Large enterprises abandon data centers for the cloud

Sure, it was a cloud computing conference, and maybe the goal remains a bit unrealistic, but at AWS re:Invent in Las Vegas last week, the number of enterprises expressing a wish to stop running their own data centers was too big ignore.Even old-line enterprises companies said they weren’t content to create a foothold in the cloud and stay with a hybrid cloud environment, though that’s the situation many currently find themselves in. No, many are looking to exit the data center business entirely, just as soon as they can manage it.Also on Network World: How a giant like GE found a home in the cloud And from the size and quality of the companies signing on to this stretch goal — think PG&E, Expedia, and to some extent even Goldman Sachs — it seemed clear that they represent only the tip of the iceberg.To read this article in full, please click here

Large enterprises abandon data centers for the cloud

Sure, it was a cloud computing conference, and maybe the goal remains a bit unrealistic, but at AWS re:Invent in Las Vegas last week, the number of enterprises expressing a wish to stop running their own data centers was too big ignore.Even old-line enterprises companies said they weren’t content to create a foothold in the cloud and stay with a hybrid cloud environment, though that’s the situation many currently find themselves in. No, many are looking to exit the data center business entirely, just as soon as they can manage it.Also on Network World: How a giant like GE found a home in the cloud And from the size and quality of the companies signing on to this stretch goal — think PG&E, Expedia, and to some extent even Goldman Sachs — it seemed clear that they represent only the tip of the iceberg.To read this article in full, please click here

Deep Dive Into Qualcomm’s Centriq Arm Server Ecosystem

Qualcomm launched its Centriq server system-on-chip (SoC) a few weeks ago. The event filled in Centriq’s tech specs and pricing, and disclosed a wide range of ecosystem partners and customers. I wrote about Samsung’s process and customer testimonials for Centriq elsewhere.

Although Qualcomm was launching its Centriq 2400 processor, instead of focusing on a bunch of reference design driven hardware partners, Qualcomm chose to focus its Centriq launch event on ecosystem development, with a strong emphasis on software workloads and partnerships. Because so much of today’s cloud workload mix is based on runtime environments – using containers, interpretive languages,

Deep Dive Into Qualcomm’s Centriq Arm Server Ecosystem was written by Timothy Prickett Morgan at The Next Platform.

Simplifying the Management of Kubernetes with Docker Enterprise Edition

Back in October at DockerCon Europe, we announced that Docker will be delivering a  seamless and simplified integration of Kubernetes into the Docker platform. By integrating Kubernetes with Docker EE, we provide the choice to use Kubernetes and/or Docker Swarm for orchestration while maintaining the consistent developer to operator workflow users have come to expect from Docker. For users, this means they get an unmodified, conformant version of Kubernetes with the added value of the Docker platform including security, management, a familiar developer workflow and tooling, broad ecosystem compatibility and an adherence to industry standards including containerd and the OCI.

Kubernetes and Docker

One of the biggest questions that we’ve been asked since we announced support for Kubernetes at  DockerCon EU –  what does this mean for an operations team that is already using Kubernetes to orchestrate containers within their enterprise? The answer is really fairly straightforward  –  Kubernetes teams using Docker EE will have the following:

  • Full access to the Kube API and all Kubernetes constructs
  • Native use of KubeCTL
  • If you are developing in Kube YML, seamless deployment
  • Ability to develop  in Docker with Compose and leverage your best practices around Kubernetes services

Docker Enterprise Edition with support for Kubernetes Continue reading

Make SSL boring again

It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto and SSL implementation that started as a fork of OpenSSL.

CTO tweet

We dedicated several months of work to make this happen without negative impact on customer traffic. We had a few bumps along the way, and had to overcome some challenges, but we ended up in a better place than we were in a few months ago.

TLS 1.3

We have already blogged extensively about TLS 1.3. Our original TLS 1.3 stack required our main SSL termination software (which was based on OpenSSL) to hand off TCP connections to a separate system based on our fork of Go's crypto/tls standard library, which was specifically developed to only handle TLS 1.3 connections. This proved handy as an experiment that we could roll out to our client base in relative safety.

However, over time, this separate system started to make our lives more complicated: most of our SSL-related business logic needed to be duplicated in the new system, which caused a few subtle bugs to pop up, and made it Continue reading

Dell EMC makes big hyperconverged systems push with new servers

Dell EMC is expanding its hyperconverged infrastructure portfolio with new systems built around 14th generation PowerEdge servers.Converged (CI) and hyperconverged infrastructure (HCI) is a fancy way of saying turnkey systems with compute, storage, networking and software all combined into a single bundle. Rather than building a system from a variety of vendors, the customer gets everything they need from one vendor and it comes pre-configured to run out of the box.It’s basically a page out of the mainframe book, when everything came from one vendor (usually IBM). As server technology moved away from big iron and the x86 market took over, pieces were fragmented. You got your servers from Dell, HP or IBM, storage from EMC or NetApp, networking from Cisco or 3Com, etc.To read this article in full, please click here

Dell EMC makes big hyperconverged systems push with new servers

Dell EMC is expanding its hyperconverged infrastructure portfolio with new systems built around 14th generation PowerEdge servers.Converged (CI) and hyperconverged infrastructure (HCI) is a fancy way of saying turnkey systems with compute, storage, networking and software all combined into a single bundle. Rather than building a system from a variety of vendors, the customer gets everything they need from one vendor and it comes pre-configured to run out of the box.It’s basically a page out of the mainframe book, when everything came from one vendor (usually IBM). As server technology moved away from big iron and the x86 market took over, pieces were fragmented. You got your servers from Dell, HP or IBM, storage from EMC or NetApp, networking from Cisco or 3Com, etc.To read this article in full, please click here

VMware Tweaks NSX Virtual Networks For Containers, Microservices

VMware jumped into burgeoning software-defined networking (SDN) field in a big way four years ago when it bought started Nicira for $1.26 billion, a deal that led to the launch of VMware’s NSX offering a year later. NSX put the company on a crash course with other networking vendors, particularly Cisco Systems, all of whom were trying to plot their strategies to deal with the rapid changes in what had been a relatively staid part of the industry.

Many of these vendors had made their billions over the years selling expensive appliance-style boxes filled with proprietary technologies, and now faced

VMware Tweaks NSX Virtual Networks For Containers, Microservices was written by Jeffrey Burt at The Next Platform.

Automate Remote Site Hardware Refresh Process

Every time we finish the Building Network Automation Solutions online course I ask the attendees to share their success stories with me. Stan Strijakov was quick to reply:

I have yet to complete the rest of the course and assignments, but the whole package was a tremendous help for me to get our Ansible running. We now deploy whole WAN sites within an hour.

Of course I wanted to know more and he sent me a detailed description of what they’re doing:

Read more ...

Power9 To The People

The server race is really afoot now that IBM has finally gotten off the starting blocks with its first Power9 system, based on its “Nimbus” variant of that processor and turbocharged with the latest “Volta” Tesla GPU accelerators from Nvidia and EDR InfiniBand networks from Mellanox Technologies.

The machine launched today, known variously as by the code-name “Witherspoon” or “Newell,” is the building block of the CORAL systems being deployed by the US Department of Energy – “Summit” at Oak Ridge National Laboratory and “Sierra” at Lawrence Livermore National Laboratory. But more importantly, the Witherspoon system represents a new

Power9 To The People was written by Timothy Prickett Morgan at The Next Platform.

Using SAML with Ansible Tower

Tower One Factor Login

This blog post focuses on getting Red Hat Ansible Tower to use SAML as quick as possible. We will use the free OneLogin SAML provider service. Users with an existing SAML service may still find this blog post useful; especially the last section with some troublehooting tips.

Getting Ansible Tower to interoperate with OneLogin SAML requires both systems to have values from each other. This blog post is separated into three sections: the interdependent fields of the two systems, a detailed walkthrough of configuring OneLogin and Ansible Tower with both interdependent and per-system fields and values, and the troubleshooting of potential misconfigurations and corresponding error messages in Ansible Tower.

Interdependence of Ansible Tower and OneLogin

Defined in Ansible Tower, needed by OneLogin:

  1. ACS URL
  2. Entity ID

Defined in OneLogin, needed by Ansible Tower:

  1. Issuer URL
  2. SAML 2.0 Endpoint (HTTP)
  3. X.509 Certificate


Ansible Tower and OneLogin Definitions

Ansible Tower

OneLogin

SAML ASSERTION CONSUMER SERVICE (ACS) URL

ACS (Consumer) URL

SAML SERVICE PROVIDER ENTITY ID

Audience

SAML ENABLED IDENTITY PROVIDERS (python dictionary where entity_id is the “magic” key)

Issuer URL

SAML ENABLED IDENTITY PROVIDERS (python dictionary where url is the “magic” key)

SAML 2.0 Endpoint (HTTP)

SAML ENABLED IDENTITY Continue reading

VXLAN designs: 3 ways to consider routing and gateway design (part 1)

With VXLAN design, the easiest thing to overlook is how communication occurs between subnets. I think many times, network engineers take for granted that our traffic will flow in a VXLAN environment. And it’s also easy to get confused when trying to figure out traffic routing path between your overlay and underlay.

As I work with customers in designing VXLAN infrastructures, one of the first questions I always ask is: “Where do you expect the gateway of the servers?”

This always leads to one of three designs, which I will outline over the next two posts. Before we start, know that all these designs leverage BGP EVPN. Ethernet Virtual Private Networks (EVPN) are an address family within BGP that are used to exchange VXLAN related information. This blog won’t go into detail about EVPN, but we have previous blogs to help fill in the gap.

With that said, let’s get started with the first VXLAN design example.

The first case is the simplest environment, and that is the gateway on an internet edge service. In this case, the VXLAN acts as a strict L2 overlay, and the L3 routed BGP underlay is hidden from the end hosts and servers.

VXLAN designs

Continue reading

DDOS and The DNS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of “landmark” DDOS attacks on the Internet. It’s up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? It was the largest we have seen so far, with an attack that amassed around 1Tb of attack traffic, which is a volume that creates not only a direct impact on the intended victim but wipes out much of the network infrastructure surrounding the attack point as well. Secondly, it used a bot army of co-opted webcams and other connected devices, which is perhaps a rather forbidding portent of the ugly side of the over-hyped Internet of Things. Thirdly, the target of the attack was aimed at the Internet’s DNS infrastructure. —Geoff Huston @ CircleID

Terminology Tuesday Presents: ZTP

 

 

 

 

 

 

 

 

ZTP stands for Zero Touch Provisioning.  And, as a quick google search will quickly reveal, many other things as well.

 

Back to our ZTP.  ZTP is the process by which new network switches can be configured without much human involvement.   Notice that I said “much” and not “any”.  ZTP is not it’s not truly zero because something (someone!) needs to put the first components of the network together in order for the rest of the network to be built in a ZTP fashion.

 

Where provisioning many switches could have quite a while through ZTP processes it’s down to a matter of minutes.  Switches can also be updated automatically with any need for physical intervention.

 

The beauty of ZTP is the continued march towards more and more robust automation solutions.  Delightfully, once folks aren’t mired in the repetitive manual work they can move onto tasks that bring innovation to businesses and, more importantly, make jobs more enjoyable.  We also can’t ignore the fact that it renders moot a lot of the specialized skills that traditionally defined the role of a network engineer. Continue reading

1 1,791 1,792 1,793 1,794 1,795 3,832