Introducing Cloudflare Access: Like BeyondCorp, But You Don’t Have To Be A Google Employee To Use It

Introducing Cloudflare Access: Like BeyondCorp, But You Don’t Have To Be A Google Employee To Use It

Tell me if this sounds familiar: any connection from inside the corporate network is trusted and any connection from the outside is not. This is the security strategy used by most enterprises today. The problem is that once the firewall, or gateway, or VPN server creating this perimeter is breached, the attacker gets immediate, easy and trusted access to everything.

Introducing Cloudflare Access: Like BeyondCorp, But You Don’t Have To Be A Google Employee To Use It CC BY-SA 2.0 image by William Warby

There’s a second problem with the traditional security perimeter model. It either requires employees to be on the corporate network (i.e. physically in the office) or using a VPN, which slows down work because every page load makes extra round trips to the VPN server. After all this hassle, users on the VPN are still highly susceptible to phishing, man-in-the-middle and SQL injection attacks.

A few years ago, Google pioneered a solution for their own employees called BeyondCorp. Instead of keeping their internal applications on the intranet, they made them accessible on the internet. There became no concept of in or outside the network. The network wasn’t some fortified citadel, everything was on the internet, and no connections were trusted. Everyone had to prove they are who they say they are.

Continue reading

Server vendors push flex pricing to challenge cloud providers

For some time now, server unit sales have been steadily dropping for the major x86 server vendors as enterprises draw down their on-premises hardware in favor of cloud services.The response from the hardware vendors is if you can’t beat ‘em, clone ‘em. Vendors are adopting a pay-as-you-go model not unlike that of a cloud provider, where you pay for how much compute time you use and hand back the hardware when you are done rather than buying it outright.+Check out our review of rack servers from  HP, Dell and IBM and tips on calculating the true cost of cloud migration+To read this article in full, please click here

Server vendors push flex pricing to challenge cloud providers

For some time now, server unit sales have been steadily dropping for the major x86 server vendors as enterprises draw down their on-premises hardware in favor of cloud services.The response from the hardware vendors is if you can’t beat ‘em, clone ‘em. Vendors are adopting a pay-as-you-go model not unlike that of a cloud provider, where you pay for how much compute time you use and hand back the hardware when you are done rather than buying it outright.+Check out our review of rack servers from  HP, Dell and IBM and tips on calculating the true cost of cloud migration+To read this article in full, please click here

Ansible, Chef, Puppet or Salt? Which One Should I Use?

One of the first things I did when I started my deep-dive into network automation topics was to figure what tools people use to automate stuff and (on a pretty high level) what each one of these tools do.

You often hear about Ansible, Chef and Puppet when talking about network automation tools, with Salt becoming more popular, and CFEngine being occasionally mentioned. However, most network automation engineers prefer Ansible. Here are a few reasons.

Read more ...

BrandPost: Customers will see many upsides to new SD-WAN services & features

The early days of offering a managed SD-WAN service that provides basic network connectivity are drawing to a close. There is clearly burgeoning demand from customers to manage the network providers and network types that make up the growing mix of SD-WAN bandwidth options.As customers see the value of having different network providers and networks to improve reliability and overall cost per megabit for bandwidth, service providers increasingly will be needed to manage those networks and providers. This is one of the basic tenets for revenue opportunities from SD-WAN services. And with many providers, those revenue opportunities may include the use of wholesale agreements to improve the margin of network services along with the revenue inherent in managing multiple providers for customers.To read this article in full, please click here

NetDevOpEd: Abstracting configuration management

I was talking to a banking customer in Northern Europe the other day and they asked me about configuration management. They had many different vendors with different management methods in their infrastructure and wanted to know how they could speed up management.
This specific customer had an outsourced infrastructure. They picked what hardware they wanted to run, but then paid a managed services company to deploy the infrastructure in a colocation facility and perform day-to-day operations.

The issue arose in the speed of deployment. When they launched a new application that required a new service in their data center, the application engineers would need to contact the network team in this bank. The network team would then open up a ticket with the managed services company to provision VLANs and open up ports on their firewalls to allow access to the application. The issue was that this process took up to one week to complete.

This bank contacted us with the hope we could help them unify their management under one framework, so that they could insource the firewall configuration to accelerate their application deployments. They asked me about automated management best practices.
Normally when I have this conversation, we Continue reading

Check Out Our Newest Google Cloud Course

For those of you that are looking to familiarize yourself with the Google Cloud Platform, you’re in luck! we have just released Google Cloud Platform: PaaS with App Engine. This course is now available to All Access Pass members through your members account, and to everyone else through purchase at ine.com.

This course is just one of a growing collection of Google classes offered by INE, we also plan on releasing a Google Data Storage course later this week. Until then, read on to learn about Joseph Holbrook’s latest addition to our Google video course library.

 

Why Study Google App Engine?
Google App Engine is an extremely useful tool; it is a fully managed platform that completely abstracts away infrastructure so you can focus only on code.

About the Course:
This course covers Google App Engine PaaS and more specifically the history, features and functions of Google App Engine. The instructor will explain the benefits of using Google App Engine with live examples and demos.

The course is 4 hours and 5 minutes long and is taught by Joseph Holbrook.

What You’ll Learn:
Students will dive into both deployment models of the App Engine and learn how Continue reading

Worth Reading: The software defined future of the data center

“Future proofing” was once synonymous with long-range planning—essentially, life-cycle management that enables data center facilities and hardware investments to deliver full value before redevelopment or replacement. The definition has steadily evolved to connote a flexible, resilient architecture capable of supporting accelerated business-driven digital transformation. —Paul Mercina @The Data Center Journal

Ansible Tower Feature Spotlight: Custom Credentials

RH-Ansible-Tower

One of the new features we added in Red Hat Ansible Tower 3.2 was support for custom credentials. The idea of custom credentials is pretty simple. In addition to the built-in credentials supported by Ansible Tower such as SSH keys, username/password combos, or cloud provider credentials, we now let the user define their own credentials for storing securely in Ansible Tower and exposing to playbooks.

However, this simplicity belies real power, opening up many new ways to automate. Let's dive into the details.

HOW CUSTOM CREDENTIALS WORK

To set up a custom credential, first you must define the custom credential Type.

Credential types consist of two key concepts - "inputs" and "injectors".

Inputs define the value types that are used for this credential - such as a username, a password, a token, or any other identifier that's part of the credential.

Injectors describe how these credentials are exposed for Ansible to use - this can be Ansible extra variables, environment variables, or templated file content.

Once you've defined a new Credential Type, you can then create any number of credentials that use that type. We'll go through examples to shed light on how this Continue reading

IDG Contributor Network: The top 5 user requirements of IoT edge platforms

As an IoT platform and middleware analyst, I am asked constantly about the benefits of IoT platforms and “what makes a great IoT platform.” In response, I often ask these curious inquirers if they’ve ever used IoT platforms themselves. Walking on the edge is exhilarating, but having hands-on insights, data and expertise on how to survive the journey is even better.What do users actually experience when they use IoT edge platforms?IoT edge computing is a technology architecture that brings certain computational and analytics capabilities near the point of data generation. IoT edge platforms provide the management capabilities required to deliver data from IoT devices to applications while ensuring that devices are properly managed over their lifetimes. Enterprises use edge platforms for factory automation, warehousing/logistics, connected retail, connected mining and many other solutions. With IoT platform revenue slated to grow to USD63.4 billion by 2026, IoT edge is one of the most highly relied upon enterprise IoT platform approaches. To read this article in full, please click here

China Activates Historic Himalayan Link To Nepal

On 10 January 2018, China Telecom activated a long-awaited terrestrial link to the landlocked country of Nepal.  The new fiber optic connection, which traverses the Himalayan mountain range, alters a significant aspect of Nepal’s exclusive dependency on India, shifting the balance of power (at least for international connectivity) in favor of Kathmandu.

Following a number of brief trials since mid-November, Nepal Telecom fully activated Internet transit from China Telecom at 08:28 UTC on 10 January 2018, as depicted below.

Background

In our 2015 coverage of the earthquake that devastated Nepal, I wrote:

Nepal, as well as Bhutan, are both South Asian landlocked countries wedged between India and China that are dependent on India for a number of services including telecommunications. As a result, each country has been courting Chinese engagement that would provide a redundant source of Internet connectivity.

In December 2016, executives Ou Yan of China Telecom Global (CTG) and Lochan Lal Amatya of Nepal Telecom (pictured below) signed an agreement to route IP service through a new terrestrial cable running between Continue reading

IDG Contributor Network: What the storage industry’s inevitable transition to the cloud means for your business

Just a few weeks ago, Microsoft made a relatively unheralded acquisition of a company named Avere Systems. Avere’s raison d’etre is enterprise storage. In their own words, “Avere Systems was created by file systems experts determined to reinvent storage by changing the way enterprises thought about and bought storage resources.” Ostensibly, Microsoft purchased this firm to add cloud-based storage capabilities to its ever-expanding portfolio.To read this article in full, please click here

On the ‘web: The Value of MANRS

Route leaks and Distributed Denial of Service (DDoS) attacks have been in the news a good deal over the last several years; but the average non-transit network operator might generally feel pretty helpless in the face of the onslaught. Perhaps you can buy a DDoS mitigation service or appliance, and deploy the ubiquitous firewall at the edge of your network, but there is not much else to be done, right? Or maybe wait on the Internet at large to “do something” about these problems by deploying some sort of BGP security. But will adopting a “secure edge,” and waiting for someone else to solve the problem, really help? @ECI

1 1,759 1,760 1,761 1,762 1,763 3,841