Automating Compliance for Highly Regulated Industries with Docker Enterprise Edition and OSCAL

OSCAL Docker

Source: NIST.gov and C2 Labs 

Highly-regulated industries like financial services, insurance and government have their own set of complex and challenging regulatory IT requirements that must be constantly maintained. For this reason, the introduction of new technology can sometimes be difficult. Docker Enterprise Edition provides these types of organization with both a secure platform on which containers are the foundation for building compliant applications and a workflow for operational governance at scale.

The problem remains that even with the technology innovation of containers, cloud and other new tools, the area of IT compliance has remained relatively unchanged with security standards that lag far behind, creating mismatches of traditional controls to modern systems. Organizations are still dependent on the same mundane, paperwork-heavy audit and reporting processes of previous decades. The time and cost to build a PCI, FISMA or HIPAA compliant system is no small feat, even for large enterprises, due to the resources required to develop and maintain the documentation and artifacts that must be continuously audited by a third party.

To address these requirements, Docker has collaborated with the National Institute of Standards and Technology (NIST), and today, we are excited to announce that Docker is fully embracing Continue reading

Google could be getting serious about IoT with release of Android Things

Google I/O, the company's annual developer conference, grabs fewer headlines than it used to in ages past – the reveal of Google Glass was one for the record books, even the biggest Google detractor would have to admit. But Google's still planning to make some waves this year, particularly with what seems likely to be a full roll-out of Android Things 1.0, the variant Android OS designed for IoT.The idea behind Things is to provide a unified, one-size-fits-all software option for the developers of constrained devices like smart displays, kiosks and digital signage, among others. Device makers won’t be allowed to modify parts of Android Things’ code, specifically the parts that ensure Google can flash updates to all devices running the software at any time.To read this article in full, please click here

Google’s going to make some IoT news at I/O 2018

Google I/O, the company's annual developer conference, grabs fewer headlines than it used to in ages past – the reveal of Google Glass was one for the record books, even the biggest Google detractor would have to admit. But Google's still planning to make some waves this year, particularly with what seems likely to be a full roll-out of Android Things 1.0, the variant Android OS designed for IoT.The idea behind Things is to provide a unified, one-size-fits-all software option for the developers of constrained devices like smart displays, kiosks and digital signage, among others. Device makers won’t be allowed to modify parts of Android Things’ code, specifically the parts that ensure Google can flash updates to all devices running the software at any time.To read this article in full, please click here

Cisco’s Wide And Deep Embrace Of Kubernetes

As enterprises continue to spread their workloads around – keeping some in their core datacenters while placing others in either private clouds or sprinkling them among disparate public clouds – the portability, visibility and management of those applications becomes an issue. There is no standardization among public cloud providers like Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform, among others, and applications that run well in an on-premises datacenter may hit some rough patches when they migrate to the cloud. Developers also are finding challenges when moving applications into production, either in the datacenter or cloud, also

Cisco’s Wide And Deep Embrace Of Kubernetes was written by Jeffrey Burt at The Next Platform.

Hackathon at Africa Internet Summit Focuses on Time, Vehicular Communications, and Network Programmability

We are pleased to announce the 2nd Hackathon@AIS will be held in Dakar, Senegal, on 9-10 May, alongside the Africa Internet Summit. Participants from 14 countries have confirmed their participation and will work on activities centered around three main topics:

  • The Network Time Protocol (or NTP)
  • Wireless communication in vehicular environments – based on Intelligent Transportation Systems
  • Network Programmability

Working on open Internet standards involves a collaborative effort whereby individuals from different backgrounds provide input and expertise to improve the Internet. Work is focused on common objectives with set timelines. This work is mostly done by people in different geographical locations using the Internet (and online tools) to collaborate on the work. In some cases, short technical events called hackathons place experts in one physical location to work collaboratively to solve a problem or develop a new product or output in a short period of time.

Last year, the Internet Society’s African Regional Bureau, together with AFRINIC, organized a hackathon in Kenya, during the 2017 Africa Internet Summit. In Africa, work on open Internet standards development is low, with only a handful of Request For Comments (RFCs) known to have been published by experts from the region. One of Continue reading

A Secure Supply Chain for Kubernetes

With KubeCon EU happening in Copenhaguen, we looked back at the most popular posts with our readers on Docker and Kubernetes. For those of you that have yet to try Docker EE 2.0, this blog highlights how Docker EE 2.0 provides a secure supply chain for Kubernetes.


The GA release of the Docker Enterprise Edition (Docker EE) container platform last month integrates Kubernetes orchestration, running alongside Swarm, to provide a single container platform that supports both legacy and new applications running on-premises or in the cloud. For organizations that are exploring Kubernetes or deploying it in production, Docker EE offers integrated security for the entire lifecycle of a containerized application, providing an additional layer of security before the workload is deployed by Kubernetes and continuing to secure the application while it is running.

Mike Coleman previously discussed access controls for Kubernetes. This week we’ll begin discussing how Docker EE secures the Kubernetes supply chain.

What is a Software Supply Chain?

When you purchase something from a retail store, there is an entire supply chain that gets the product from raw materials to the manufacturer to you. Similarly, there is a software supply chain that takes an application from Continue reading

Automation Win: Zero-Touch Provisioning

Listening to the networking vendors it seems that zero-touch provisioning is a no-brainer … until you try to get it working in real life, and the device you want to auto-configure supports only IP address assignment via DHCP, configuration download via TFTP, and a DHCP option that points to the configuration file.

As Hans Verkerk discovered when he tried to implement zero-touch provisioning with Ansible while attending the Building Network Automation Solutions course you have to:

Read more ...

Stateless datacenter load-balancing with Beamer

Stateless datacenter load-balancing with Beamer Olteanu et al., NSDI’18

We’ve spent the last couple of days looking at datacenter network infrastructure, but we didn’t touch on the topic of load balancing. For a single TCP connection, you want all of the packets to end up at the same destination. Logically, a load balancer (a.k.a. ‘mux’) needs to keep some state somewhere to remember the mapping.

Existing load balancer solutions can load balance TCP and UDP traffic at datacenter scale at different price points. However, they all keep per-flow state; after a load balancer decides which server should handle a connection, that decision is “remembered” locally and used to handle future packets of the same connection. Keeping per-flow state should ensure that ongoing connections do not break when servers and muxes come or go…

There are two issues with keeping this state though. Firstly , it can sometimes end up incomplete or out of date (especially under periods of rapid network change, such as during scale out and scale in). Secondly, there’s only a finite amount of resource to back that state, which opens the door to denial of service attacks such as SYN flood attacks.

Beamer is Continue reading

OSPF LSA Types

Link-state advertisements (LSA) are used to communicates the router’s local routing topology to all other local routers in the same OSPF area. There are 11 types of LSAs although only the 6 most commonly used ones are described in this post.