IETF 101, Day 3: TLS & DPRIVE is no Diet Coke

This week is IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. There’s plenty of variety on Wednesday, following the themes of Trust and Identity, IPv6 and the Internet-of-Things.

TLS has its second session of the week starting at 09.30 GMT/UTC, and will be focused on the big development of the TLS 1.3 specification being approved by the IESG. Some further work is required, but there are a number of TLS 1.3 related drafts up for discussion.

These include Datagram Transport Layer SecurityDTLS Connection Identifer,  Exported authenticators in TLSDANE Record and DNSSEC Authentication Chain Extension for TLS, TLS Certificate compression, SNI Encryption in Tunnelling via TLS, and Semi-static DH Key Establishment in TLS 1.3.

NOTE: If you are unable to attend IETF 101 in person, there are multiple ways to participate remotely.

Running in parallel is LPWAN which is working on enabling IPv6 connectivity with very low wireless transmission rates between battery-powered devices spread across multiple kilometres. There’s a draft providing an overview of the set of LPWAN technologies under consideration by the IETF Continue reading

Cloudflare Global Network Spans 137 Cities: Launching Durban and Port Louis Data Centers

Cloudflare Global Network Spans 137 Cities: Launching Durban and Port Louis Data Centers

Cloudflare Global Network Spans 137 Cities: Launching Durban and Port Louis Data Centers

Our newest data centers in Durban (South Africa) and Port Louis (Mauritius) expand the Cloudflare network to 137 cities globally. We are delighted to reach this special milestone, and even more excited to help improve the performance and security of over 7 million Internet properties (and growing!) across 69 countries.

Just in March, so far, we've launched new data centers across Beirut, Phnom Penh, Kathmandu, Istanbul, Reykjavík, Riyadh, Macau, Baghdad, Houston, Indianapolis, Montgomery, Pittsburgh, Sacramento, Mexico City and Tel Aviv!

Growing Africa network

Just three years (and about 100 cities ago!), we launched our very first Africa deployment in Johannesburg (South Africa). It was an exciting day for members of our team to facilitate an especially substantial latency improvement for our customers.

Since then, we’ve turned up additional deployments in Cairo (Egypt), Cape Town (South Africa), Djibouti (Djibouti), Luanda (Angola), and Mombasa (Kenya).

Durban is our third deployment in South Africa, where mobile adoption continues to drive traffic growth amongst 20 million Internet users. Other countries with three (or more) Cloudflare data centers are Australia, Canada, China, Germany and United States (with two European states joining this list very Continue reading

Security for Public Clouds (AWS) with vRealize Network Insight

Enterprise IT needs visibility into the network and security status of their workloads, whether hosted on premises, or within AWS. While many AWS workloads are sandboxes for application development teams (DevOps), it is important to analyze these workloads. Increasingly, public cloud workloads are also fulfilling mission-critical production needs for many organizations. Enterprise IT must be ready to determine the best location, security posture, and bandwidth allocation when deploying workloads. Having traffic pattern details as well as security analysis and recommendations readily available, helps organizations make the ideal hosting decisions to meet their business needs.

vRealize Network Insight (vRNI) Supports Amazon Web Services (AWS) Public Cloud. The vRNI traffic monitoring features provide visibility into native AWS constructs such as Virtual Private Clouds, VMs, Security Groups, firewall rules, and tags. vRNI also analyzes AWS traffic flows to provide security and micro-segmentation views of cloud workloads. This means you’ll be able to plan micro-segmentation and understand traffic patterns using data collected from your AWS instances.

 

Let’s review a simple Amazon Web Services (AWS) VPC setup to articulate the value vRealize Network Insight can offer from a Day 1 Day 2 perspective.

  1. We have an on-premise instance of vRealize Network Insight managing AWS.
  2. Continue reading

Video Series: Modernizing Java Apps for Developers Part 2

Java apps

Moving a monolithic application to a modern cloud architecture can be difficult and often results in a greenfield development effort. However, it is possible to move towards a cloud architecture using Docker Enterprise Edition with no code changes and gain portability, security and efficiency in the process.

 Java apps

In the first post in this series, we discussed how you don’t need to do a full re-architecture of your application to microservices when using Docker Enterprise Edition.

In the second installment of the series, I go into the details of containerization of the application. This process builds containers using the application code as-is. I’ll follow three simple rules:

  1. Keep the existing architecture
  2. Keep the save version of the OS, components and application
  3. Keep deployment simple, i.e. static not elastic

I’ll also demonstrate how to use multi-stage build file to compile the code and deploy it to application server container such as Tomcat. It also shows how to deploy the application and database using a Docker Compose file.

Video Series: Modernizing @Java Apps for #Developers with #docker EE
Click To Tweet

To learn more about Docker solutions for Developers:

Singularity Containers for HPC & Deep Learning

Containerization as a concept of isolating application processes while sharing the same operating system (OS) kernel has been around since the beginning of this century. It started its journey from as early as Jails from the FreeBSD era. Jails heavily leveraged the chroot environment but expanded capabilities to include a virtualized path to other system attributes such as storage, interconnects and users. Solaris Zones and AIX Workload Partitions also fall into a similar category.

Since then, the advent and advancement in technologies such as cgroups, systemd and user-namespaces greatly improved the security and isolation of containers when compared to their

Singularity Containers for HPC & Deep Learning was written by Nicole Hemsoth at The Next Platform.

Side Channel Attacks in the Wild: The Smart Home

Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren’t familiar with the concept, it might be worth watching that video (a little over 4 minutes) before reading this post.

Side channel attacks are more common, and more dangerous, than many engineers understand. In this post, I’ll take a look at a 2017 research paper that builds and exploits a side channel attack against several smart home devices to see how such a side channel attack plays out. They begin their test with a series of devices, including a children’s sleep monitor, a pair of security cameras, a pair of smart power plugs, and a voice based home assistant.

The attack itself takes place in two steps. The first is to correlate individual traffic flows with a particular device (where a traffic flow is a 5 tuple. The researchers did this in three different ways. First, they observed the MAC address of each device talking on the network, comparing the first three octets of this address to a list of known manufacturers. Most home device manufacturers use a Continue reading

Argonne Hints at Future Architecture of Aurora Exascale System

There are two supercomputers named “Aurora” that are affiliated with Argonne National Laboratory – the one that was supposed to be built this year and the one that for a short time last year was known as “A21,” that will be built in 2021, and that will be the first exascale system built in the United States.

Details have just emerged on the second, and now only important, Aurora system, thanks to Argonne opening up proposals for the early science program that lets researchers put code on the supercomputer for three months before it starts its production work. The proposal

Argonne Hints at Future Architecture of Aurora Exascale System was written by Timothy Prickett Morgan at The Next Platform.

Ferghana Valley IXP – Reducing the Digital Gap in Central Asia

The Internet Society Kyrgyzstan Chapter is implementing one of its first major projects supported by Beyond the Net Funding Programme. The aim of the Ferghana Valley Internet Exchange Point (FVIXP) project is to establish an IXP in the city of Osh in the south of Kyrgyzstan and to bring more affordable Internet for the residents of Ferghana Valley.

Ferghana Valley is located on the crossroads of three countries – Kyrgyzstan, Uzbekistan, and Tajikistan –  and is the most populated area in Central Asia with over 14 million residents. Historically, this area has been a source of regional interethnic tensions due to water irrigation and land disputes, poverty and lack of access to communication services.

Internet prices for end users in Ferghana Valley are higher than in other districts of Kyrgyzstan. Residents in the southern cities pay five times more for the same bandwidth than their countrymen in the capital city Bishkek located in the north of Kyrgyzstan. Users in the neighboring countries of Tajikistan and Uzbekistan face even higher prices due to very limited options for international connectivity and to challenging domestic market conditions.

With this project, the Kyrgyzstan Chapter hopes to increase regional cross-border collaboration between stakeholders and communication Continue reading

The Week in Internet News: Quantum Computing vs. Encryption

RIP encryption? Quantum computers, cutting-edge machines that promise to be much more powerful than binary PCs, could eventually defeat current encryption schemes, said Jason Matheny, director of the U.S. Intelligence Advanced Research Projects Activity. The agency is looking for new encryption standards that could stay ahead of quantum computers, he told Federal News Radio.

Taking fake news by surprise: During the SXSW conference, YouTube CEO Susan Wojcicki announced plans to add Wikipedia text to videos the service determines to be conspiracy related. YouTube didn’t notify Wikipedia of its proposal to fight fake news and conspiracy theories, however, reports The Verge. While the Wikimedia Foundation doesn’t require notice or a licensing deal for other organizations to use its content, it suggested companies that repurpose its articles contribute to the service in the “spirit of sustainability.” Vanity Fair called the YouTube announcement a “Band-Aid” for a much larger problem.

Blockchain the vote: Sierra Leone has used Blockchain technology to assist with a nationwide election this month, according to a story in Quartz. In the country’s most populous district, Swiss foundation Agora offered digital voting services using a permissioned Blockchain. The goal was more system transparency by recording each vote using Continue reading

BrandPost: Being a Catalyst of Industry Change

Ciena’s Blue Planet team have won numerous accolades during this past year’s networking industry’s award season. I’m pleased to share the news about another recent award, won alongside our partner DGIT Systems, that recognizes the business impact our combined work is having on service providers’ business and operational agility. Ciena We earned our latest recognition from the TM Forum at the organization’s TM Forum Live! Asia event held in Singapore this past December. There, the Ciena Blue Planet team and DGIT were awarded Outstanding Catalyst for Business Impact for a collaborative proof-of-concept titled “Partnering Platforms for MEF Services.” The Catalyst demonstration, which was championed by Telstra, Vodafone Group and Orange, showcased the use of open APIs to automate the activation of inter-carrier Ethernet services.To read this article in full, please click here

1 1,637 1,638 1,639 1,640 1,641 3,794