Two-Factor Authentication with VMware NSX-T

In a previous post, I covered how to integrate NSX-T with VMware Identity Manager (vIDM) to achieve remote user authentication and role-based access control (RBAC) for users registered with a corporate Active Directory (AD) http://blogs.vmware.com/networkvirtualization/2017/11/remote-user-auth…-rbac-with-nsx-t.html/

 

On this post, I’m showing how add two-factor authentication (2FA) for NSX-T administrators/operators on top of that existing integration. Two-factor authentication is a mechanism that checks username and password as usual, but adds an additional security control before users are authenticated. It is a particular deployment of a more generic approach known as Multi-Factor Authentication (MFA).

Throughout this post, I’m providing step-by-step guidance on how to use VMware Verify as that second authentication. I will also highlight what would be different if using third party mechanisms. At the end of the post, you will find a demo showing how to do the configuration and how users authenticate once 2FA is enabled.

 

What is VMware Verify? Let me quote what my colleague Vikas Jain wrote on this post: “VMware Verify uses modern mobile push tokens, where users get a push notification on their mobile device that they can simply accept or deny. When the user’s device does not have cellular reception, Continue reading

Cisco boosts IoT access control, management

Cisco has rolled out software tools for helping customers control access and more easily manage the burgeoning amount of enterprise IoT devices in their networks. The company has also begun filling out its Catalyst 9000 line of intent-based networking (IBN) switches with new boxes aimed at customers wanting 100G/sec and 25G/sec network migration options.[ For more on IoT see tips for securing IoT on your network, our list of the most powerful internet of things companies and learn about the industrial internet of things. | Get regularly scheduled insights by signing up for Network World newsletters. ] IoT access control, security, management The need for much better enterprise IoT access control is obvious, Cisco says: According to its Midyear Cybersecurity Report for 2017 most companies are not aware of what IoT devices are connected to their network.To read this article in full, please click here

Cisco boosts IoT access control, management

Cisco has rolled out software tools for helping customers control access and more easily manage the burgeoning amount of enterprise IoT devices in their networks. The company has also begun filling out its Catalyst 9000 line of intent-based networking (IBN) switches with new boxes aimed at customers wanting 100G/sec and 25G/sec network migration options.[ For more on IoT see tips for securing IoT on your network, our list of the most powerful internet of things companies and learn about the industrial internet of things. | Get regularly scheduled insights by signing up for Network World newsletters. ] IoT access control, security, management The need for much better enterprise IoT access control is obvious, Cisco says: According to its Midyear Cybersecurity Report for 2017 most companies are not aware of what IoT devices are connected to their network.To read this article in full, please click here

OSPF Topology Transparent Zones

Anyone who has worked with OSPF for any length of time has at least heard of areas—but perhaps before diving into Topology Transparent Zones (TTZs), a short review is in order.

In this diagram, routers A and B are in area 0, routers C and D are Area Border Routers (ABRs), and routers E, F, G, H, and K are all in area 1. The ABRs, C and D, do not advertise the existence of E, F, G, H, or K to the routers in area 0, nor the links to or between any of those routers. Any reachable destinations in area 1 are advertised using a em>summary LSA, or a type 3 LSA, towards A and B. From the perspective of A and B, 100::/64 and 101::/64 would be advertised by C and D as directly connected destinations, using the cost from C and D to each of these two destinations, based on a summary LSA.

What if you wanted to place H and K in their own area, with G as an ABR, behind the existing area 1? You cannot do this in OSPF using any form of a standard flooding domain, or area. There is no way Continue reading

Docker Inevitably Embraces Kubernetes Container Orchestration

Sometimes you can beat them, and sometimes you can join them. If you are Docker, the commercial entity behind the Docker container runtime and a stack of enterprise-class software that wraps around it, and you are facing the rising popularity of the Kubernetes container orchestrator open sourced by Google, you can do both. And so, even though it has its own Swarm orchestration layer, Docker is embracing Kubernetes as a peer to Swarm in its own stack.

This is not an either/or proposition, and in fact, the way that the company has integrated Kubernetes inside of Docker Enterprise Edition, the

Docker Inevitably Embraces Kubernetes Container Orchestration was written by Timothy Prickett Morgan at The Next Platform.

BrandPost: Is Your IT Environment a Barrier to the Cloud?

The promise of cloud services as the means of delivering applications and services is quite attractive. However, in the rush to adopt cloud services, a few myths have been created that can lead to bad decisions and botched implementations. One myth that has created more problems than most is the belief that, by using the cloud, a company doesn’t have to worry about its on-premises IT infrastructure or the support systems for it.The assertion that cloud service providers “handle everything” is not really true. They provide access to the services as long as your equipment can get you to their data center. While this may reduce the load on your servers and potentially your storage hardware, in many instances using the cloud creates a need for new networking hardware to support much higher wide-area network (WAN) utilization both in terms of number of users and the amount of data traffic. When companies want to use multiple network carriers for cost, reliability, and performance issues, the result may be more network hardware than initially expected.To read this article in full, please click here

Space Invaders – Consumer Grade IoT in the Enterprise

I used to love the old Space Invaders arcade game – waves of enemy attackers came in faster and faster while you tried to defend your base. With experience you could learn their tactics and get pretty adept at stopping them. For today’s enterprise IT staff, consumer-grade IoT devices must certainly feel like those space invaders of old.

There’s good news and bad news about these new creatures in the enterprise. The good news is that they don’t start with mal-intent and can be profiled well enough to confine their activity. The bad news is that they’re coming in waves, often slipping under the radar, and the consequences can be much bigger than getting blasted and placing a few more quarters in the slot.

To help enterprise IT staff deal with this new wave we released “The Enterprise IoT Security Checklist: Best Practices for Securing Consumer-Grade IoT in the Enterprise” today, outlining best practices for securing consumer-grade IoT in the enterprise. The Checklist includes ten actions, based roughly in chronological order from purchase, through installation, to ongoing support, meant to raise awareness of the common vulnerabilities presented by these devices and how to address them.

Many of these Continue reading

How to do math on the Linux command line

Can you do math on the Linux command line? You sure can! In fact, there are quite a few commands that can make the process easy and some you might even find interesting. Let's look at some very useful commands and syntax for command line math.expr First and probably the most obvious and commonly used command for performing mathematical calculations on the command line is the expr (expression) command. It can manage addition, subtraction, division, and multiplication. It can also be used to compare numbers. Here are some examples:Incrementing a variable $ count=0 $ count=`expr $count + 1` $ echo $count 1 Performing a simple calculations $ expr 11 + 123 134 $ expr 134 / 11 12 $ expr 134 - 11 123 $ expr 11 * 123 expr: syntax error <== oops! $ expr 11 \* 123 1353 $ expr 20 % 3 2 Notice that you have to use a \ character in front of * to avoid the syntax error. The % operator is for modulo calculations.To read this article in full, please click here

BrandPost: Adaptive Network Webinar Series

Check out our webinar series – hear from industry analysts to learn about the Adaptive Network and gain insights on network transformation at the speed of business.Live Webinar: Harness the Power of Automation through Intent-Based Policy Date / Time: Tuesday, April 17, 2018, 11:00 a.m. New York/ 4:00 p.m. LondonOverview:Network providers are struggling to keep pace with escalating demand. Rapid traffic increases and the threat of network performance failures have put a premium on automation. But it's important for providers to maintain control of their networks as they automate. How can an automation platform help remove obstacles and still give the control providers need to accelerate the business?To read this article in full, please click here

1 1,650 1,651 1,652 1,653 1,654 3,849