow the instructions at: https://azure.microsoft.com/free.

If you have not used MS Azure before, I recommend the free training offered on their web site. The first course you should take is the beginner-level Azure Administrator course, which demonstrates all the basic topics you will need to understands when managing virtual machines in Azure.

In this tutorial, I will use the Azure CLI to create and manage Continue reading

Serverless SDN – Network Engineering Analysis of Appswitch

Virtual networking has been one of the hottest areas of research and development in recent years. Kubernetes alone has, at the time of writing, 20 different networking plugins, some of which can be combined to build even more plugins. However, if we dig a bit deeper, most of these plugins and solutions are built out of two very simple constructs:

  • a virtual switch - anything from a linux bridge through VPP and IOVisor to OVS
  • ACL/NAT - most commonly implemented as iptables, with anything from netfilter to eBPF under the hood

Note1: for the purpose of this article I won’t consider service meshes as a network solution, although it clearly is one, simply because it operates higher than TCP/IP and ultimately still requires network plumbing to be in place

If those look familiar, you’re not mistaken, they are the same exact things that were used to connect VMs together and enforce network security policies at the dawn of SDN era almost a decade ago. Although some of these technologies have gone a long way in both features and performance, they still treat containers the same way they treated VMs. There are a few exceptions that don’t involve the above Continue reading

Argo Tunnels: Spread the Load

Argo Tunnels: Spread the Load

We recently announced Argo Tunnel which allows you to deploy your applications anywhere, even if your webserver is sitting behind a NAT or firewall. Now, with support for load balancing, you can spread the traffic across your tunnels.

A Quick Argo Tunnel Recap

Argo Tunnel allows you to expose your web server to the internet without having to open routes in your firewall or setup dedicated routes. Your servers stay safe inside your infrastructure. All you need to do is install cloudflared (our open source agent) and point it to your server. cloudflared will establish secure connections to our global network and securely forward requests to your service. Since cloudflared initializes the connection, you don't need to open a hole in your firewall or create a complex routing policy. Think of it as a lightweight GRE tunnel from Cloudflare to your server.

Tunnels and Load Balancers

Argo Tunnels: Spread the LoadCC BY-NC-ND 2.0 image by Carey Lyons

If you are running a simple service as a proof of concept or for local development, a single Argo Tunnel can be enough. For real-world deployments though, you almost always want multiple instances of your service running on seperate machines, availability zones, or even countries. Cloudflare’s Continue reading

Working Together with APNIC on Routing Security and MANRS in Asia Pacific

The Internet Society and APNIC signed a Memorandum of Understanding (MoU) to cooperate in supporting the MANRS initiative in the Asia Pacific Region. Paul Wilson (APNIC) and Rajnesh Singh (ISOC) signed the MoU in Brisbane, Australia on 13 June 2018.

It’s an exciting moment for everyone who believes that Internet routing security issues can be resolved through collaboration, providing limitless opportunities for good. The MoU formalises the existing long-term relationship between the two organizations to have a global, open, stable and secure Internet.

The MoU focuses on capacity building to undertake initiatives and activities to promote awareness of MANRS in the Asia-Pacific region, to cooperate and render mutual assistance, and to encourage the attendance of APNIC members to meetings, seminars, workshops and/or conferences on routing security.

Both organizations have agreed to exchange research information and training materials (whether printed, audio or visual) related to routing security in general. APNIC has a proven record of delivering hands-on and online quality training and providing analytical research data.

We look forward to welcoming more MANRS members from the Asia Pacific region, and working together with APNIC to improve routing security around the world.

The post Working Together with APNIC on Routing Security and Continue reading

HPE puts enterprise software applications at the edge network

CIOs, network administrators and data-center managers who see a need to run full-fledged, unmodified enterprise software at the edge of their networks, on factory floors and oil rigs, now have an opportunity to do so.HPE is certifying complete enterprise software stacks for its EdgeLine converged infrastructure devices, allowing enterprises to run the exact same applications in the data center, in the cloud or at the network edge.[ Check out AI boosts data-center availability, efficiency. Also learn what hyperconvergence is and whether you’re ready for hyperconverged storage. | For regularly scheduled insights sign up for Network World newsletters. ] The certifications will cover software from vendors including Microsoft, SAP, PTC, SparkCognition and Citrix to run on its EdgeLine EL 1000 and EdgeLine EL4000 systems, the company said Wednesday at its Discover conference in Las Vegas.To read this article in full, please click here

1 1,561 1,562 1,563 1,564 1,565 3,841