Power9 To The People

The server race is really afoot now that IBM has finally gotten off the starting blocks with its first Power9 system, based on its “Nimbus” variant of that processor and turbocharged with the latest “Volta” Tesla GPU accelerators from Nvidia and EDR InfiniBand networks from Mellanox Technologies.

The machine launched today, known variously as by the code-name “Witherspoon” or “Newell,” is the building block of the CORAL systems being deployed by the US Department of Energy – “Summit” at Oak Ridge National Laboratory and “Sierra” at Lawrence Livermore National Laboratory. But more importantly, the Witherspoon system represents a new

Power9 To The People was written by Timothy Prickett Morgan at The Next Platform.

Using SAML with Ansible Tower

Tower One Factor Login

This blog post focuses on getting Red Hat Ansible Tower to use SAML as quick as possible. We will use the free OneLogin SAML provider service. Users with an existing SAML service may still find this blog post useful; especially the last section with some troublehooting tips.

Getting Ansible Tower to interoperate with OneLogin SAML requires both systems to have values from each other. This blog post is separated into three sections: the interdependent fields of the two systems, a detailed walkthrough of configuring OneLogin and Ansible Tower with both interdependent and per-system fields and values, and the troubleshooting of potential misconfigurations and corresponding error messages in Ansible Tower.

Interdependence of Ansible Tower and OneLogin

Defined in Ansible Tower, needed by OneLogin:

  1. ACS URL
  2. Entity ID

Defined in OneLogin, needed by Ansible Tower:

  1. Issuer URL
  2. SAML 2.0 Endpoint (HTTP)
  3. X.509 Certificate


Ansible Tower and OneLogin Definitions

Ansible Tower

OneLogin

SAML ASSERTION CONSUMER SERVICE (ACS) URL

ACS (Consumer) URL

SAML SERVICE PROVIDER ENTITY ID

Audience

SAML ENABLED IDENTITY PROVIDERS (python dictionary where entity_id is the “magic” key)

Issuer URL

SAML ENABLED IDENTITY PROVIDERS (python dictionary where url is the “magic” key)

SAML 2.0 Endpoint (HTTP)

SAML ENABLED IDENTITY Continue reading

VXLAN designs: 3 ways to consider routing and gateway design (part 1)

With VXLAN design, the easiest thing to overlook is how communication occurs between subnets. I think many times, network engineers take for granted that our traffic will flow in a VXLAN environment. And it’s also easy to get confused when trying to figure out traffic routing path between your overlay and underlay.

As I work with customers in designing VXLAN infrastructures, one of the first questions I always ask is: “Where do you expect the gateway of the servers?”

This always leads to one of three designs, which I will outline over the next two posts. Before we start, know that all these designs leverage BGP EVPN. Ethernet Virtual Private Networks (EVPN) are an address family within BGP that are used to exchange VXLAN related information. This blog won’t go into detail about EVPN, but we have previous blogs to help fill in the gap.

With that said, let’s get started with the first VXLAN design example.

The first case is the simplest environment, and that is the gateway on an internet edge service. In this case, the VXLAN acts as a strict L2 overlay, and the L3 routed BGP underlay is hidden from the end hosts and servers.

VXLAN designs

Continue reading

DDOS and The DNS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of “landmark” DDOS attacks on the Internet. It’s up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? It was the largest we have seen so far, with an attack that amassed around 1Tb of attack traffic, which is a volume that creates not only a direct impact on the intended victim but wipes out much of the network infrastructure surrounding the attack point as well. Secondly, it used a bot army of co-opted webcams and other connected devices, which is perhaps a rather forbidding portent of the ugly side of the over-hyped Internet of Things. Thirdly, the target of the attack was aimed at the Internet’s DNS infrastructure. —Geoff Huston @ CircleID

Terminology Tuesday Presents: ZTP

 

 

 

 

 

 

 

 

ZTP stands for Zero Touch Provisioning.  And, as a quick google search will quickly reveal, many other things as well.

 

Back to our ZTP.  ZTP is the process by which new network switches can be configured without much human involvement.   Notice that I said “much” and not “any”.  ZTP is not it’s not truly zero because something (someone!) needs to put the first components of the network together in order for the rest of the network to be built in a ZTP fashion.

 

Where provisioning many switches could have quite a while through ZTP processes it’s down to a matter of minutes.  Switches can also be updated automatically with any need for physical intervention.

 

The beauty of ZTP is the continued march towards more and more robust automation solutions.  Delightfully, once folks aren’t mired in the repetitive manual work they can move onto tasks that bring innovation to businesses and, more importantly, make jobs more enjoyable.  We also can’t ignore the fact that it renders moot a lot of the specialized skills that traditionally defined the role of a network engineer. Continue reading

SLAAC and DHCPv6

When deploying IPv6, one of the fundamental questions the network engineer needs to ask is: DHCPv6, or SLAAC? As the argument between these two has reached almost political dimensions, perhaps a quick look at the positive and negative attributes of each solution are. Originally, the idea was that IPv6 addresses would be created using stateless configuration (SLAAC). The network parts of the address would be obtained by listening for a Router Advertisement (RA), and the host part would be built using a local (presumably unique) physical (MAC) address. In this way, a host can be connected to the network, and come up and run, without any manual configuration. Of course, there is still the problem of DNS—how should a host discover which server it should contact to resolve domain names? To resolve this part, the DHCPv6 protocol would be used. So in IPv6 configuration, as initially conceived, the information obtained from RA would be combined with DNS information from DHCPv6 to fully configure an IPv6 host when it is attached to the network.

There are several problems with this scheme, as you might expect. The most obvious is that most network operators do not want to deploy two protocols to Continue reading

VMware targets cloud and container networking with latest NSX-T launch

VMware today released a new version of its NSX virtual networking software that aims to make it easier to manage network requirements of cloud-native and application-container-based applications.The move represents the latest example of a network vendor evolving its automation tooling to operate in not just traditional data center and campus networks, but increasingly in cloud environments that cater to a faster-pace of application development.+MORE AT NETWORK WORLD: What SDN is and where its going +VMware has two separate versions of its software-defined networking (SDN) software. The more popular and widely-used version named NSX integrates with VMware’s vSphere virtualization management software and the company’s popular ESXi compute hypervisor.To read this article in full, please click here

VMware targets cloud and container networking with latest NSX-T launch

VMware today released a new version of its NSX virtual networking software that aims to make it easier to manage network requirements of cloud-native and application-container-based applications.The move represents the latest example of a network vendor evolving its automation tooling to operate in not just traditional data center and campus networks, but increasingly in cloud environments that cater to a faster-pace of application development.+MORE AT NETWORK WORLD: What SDN is and where its going +VMware has two separate versions of its software-defined networking (SDN) software. The more popular and widely-used version named NSX integrates with VMware’s vSphere virtualization management software and the company’s popular ESXi compute hypervisor.To read this article in full, please click here

IDG Contributor Network: To thrive in a digital age, businesses must look beyond log data

With the amount of data in the world predicted to increase at least 50 fold between 2010 and 2020, how we store that data has come into sharp focus. Collecting large volumes of raw log data from multiple applications and infrastructure components and sending it to a central location for storage and processing, for example, increases the size and cost of storage. And as the volume of data grows and storage and processing costs increase dramatically, businesses risk undermining the advantages big data brings. Furthermore, the surging demand for data has environmental implications; by 2020, 12 percent of the world’s energy consumption will be taken by our digital ecosystem, and this is expected to grow annually at approximately 7 percent until 2030. To read this article in full, please click here

IDG Contributor Network: To thrive in a digital age, businesses must look beyond log data

With the amount of data in the world predicted to increase at least 50 fold between 2010 and 2020, how we store that data has come into sharp focus. Collecting large volumes of raw log data from multiple applications and infrastructure components and sending it to a central location for storage and processing, for example, increases the size and cost of storage. And as the volume of data grows and storage and processing costs increase dramatically, businesses risk undermining the advantages big data brings. Furthermore, the surging demand for data has environmental implications; by 2020, 12 percent of the world’s energy consumption will be taken by our digital ecosystem, and this is expected to grow annually at approximately 7 percent until 2030. To read this article in full, please click here

Sponsored Post: Symbiont, Loupe, Etleap, Aerospike, Stream, Scalyr, VividCortex, Domino Data Lab, MemSQL, Zohocorp

Who's Hiring? 

  • Symbiont is a New York-based financial technology company building new kinds of computer networks to connect independent financial institutions together and allow them to share business logic and data in real time. This involves developing a distributed system which is also decentralized, and which allows for the creation of smart contracts, self-executing cryptographic agreements among counterparties. To do so, we're using a lot of techniques in blockchain technology, as well as those from traditional distributed systems, programming language design and cryptography. We are hiring for a number of roles, from entry-level to expert, including Haskell Backend Engineer, Database Engineer, Product Engineer, Site Reliability Engineer (SRE), Programming Language Engineer and SecOps Engineer. To find out more, just e-mail us your resume

  • Need excellent people? Advertise your job here! 

Fun and Informative Events

  • On-demand Webinar. Fast & Frictionless - The Decision Engine for Seamless Digital Business. In this session, guest speakers Michele Goetz, Principal Analyst at Forrester Research and Matthias Baumhof, VP Worldwide Engineering at ThreatMetrix, discuss: How risk-based authentication leveraging digital identities is key to empowering customer transactions; How real-time customer trust decisions can reduce fraud and improve customer satisfaction; How a high performance Hybrid Memory Continue reading

Introducing NSX-T 2.1 with Pivotal Integration

NSX-T 2.1 Introducing NSX-T 2.1 with Pivotal Integration Application architectures are evolving. That shouldn’t be news to anyone. Today, emerging app architectures that leverage container-based workloads and microservices are becoming mainstream, moving from science projects in development labs to enterprise production deployments at scale. The benefits are clear. Developers and the application lifecycle, become faster, more productive,... Read more →

Introducing NSX-T 2.1 with Pivotal Integration

Application architectures are evolving. That shouldn’t be news to anyone. Today, emerging app architectures that leverage container-based workloads and microservices are becoming mainstream, moving from science projects in development labs to enterprise production deployments at scale. The benefits are clear. Developers and the application lifecycle, become faster, more productive, more agile, and more responsive to the needs of the business.

 

 

Today we’re announcing NSX-T 2.1, which will enable advanced networking and security across these emerging app architectures, just as it does for traditional 3-tier apps. More specifically, NSX-T 2.1 will serve as the networking and security platform for the recently announced VMware Pivotal Container Service (PKS), a Kubernetes solution jointly developed by VMware and Pivotal in collaboration with Google. NSX-T 2.1 will also introduce integration with the latest 2.0 release of Pivotal Cloud Foundry (PCF), serving as the networking and security engine behind PCF. In these environments, NSX-T will provide Layer 3 container networking and advanced networking services such as load balancing, micro-segmentation, and more.

For development teams, these integrations mean that they will be able operate quickly and consume infrastructure as code. Meanwhile, their workflows will remain the same — fast and efficient — because NSX-T will integrate tightly with these application platforms, connecting directly into the Continue reading

1 1,795 1,796 1,797 1,798 1,799 3,836