Overlay Management

I was lucky enough to participate in Tech Field Day 27 a couple weeks months ago. This event brings independent thought leaders together with a number of IT product vendors to share information and opinions. I was not paid to attend, but the organizers did provide travel, room, and meals while I was there. There is no expectation of providing any content, so the fact that I’m mentioning it says something. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved.

One of the companies that presented was Men & Mice. They have a product called Micetro (great name!) that manages your DHCP, DNS, and IPAM for you. The product doesn’t provide DHCP, DNS, or IPAM services; it manages it. That is, it configures and monitors those services for you, whether it’s running on your local network, in cloud, remotely, whatever. This is what they call overlay management.

What does that really mean, though? Since overlay management doesn’t provide endpoint services, your endpoints don’t see anything different. Your DHCP servers stays the same. DNS servers stays the same. IPAM stays the same. The only thing that’s Continue reading

Overlay Management

I was lucky enough to participate in Tech Field Day 27 a couple weeks months ago. This event brings independent thought leaders together with a number of IT product vendors to share information and opinions. I was not paid to attend, but the organizers did provide travel, room, and meals while I was there. There is no expectation of providing any content, so the fact that I’m mentioning it says something. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved.

One of the companies that presented was Men & Mice. They have a product called Micetro (great name!) that manages your DHCP, DNS, and IPAM for you. The product doesn’t provide DHCP, DNS, or IPAM services; it manages it. That is, it configures and monitors those services for you, whether it’s running on your local network, in cloud, remotely, whatever. This is what they call overlay management.

What does that really mean, though? Since overlay management doesn’t provide endpoint services, your endpoints don’t see anything different. Your DHCP servers stays the same. DNS servers stays the same. IPAM stays the same. The only thing that’s Continue reading

How the Cloudflare global network optimizes for system reboots during low-traffic periods

How the Cloudflare global network optimizes for system reboots during low-traffic periods
How the Cloudflare global network optimizes for system reboots during low-traffic periods

To facilitate the huge scale of Cloudflare’s customer base, we maintain data centers which span more than 300 cities in over 100 countries, including approximately 30 locations in Mainland China.

The Cloudflare global network is built to be continuously updated in a zero downtime manner, but some changes may need a server reboot to safely take effect. To enable this, we have mechanisms for the whole fleet to automatically reboot with changes gated on a unique identifier for the reboot cycle. Each data center has a maintenance window, which is a time period - usually a couple of hours - during which reboots are permitted.

We take our customer experience very seriously, and hence we have several mechanisms to ensure that disruption to customer traffic does not occur. One example is Unimog, our in-house load balancer that spreads load across the servers in a data center, ensuring that there is no disruption when a server is taken out for routine maintenance.

The SRE team decided to further reduce risk by only allowing reboots in a data center when the customer traffic is at the lowest. We also needed to automate the existing manual process for determining the window Continue reading

OpenShift and Ansible: Bridging the Automation Gap for 5G and Beyond Networks – Part 1

This blog post is co-authored with Ian Miller.

 

5G and beyond mobile networks are requesting automation capabilities to rapidly scale up their service rollout. To that end, Kubernetes and cloud-native infrastructures unlock a great deal of flexibility through declarative configuration.

However, there is a large number of important non-declarative components (e.g. legacy OSS/BSS systems, bare metal servers, network infrastructure, etc.) that will still require imperative configuration for the foreseeable future.

In this series of two articles, we bring together powerful tools and concepts for effectively managing declarative configurations using Red Hat OpenShift, Red Hat Advanced Cluster Management for Kubernetes, and Red Hat Ansible Automation Platform for integrating any non-declarative system into closed-loop automation workflows.

 

Declarative vs Imperative, a Zero-Sum Game for 5G?

Short answer: definitely not.

Kubernetes and Red Hat OpenShift are built around a declarative model in which configuration Custom Resources (CRs) capture the desired end state and the cluster works to reconcile to it. This model fits in seamlessly with tools like GitOps and the different engines (i.e. clusters, applications, observability, and governance) provided by Red Hat Advanced Cluster Management for Kubernetes.

Both tools are thoroughly leveraged by the Red Hat Zero Continue reading

Gartner: SSE landscape shifts as vendors add more security services

The market for managed security services is shifting as enterprises weigh their requirements for cloud-based security capabilities and vendors refine their feature sets and product integrations.Converged security services can offer significant benefits to enterprises when it comes to manageability, scalability, security, and price, according to research firm Gartner, which introduced the term SASE, or secure access service edge. SASE is a network architecture that combines software-defined wide area networking (SD-WAN) and security functionality into a unified cloud service that promises simplified WAN deployments, improved efficiency and security, and application-specific bandwidth policies.To read this article in full, please click here

Gartner: SSE landscape shifts as vendors add more security services

The market for managed security services is shifting as enterprises weigh their requirements for cloud-based security capabilities and vendors refine their feature sets and product integrations.Converged security services can offer significant benefits to enterprises when it comes to manageability, scalability, security, and price, according to research firm Gartner, which introduced the term SASE, or secure access service edge. SASE is a network architecture that combines software-defined wide area networking (SD-WAN) and security functionality into a unified cloud service that promises simplified WAN deployments, improved efficiency and security, and application-specific bandwidth policies.To read this article in full, please click here

NCSA Builds Out Delta Supercomputer With An AI Extension

The National Center for Supercomputing Applications at the University of Illinois just fired up its Delta system back in April 2022, and now it has just been given $10 million by the National Science Foundation to expand that machine with an AI partition, called DeltaAI appropriately enough, that is based on Nvidia’s “Hopper” H100 GPU accelerators.

The post NCSA Builds Out Delta Supercomputer With An AI Extension first appeared on The Next Platform.

NCSA Builds Out Delta Supercomputer With An AI Extension was written by Timothy Prickett Morgan at The Next Platform.

Heavy Wireless 006: Building Sustainable, Efficient Backhaul Networks With Ceragon Networks (Sponsored)

Today's Heavy Wireless episode explores building sustainable and efficient backhaul networks with sponsor Ceragon Networks. We discuss the challenges of backhaul, the complementarity of wireless and fiber solutions, the frequencies and protocols used in wireless backhaul, and the concept of disaggregated routing.

The post Heavy Wireless 006: Building Sustainable, Efficient Backhaul Networks With Ceragon Networks (Sponsored) appeared first on Packet Pushers.

Build and secure multi-cluster CockroachDB using the Calico clustermesh: A step-by-step guide

This blog is written by Dhiraj Sehgal and Mike Bookham.

Dhiraj Sehgal is the Director of Technical Marketing at Tigera, where he helps customers learn more about Calico and provides best practices for securing cloud-native environments. He is passionate about everything cloud native, from Kubernetes to cloud security and observability.

Mike Bookham is a Channel Solutions Engineer at Cockroach Labs. As part of Mike’s role, he helps a range of different types of partner organizations get familiar with CockroachDB from a technical perspective. Mike has worked with cloud-native technologies for a number of years and specializes in Kubernetes and the surrounding ecosystem.

With the rapid adoption of Kubernetes in organizations and the push to standardize the orchestration of resources with this approach, databases are now also being deployed into Kubernetes. Historically, persistent workloads like databases were not recommended for their deployment into Kuberntes as it was complex to manage how data would be stored. This was a result of Kubertnes originally being designed for non persistent microservice architectures. However, in more recent times new database vendors are emerging with software built from the ground up to run in this environment.

Kubernetes mandates how the networking is deployed and configured in Continue reading

The power of >, >>, &, &&, and || on Linux

Some of the most convenient “tricks” on Linux depend on the use of a handful of special characters. This post takes a look at a number of them and shows how they work.Using > and >> Using the > and >> characters will have similar but different effects, and both depend on how you use them in a command. The > character can be used to direct output into a file. For example, these commands will put the specified text into a file. If the file exists, however, any former content will be overwritten. Notice how only one "hello" remains in the file.$ echo hello > world $ echo hello > world $ cat world hello Using >>, on the other hand, will add the text provided to the end of a file. If the file doesn’t exist, the command will create it.To read this article in full, please click here

The power of >, >>, &, &&, and || on Linux

Some of the most convenient “tricks” on Linux depend on the use of a handful of special characters. This post takes a look at a number of them and shows how they work.Using > and >> Using the > and >> characters will have similar but different effects, and both depend on how you use them in a command. The > character can be used to direct output into a file. For example, these commands will put the specified text into a file. If the file exists, however, any former content will be overwritten. Notice how only one "hello" remains in the file.$ echo hello > world $ echo hello > world $ cat world hello Using >>, on the other hand, will add the text provided to the end of a file. If the file doesn’t exist, the command will create it.To read this article in full, please click here

Are AI-powered networks already outperforming SD-WAN?

SD-WANs (software-defined wide area networks) have been in wide-scale use for several years now, and their adoption has accelerated in recent years. According to a report by IDC, the worldwide SD-WAN infrastructure market reached $4.5 billion in 2020, representing a dramatic 45.5% increase from the previous year.Today, SD-WAN is considered a mainstream technology, and companies like Microsoft, Vodafone, and Visa are using it to connect their branch offices, data centers, and cloud resources. As more organizations adopt cloud-based applications and services, the demand for SD-WAN is likely to continue to grow.But within SD-WAN solutions there are critical limitations–particularly for organizations that operate globally since SD-WAN lacks a global backbone.To read this article in full, please click here

BrandPost: Unlock the potential for NaaS in healthcare

By: Lilly Fleming, Healthcare Marketing, HPE Aruba Networking.Healthcare organizations have undergone substantial digital transformation over the last decade. There are more medical and personal IoT devices in the healthcare landscape than ever before, and this trend is not slowing down. The healthcare IT organization faces the difficult challenge of added complexities, including how they prioritize investments in digital tools, technology, and analytics. Channel Partners can help their healthcare customers meet the needs of their patients and stakeholders by enabling them to overcome these challenges.To read this article in full, please click here

BrandPost: Why SASE requires a flexible platform for integrated or unified choice

By: Scott Raynovich, Founder and Chief Analyst, FuturiomAs end users adopt software-defined technology that can help them more easily deploy and manage secure networks, they are increasingly looking to the technologies known as secure access service edge (SASE) and secure service edge (SSE).But digging deeper into these acronyms, it gets more complex. SASE and SSE products aren’t exactly product categories per se – but platforms for integrating a variety of network security functions. These wide-ranging features might include all the most popular features/acronyms, including Advanced Threat Protection (ATP), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Firewall-as-a-Service (FWaaS), Intrusion Detection System/Intrusion Prevention System (IDS/IPS), Next-Generation Firewall (NGFW), Software-Defined Wide-Area Networking (SD-WAN), Secure Web Gateway (SWG), Unified Threat Management (UTM), and Zero Trust Network Access (ZTNA). The integration of these functions is a key driving force behind the growth of the SASE market.To read this article in full, please click here

Bring your own CA for client certificate validation with API Shield

Bring your own CA for client certificate validation with API Shield
Bring your own CA for client certificate validation with API Shield

APIs account for more than half of the total traffic of the Internet. They are the building blocks of many modern web applications. As API usage grows, so does the number of API attacks. And so now, more than ever, it’s important to keep these API endpoints secure. Cloudflare’s API Shield solution offers a comprehensive suite of products to safeguard your API endpoints and now we’re excited to give our customers one more tool to keep their endpoints safe. We’re excited to announce that customers can now bring their own Certificate Authority (CA) to use for mutual TLS client authentication. This gives customers more security, while allowing them to maintain control around their Mutual TLS configuration.

The power of Mutual TLS (mTLS)

Traditionally, when we refer to TLS certificates, we talk about the publicly trusted certificates that are presented by servers to prove their identity to the connecting client. With Mutual TLS, both the client and the server present a certificate to establish a two-way channel of trust. Doing this allows the server to check who the connecting client is and whether or not they’re allowed to make a request. The certificate presented by the client - the client certificate Continue reading

1 188 189 190 191 192 3,763