BrandPost: SD-WAN Puts Traditional Routers on Notice

SD-WAN with its benefits of improved bandwidth economics, application prioritization, and centralized management, is rapidly reshaping the branch network architecture.SD-WAN technologies are becoming mainstream as distributed organizations experience the benefits of plentiful internet bandwidth, prioritized access to critical applications, and the ease of centralized management. Leading IT organizations are deploying SD-WAN solutions with software-based routing and displacing traditional branch router architectures. Over time, Doyle Research expects significant disruption of the branch router market with SD-WAN becoming the primary platform.To read this article in full, please click here

RESTful control of Cumulus Linux ACLs

The diagram above shows how the Cumulus Linux 3.4 HTTP API can be extended to include the functionality described in REST API for Cumulus Linux ACLs. Fast programmatic control of Cumulus Linux ACLs addresses a number of interesting use cases, including: DDoS mitigationElephant flow marking, and Triggered remote packet capture using filtered ERSPAN.

The Github pphaal/acl_server project INSTALL page describes how to install the acl_server daemon and configure the NGINX web server front end for the Cumulus Linux REST API to include the acl_server functions. The integration ensures that the same access controls configured for the REST API apply to the acl_server functions, which appear under the /acl/ path.

The following examples demonstrate the REST API.

Create an ACL

curl -X PUT -H 'Content-Type:application/json' --data '["[iptables]","-A FORWARD --in-interface swp+ -d 10.10.100.10 -p udp --sport 53 -j DROP"]' -k -u 'cumulus:CumulusLinux!' https://10.0.0.52:8080/acl/ddos1
ACLs are sent as a JSON encoded array of strings. Each string will be written as a line in a file stored under /etc/cumulus/acl/policy.d/ - See Cumulus Linux: Netfilter - ACLs. For example, the rule above will be written to the file 50rest-ddos1.rules with the following Continue reading

Worth Reading: Court Overreach with SOPA

Nearly six years ago, Internet user communities rose up and said no to the disastrous SOPA copyright bill. This bill proposed creating a new, quick court order process to compel various Internet services—free speech’s weak links—to help make websites disappear. Today, despite the failure of SOPA, a federal court in Virginia issued just such an order, potentially reaching many different kinds of Internet services. — Mitch Stoltz @ Deep Links

Remote User Authentication and RBAC with NSX-T

Remote user authentication and role based access control (RBAC) is an important requirement when deploying new systems in an organization, particularly in the networking world. For that matter, systems typically leverage RADIUS or Active Directory (AD) servers, to name a few.

NSX-T integrates with VMware Identity Manager (vIDM) to get the following benefits related to user authentication:

  • Support for extensive AAA Systems, including
    • AD-based LDAP, OpenLDAP
    • RADIUS
    • SmartCards / Common Access Cards
    • RSA Secure ID
  • Enterprise Single Sign-On
    • Common authentication platform across multiple VMware solutions
    • Seamless single sign-on experience


This blog post covers the main steps required to integrate NSX-T with vIDM and to configure roles that grant different privileges to different users. It does not cover deployment and hardening of VMware Identity Manager (vIDM). At the end of the post, there is a link to a demo showing how to do the configuration and several role-based access tests.

Assuming that both NSX-T Manager and vIDM appliances are deployed, powered on and configured with the basic management details (IP address, admin users, etc.), the integration requires the following steps:

  1. Creating a OAuth client ID for the NSX-T Manager in vIDM
  2. Getting the vIDM appliance thumbprint
  3. Registering NSX-T Manager with Continue reading

Swarm Orchestration in Docker Enterprise Edition

swarm orchestration

At DockerCon Europe, we announced that the next release of Docker Enterprise Edition (Docker EE) would include Kubernetes integration. We’re really excited about bringing Kubernetes to our customer base and continuing to increase our involvement within the community. But it’s equally important for us to note that Swarm orchestration is not going away. Swarm forms an integral cluster management component of the Docker EE platform; in addition, Swarm will operate side-by-side with Kubernetes in a Docker EE cluster, allowing customers to select, based on their needs, the most suitable orchestration tool at application deployment time.

Here are just a few reasons that Swarm is integral to the Docker EE solution:

  1. Support our existing customers and ecosystem integrations
  2. Provide customers the flexibility in choice of orchestrators
  3. Provide secure and highly available clustering architecture

Existing Customers and Ecosystem Integrations

Docker now has hundreds of Docker EE customers who have standardized on Swarm orchestration. In fact, at our Customer Summit during DockerCon, all of the customers stated that they intend to continue using Swarm even with the Kubernetes announcement. Having both orchestration options available is definitely a plus for some of these customers that have organizations within the company using both Swarm and Continue reading

Gordon Bell Looks Out Into A Parallel World

It was 31 years ago when Alan Karp, then an IBM employee, decided to put up $100 of his own money in hopes of solving a vexing issue for him and others in the computing field. When looking at the HPC space, there were supercomputers armed with eight powerful processors and designed to run the biggest applications of the day. However, there also were people putting 1,000 wimpy chips into machines that leveraged parallelism to run workloads, a rarity at the time.

According to Amdahl’s Law in 1986, even if 95 percent of a workload runs in parallel, the speedup

Gordon Bell Looks Out Into A Parallel World was written by Jeffrey Burt at The Next Platform.

IDG Contributor Network: VeloCloud SD-WAN might be under the hood of many ISPs, but it’s not the same

If you’ve researched purchasing an SD-WAN solution from an ISP, there’s a good chance it’s not your ISP who is providing the actual SD-WAN service. [say what?!]Way back in 2016… the demand for SD-WAN emerged so furiously, ISP’s have had to make a quick decision: 1) roll-out a solution immediately; or 2) get tabbed as an old rickety out-of-date ISP. Consequently, rather than building their own solution (a lengthy process), most ISP’s have decided to take the easy route and white label someone else’s vetted product.Many of these ISP’s have chosen VeloCloud to be the SD-WAN solution under the hood.To read this article in full, please click here

IDG Contributor Network: VeloCloud SD-WAN might be under the hood of many ISPs, but it’s not the same

If you’ve researched purchasing an SD-WAN solution from an ISP, there’s a good chance it’s not your ISP who is providing the actual SD-WAN service. [say what?!]Way back in 2016… the demand for SD-WAN emerged so furiously, ISP’s have had to make a quick decision: 1) roll-out a solution immediately; or 2) get tabbed as an old rickety out-of-date ISP. Consequently, rather than building their own solution (a lengthy process), most ISP’s have decided to take the easy route and white label someone else’s vetted product.Many of these ISP’s have chosen VeloCloud to be the SD-WAN solution under the hood.To read this article in full, please click here

Deploy360 at IETF 100, Day 5: Zaìjiàn from the Lion City

There’s a couple of sessions of interest on the last day of IETF 100 before we wrap up for the week. Friday is only a half-day, but still manages to fit in sessions on human rights considerations and encryption. Human rights is not a topic that Deploy360 typically covers, but we have been increasingly asked to discuss the IRTF initiative on Human Rights Protocols Considerations. (There’s also a recent IETF Journal article on Human Rights Protocol Considerations.)

HRPC is researching the human rights threats on the Internet, whether standards and protocols can enable or threaten these, and is developing recommendations on developing Internet protocols around this. It recently published RFC 8080 outlining human rights threats on the Internet, and will be meeting at 09.30 SGT/UTC+8 to discuss three other drafts relating to Freedom of Association on the Internet, the Politics of Standards, and Unrequested Communications. There will also be a presentation on Chainiac: end-to-end software supply chain security and transparency, plus the next steps forward will be discussed.

NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.

PERC is also meeting at the same time, and has three drafts up for discussion. Continue reading

HPE and Rackspace offer on-premises ‘cloud’ systems

HPE and Rackspace have partnered to offer pay-as-you-go services similar to the public cloud but located in private data centers. The OpenStack-based services can have the systems installed in users' own data centers, in a colocation facility, or in Rackspace’s data centers.The move is meant to counter the growing popularity of public cloud services where you pay as you go rather than make the up-front massive investment and then have to maintain and eventually dispose of the systems when they are old.Also on Network World: 6 steps for a future-ready cloud storage strategy And in case you haven’t noticed, this idea is gaining traction. Microsoft offers Azure Stack, which puts Azure in your private data center, Oracle has Cloud at Customer, and Google and Cisco plan to bring Google Cloud Platform to on-premises users in the near future.To read this article in full, please click here

HPE and Rackspace offer on-premises ‘cloud’ systems

HPE and Rackspace have partnered to offer pay-as-you-go services similar to the public cloud but located in private data centers. The OpenStack-based services can have the systems installed in users' own data centers, in a colocation facility, or in Rackspace’s data centers.The move is meant to counter the growing popularity of public cloud services where you pay as you go rather than make the up-front massive investment and then have to maintain and eventually dispose of the systems when they are old.Also on Network World: 6 steps for a future-ready cloud storage strategy And in case you haven’t noticed, this idea is gaining traction. Microsoft offers Azure Stack, which puts Azure in your private data center, Oracle has Cloud at Customer, and Google and Cisco plan to bring Google Cloud Platform to on-premises users in the near future.To read this article in full, please click here

Microsoft, Daimler to use fuel cells to power data centers

In separate announcements, Microsoft Corp. and Daimler indicated that hydrogen fuel cells could provide significantly better energy solutions for data centers than existing electrical grid and backup power technology.Daimler, best known for its Mercedes-Benz automobile brand, presented this week its latest-generation fuel cell technology, which is 30 percent smaller, has 40 percent more power and is small enough to fit into the engine compartment of Mercedes-Benz passenger vehicles. The company plans to expand the use of that technology in a hydrogen-powered data center power plant, collaborating with HPE, Power Innovations (PI) and the National Renewable Energy Laboratory (NREL).To read this article in full, please click here

1 1,822 1,823 1,824 1,825 1,826 3,841