The Network Times 2023-08-27 09:59:00

Available at Leanpub and Amazon

About This Book

A modern application typically comprises several modules, each assigned specific roles and responsibilities within the system. Application architecture governs the interactions and communications between these modules and users. One prevalent architecture is the three-tier architecture, encompassing the Presentation, Application, and Data tiers. This book explains how you can build a secure and scalable networking environment for your applications running in Microsoft Azure. Besides a basic introduction to Microsoft Azure, the book explains various solutions for Virtual Machines Internet Access, connectivity, security, and scalability perspectives.

Azure Basics: You will learn the hierarchy of Microsoft Azure datacenters, i.e., how a group of physical datacenters forms an Availability Zone within the Azure Region. Besides, you learn how to create a Virtual Network (VNet), divide it into subnets, and deploy Virtual Machines (VM). You will also learn how the subnet in Azure differs from the subnet in traditional networks.

Internet Access: Depending on the role of the application, VMs have different Internet access requirements. Typically, front-end VMs in the presentation tier/DMZ are visible on the Internet, allowing external hosts to initiate connections. VMs in the Application and Data tiers are rarely accessible from Continue reading

Case Study: NGINX + Certbot with Ansible

About this series

In the distant past (to be precise, in November of 2009) I wrote a little piece of automation together with my buddy Paul, called PaPHosting. The goal was to be able to configure common attributes like servername, config files, webserver and DNS configs in a consistent way, tracked in Subversion. By the way despite this project deriving its name from the first two authors, our mutual buddy Jeroen also started using it, and has written lots of additional cool stuff in the repo, as well as helped to move from Subversion to Git a few years ago.

Michael DeHaan [ref] founded Ansible in 2012, and by then our little PaPHosting project, which was written as a set of bash scripts, had sufficiently solved our automation needs. But, as is the case with most home-grown systems, over time I kept on seeing more and more interesting features and integrations emerge, solid documentation, large user group, and eventually I had to reconsider our 1.5K LOC of Bash and ~16.5K files under maintenance, and in the end, I settled on Ansible.

commit c986260040df5a9bf24bef6bfc28e1f3fa4392ed
Author: Pim van Pelt <[email protected]>
Date:   Thu Nov 26 23:13:21 2009 +0000

 Continue reading

Choosing the Underlay Protocol in a VXLAN Network

When building a VXLAN network, what are the considerations for choosing the underlay protocol such as OSPF, IS-IS, or BGP? You obviously want the design to be supported by your vendor of choice. Your staff should also be able to support the design. Although I think it’s reasonable to expect from a Network Engineer that they have some level of knowledge in OSPF and BGP and that this should not be the main deciding factor. Let’s dive into the different protocols and walk through their characteristics and how they can be used as underlay protocols in a VXLAN network. I will compare OSPF to BGP as ISIS basically provides all the benefits of OSPF with some additional ones, but with less support from vendors, and it’s a protocol less known by most Engineers.

OSPF

Protocol overview – OSPF is a link state protocol that builds a Link State Database (LSDB) and runs the Shortest Path First (SPF) algorithm based on Dijkstra’s work to calculate the shortest path. It relies on flooding Link State Advertisements (LSAs). All routers in an area need an identical LSDB.

Ajacencies and transmitting protocol packets – OSPF transmits packets over IP in IP protocol 89. It Continue reading

Weekend Reads 082623

This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks.

Dig Security, the cloud data security leader, today released findings from its first-ever “State of Cloud Data Security 2023 Report.” The analysis of more than 13 billion files stored in public cloud environments reveals how – and why – sensitive data is at risk in the modern enterprise.

Dr. Read Schuchardt, professor of communications at Wheaton College (IL), identifies five primary ways digital technology can erode our lives and relationships, or produce what he calls “vices of the virtual life”

In the name of taking the global cybersecurity lead and protecting EU citizens, it seeks to impose dozens of onerous, if not impossible, conformance requirements on all “products with digital elements” and associated obligations on every “manufacturer, importer, or distributor.”

Given the exuberance surrounding machine learning (ML) and deep learning (DL) in particular, the claims I will make in this short article will be quite controversial, to say the least.

We all know there are many skilled cyber attackers out there, professionals with the technical know-how to manipulate and exploit Continue reading

SEC To CEOs: Report Your Breaches

The SEC now requires publicly traded companies to report "material" security incidents. But what does "material" mean and how might this new requirement affect infosec practices at these companies?

The post SEC To CEOs: Report Your Breaches appeared first on Packet Pushers.

Networking Is Fast Enough

Without looking up the specs, can you tell me the PHY differences between Gigabit Ethernet and 10GbE? How about 40GbE and 800GbE? Other than the numbers being different do you know how things change? Do you honestly care? Likewise for Wi-Fi 6, 6E, and 7. Can you tell me how the spectrum changes affect you or why the QAM changes are so important? Or do you want those technologies simply because the numbers are bigger?

The more time I spend in the networking space the more I realize that we’ve come to a comfortable point with our technology. You could call it a wall but that provides negative connotations to things. Most of our end-user Ethernet connectivity is gigabit. Sure, there are the occasional 10GbE cards for desktop workstations that do lots of heavy lifting for video editing or more specialized workflows like medical imaging. The rest of the world has old fashioned 1000Mb connections based on 802.3z ratified in 1998.

Wireless is similar. You’re probably running on a Wi-Fi 5 (802.11ac) or Wi-Fi 6 (802.11ax) access point right now. If you’re running on 11ac you might even be connected using Wi-Fi 4 (802.11n) if you’re Continue reading

Heavy Networking 696: EVPN Fundamentals (And Some VXLAN) With Tony Bourke

Heavy Networking 696: EVPN Fundamentals (And Some VXLAN) With Tony Bourke

EVPN/VXLAN is our topic on today's Heavy Networking. What is it? What’s it for? Should you deploy it? Since you’ve probably already got a network, how do you add EVPN to it? Do you need special hardware? How does EVPN impact your security design? And what are the fundamentals? Our guest with the answers is IT instructor Tony Bourke.

The post Heavy Networking 696: EVPN Fundamentals (And Some VXLAN) With Tony Bourke appeared first on Packet Pushers.

Everybody Tries To Leverage VMware To Their Advantage

Our choice of words in founding this publication nearly a decade ago were no accident. …

The post Everybody Tries To Leverage VMware To Their Advantage first appeared on The Next Platform.

Everybody Tries To Leverage VMware To Their Advantage was written by Timothy Prickett Morgan at The Next Platform.

Generative AI dominates VMware Explore news

There were some cloud announcements this week at VMware Explore in Las Vegas, but AI was the star, as it has been at nearly every tech company lately. Vendors have been rushing to add generative AI to their platforms, and VMware is no exception.The biggest AI features to emerge from the conference – VMware Private AI Foundation and Intelligent Assist – won't be fully available for months. VMware Private AI Foundation is a joint development with Nvidia that will enable enterprises to customize models and run generative AI applications on their own infrastructure. Intelligent Assist is a family of generative AI-based solutions trained on VMware’s proprietary data to automate IT tasks.To read this article in full, please click here

Generative AI dominates VMware Explore news

There were some cloud announcements this week at VMware Explore in Las Vegas, but AI was the star, as it has been at nearly every tech company lately. Vendors have been rushing to add generative AI to their platforms, and VMware is no exception.The biggest AI features to emerge from the conference – VMware Private AI Foundation and Intelligent Assist – won't be fully available for months. VMware Private AI Foundation is a joint development with Nvidia that will enable enterprises to customize models and run generative AI applications on their own infrastructure. Intelligent Assist is a family of generative AI-based solutions trained on VMware’s proprietary data to automate IT tasks.To read this article in full, please click here

What shortage? Nvidia blows past expectations in second quarter

Nvidia exceeded all expectations for its second fiscal quarter of 2024 with revenue of $13.51 billion, a 101% jump from the same quarter last year. Net income came in at $6.74 billion, or $2.48 per diluted share, which is up 854% from a year ago and up 202% from the previous quarter.Analysts had expected revenue to come in at $11.04 billion with earnings per share totaling $2.07, according to data from Bloomberg.And it’s all thanks for enterprise sales. Last quarter, enterprise sales accounted for 60% of total revenue. This quarter, $10.3 billion of the $13.5 billion in total revenue – 76% – came from data center sales.“A new computing era has begun. Companies worldwide are transitioning from general-purpose to accelerated computing and generative AI,” said Jensen Huang, founder and CEO of Nvidia, in a statement. “Nvidia GPUs connected by our Mellanox networking and switch technologies and running our CUDA AI software stack make up the computing infrastructure of generative AI.”To read this article in full, please click here

What shortage? Nvidia blows past expectations in second quarter

Nvidia exceeded all expectations for its second fiscal quarter of 2024 with revenue of $13.51 billion, a 101% jump from the same quarter last year. Net income came in at $6.74 billion, or $2.48 per diluted share, which is up 854% from a year ago and up 202% from the previous quarter.Analysts had expected revenue to come in at $11.04 billion with earnings per share totaling $2.07, according to data from Bloomberg.And it’s all thanks for enterprise sales. Last quarter, enterprise sales accounted for 60% of total revenue. This quarter, $10.3 billion of the $13.5 billion in total revenue – 76% – came from data center sales.“A new computing era has begun. Companies worldwide are transitioning from general-purpose to accelerated computing and generative AI,” said Jensen Huang, founder and CEO of Nvidia, in a statement. “Nvidia GPUs connected by our Mellanox networking and switch technologies and running our CUDA AI software stack make up the computing infrastructure of generative AI.”To read this article in full, please click here

AMD, Cisco, and Others Team on Ethernet for AI and HPC

Cornelis Unveils Ambitious Omni-Path Interconnect Roadmap

As we are fond of pointing out, when it comes to high performance, low latency InfiniBand-style networks, Nvidia is not the only choice in town and has not been since the advent of InfiniBand interconnects back in the late 1990s. …

The post Cornelis Unveils Ambitious Omni-Path Interconnect Roadmap first appeared on The Next Platform.

Cornelis Unveils Ambitious Omni-Path Interconnect Roadmap was written by Timothy Prickett Morgan at The Next Platform.

Hedge 192: Addiction Recovery

Addiction and addiction recovery are not a “normal” Hedge topic, but addiction afflicts many people in Information Technology. We’re all “hard driven” types, who feel failure keenly, and we tend to spend more time working than is probably healthy for us. Brett Lovins has been through addiction and recovery, and joins Tom Ammon, Russ White, and Eyvonne Sharp to talk about this high impact topic.

download

IP Address Consolidation: Mitigating Risk and Revealing Hidden Assets

IPv6 Buzz 133: Getting Familiar With IPv6 Multicast

IPv6 Buzz 133: Getting Familiar With IPv6 Multicast

In this episode, Ed, Scott, and Tom discuss IPv6 multicast, what it is, how it differs (and doesn't) from its IPv4 counterpart, and how it's used in production.

The post IPv6 Buzz 133: Getting Familiar With IPv6 Multicast appeared first on Packet Pushers.

Cisco, Kyndryl step up partnership to cut enterprise security threats

Cisco and Kyndryl have expanded their partnership to offer new services that are aimed at helping enterprise customers better detect and respond to cyber threats.Specifically, Kyndryl will be integrating its own cyber resiliency offering with Cisco’s overarching Security Cloud platform that includes security components such as Cisco’s Duo access control, extended detection and response features, and Multicloud Defense, which orchestrates security and policy across private and public clouds.Security Cloud operates as a layer on top of the infrastructure across a customer’s cloud services – including Azure, AWS, GCP and private data-center clouds – to protect core applications, Cisco said. It features a unified dashboard, support for flexible trust policies, and open APIs to encourage third-party integrators. By correlating data and employing artificial intelligence and machine learning, Cisco Security Cloud can detect and remediate threats quickly throughout an organization, Cisco says.To read this article in full, please click here