Getting Linux to ignore pings

The ping command sends one or more requests to a system asking for a response. It's typically used to check that a system is up and running, verify an IP address, or prove that the sending system can reach the remote one (i.e., verify the route).The ping command is also one that network intruders often use as a first step in identifying systems on a network that they might next want to attack. In this post, we're going to take a quick look at how ping works and then examine options for configuring systems to ignore these requests.How ping works The name "ping" came about because the ping command works in a way that is similar to sonar echo-location, which used sound propogation for navigation. The sound pulses were called "pings." The ping command on Unix and other systems sends an ICMP ECHO_REQUEST to a specified computer, which is then expected to send an ECHO_REPLY. The requests and replies are very small packets.To read this article in full or to leave a comment, please click here

Handling A10 PCAP Files Using Automator in MacOS

I’m not a big user of Apple’s Automator tool, but sometimes it’s very useful. For example, A10 Networks load balancers make it pretty easy for administrators to capture packets without having to remember the syntax and appropriate command flags for a tcpdump command in the shell. Downloading the .pcap file is pretty easy too (especially using the web interface), but what gets downloaded is not just a single file; instead, it’s a gzip file containing a tar file which in turn contains (for the hardware I use) seventeen packet capture files. In this post I’ll explain what these files are, why it’s annoying, and how I work around this in MacOS.

A10 Logo

Sixteen Candles

If you’re wondering how one packet capture turned into sixteen PCAP files, that’s perfectly reasonable and the answer is simple in its own way. The hardware I use has sixteen CPU cores, fifteen of which are used by default to process traffic, and inbound flows are spread across those cores. Thus when taking a packet capture, the system actually requests each core to dump the flows matching the filter specification. Each core effectively has awareness of both the client and server sides of any connection, so both Continue reading

MapR Bulks Up Database for Modern Apps

MapR Technologies has been busy in recent years build out its capabilities as a data platform company that can support a broad range of open-source technologies, from Hadoop and Spark to Hive, and can reach from the data center through the edge and out into the cloud. At the center of its efforts is its Converged Data Platform, which comes with the MapR-FS Posix file system and includes enterprise-level database and storage that are designed to handle the emerging big data workloads.

At the Strata Data Conference in New York City Sept. 26, company officials are putting their focus

MapR Bulks Up Database for Modern Apps was written by Nicole Hemsoth at The Next Platform.

Geo Key Manager: How It Works

Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare. This feature builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism based on both identity-based encryption and broadcast encryption. In this post we’ll explain the technical details of this feature, the first of its kind in the industry, and how Cloudflare leveraged its existing network and technologies to build it.

Keys in different area codes

Cloudflare launched Keyless SSL three years ago to wide acclaim. With Keyless SSL, customers are able to take advantage of the full benefits of Cloudflare’s network while keeping their HTTPS private keys inside their own infrastructure. Keyless SSL has been popular with customers in industries with regulations around the control of access to private keys, such as the financial industry. Keyless SSL adoption has been slower outside these regulated industries, partly because it requires customers to run custom software (the key server) inside their infrastructure.

Standard Configuration

Standard Configuration

Keyless SSL

Keyless SSL

One of the motivating use cases for Keyless SSL was the expectation that customers may not trust a third party like Cloudflare with their Continue reading

Introducing the Cloudflare Geo Key Manager

Introducing the Cloudflare Geo Key Manager

Introducing the Cloudflare Geo Key Manager

Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors. The widely accepted solution to this problem is to use the SSL/TLS protocol to establish an encrypted HTTPS session, over which secure requests can then be sent. Eavesdropping is protected against as only those who have access to the “private key” can legitimately identify themselves to browsers and decrypt encrypted requests.

Today, more than half of all traffic on the web uses HTTPS—but this was not always the case. In the early days of SSL, the protocol was viewed as slow as each encrypted request required two round trips between the user’s browser and web server. Companies like Cloudflare solved this problem by putting web servers close to end users and utilizing session resumption to eliminate those round trips for all but the very first request.

Expanding footprint meets geopolitical concerns

As Internet adoption grew around the world, with companies increasingly serving global and more remote audiences, providers like Cloudflare had to continue expanding their physical footprint to keep up with demand. As of the date this blog post was published, Cloudflare has data centers in over 55 countries, and we continue Continue reading

IDG Contributor Network: How will you connect AWS, Azure, and Google Cloud to your SD-WAN?

I’ve been spending a lot of time the past few weeks reviewing SD-WAN vendor cloud offerings. Maybe it’s because of some the announcements in the area. It triggered a bunch of questions from my customers. Maybe it’s because a lot of folks seem to be waking up to the importance of connecting their SD-WAN into the cloud.Regardless, what’s become increasingly apparent to me are the vast differences between vendor implementations. At first glance, the cloud would seem to be just like any other site. Add an SD-WAN node as you would with any other location, let it connect into the SD-WAN, and voila! Job done. Oh, how I wish it was that simple.SD-WAN cloud configurations are like that sweet, devilish 5-year old who can terrorize your home while looking delightfully cherubic. Different tools are needed to manage cloud implementations than the cloud. Routing into the IaaS cloud is rarely simple. Properly configuring the cloud—setting up the VPCs, installing the SD-WAN nodes, provisioning the IPsec connectivity—all take time. It’s why SD-WAN vendors have made a point of introducing cloud-specific implementations.To read this article in full or to leave a comment, please click here

Up next: Disposable IoT

What if every package shipped contained a $0.20 tracker chip that could report when and approximately where the package was opened?That's a service that internet-of-things wireless network operator Sigfox thinks its partners could offer over the next year.It demonstrated a prototype wireless module contained in a cardboard envelope at its partner meeting in Prague on Tuesday, triggering the sending of a text message when the envelope was opened.Ripping open the envelope, Sigfox scientific director Christophe Fourtet showed off what he described as "an ultra-thin battery, ultra-thin contacts, and an ultra-low cost module, a few tens of cents." Seconds later, his phone buzzed to report delivery of the package.To read this article in full or to leave a comment, please click here

Up next: Disposable IoT

What if every package shipped contained a $0.20 tracker chip that could report when and approximately where the package was opened?That's a service that internet-of-things wireless network operator Sigfox thinks its partners could offer over the next year.It demonstrated a prototype wireless module contained in a cardboard envelope at its partner meeting in Prague on Tuesday, triggering the sending of a text message when the envelope was opened.Ripping open the envelope, Sigfox scientific director Christophe Fourtet showed off what he described as "an ultra-thin battery, ultra-thin contacts, and an ultra-low cost module, a few tens of cents." Seconds later, his phone buzzed to report delivery of the package.To read this article in full or to leave a comment, please click here

Managing users on Linux systems

Your Linux users may not be raging bulls, but keeping them happy is always a challenge as it involves managing their accounts, monitoring their access rights, tracking down the solutions to problems they run into, and keeping them informed about important changes on the systems they use. Here are some of the tasks and tools that make the job a little easier.Configuring accounts Adding and removing accounts is the easier part of managing users, but there are still a lot of options to consider. Whether you use a desktop tool or go with command line options, the process is largely automated. You can set up a new user with a command as simple as adduser jdoe and a number of things will happen. John’s account will be created using the next available UID and likely populated with a number of files that help to configure his account. When you run the adduser command with a single argument (the new username), it will prompt for some additional information and explain what it is doing.To read this article in full or to leave a comment, please click here

BrandPost: When It Comes To SD-WANs, WAN Optimization Should Be A No-Brainer

As someone who has been following enterprise WAN architectures for decades, I find their evolution fascinating, especially the number of new technologies that have been deployed in isolation. For example, WAN optimization and SD-WANs are often discussed as separate solutions.  From my perspective, I can’t fathom why a business would deploy an SD-WAN and not implement WAN optimization as part of it.  If you’re going to go through the work of modernizing your WAN architecture, then why wouldn’t you integrate optimization technologies into your deployment right from the start?To read this article in full or to leave a comment, please click here

ANSIBLE + MICROSOFT AZURE NEWS

Ansible + Azure

The Azure and Ansible teams are collaborating on several interesting projects that we want to share. And if you joined us for AnsibleFest San Francisco earlier this month, you met both teams and heard some of the news. More on that below.

MS Ignite 2017

If you use Ansible to manage Azure and Windows environments, then hopefully you can join us at Microsoft Ignite this week in Orlando.

Ansible’s Matt Davis will co-present with Microsoft’s Hari Jayaraman, to discuss popular DevOps tools customers use to implement infrastructure as code processes in Azure. And the Ansible team will be in the Red Hat booth (#527) to demo automating Azure environments or any other questions you may have. 

Session Info:

Infrastructure as Code

Friday, September 29

10:15 AM - 11:00 AM

Hyatt Regency Windermere W

New Azure Modules in 2.4

One of the many announcements at AnsibleFest included the 16 new Azure modules contributed by the Azure team. The focus of the team was to cover the base use cases for Ansible users running workloads at scale in Azure.

New modules were added to manage Azure services:

  • Availability sets
  • Scale sets
  • Authentication (ACS)
  • Functions
  • DNS
  • Load Balancer
  • Managed Disks

Continue reading

Celebrating 25 Years of Advocacy

It’s been a week of jubilation: The Internet Society celebrated 25 years of advocacy for an open, globally-connected, and secure Internet with events that crisscrossed the globe. The festivities kicked off at the University of California Los Angeles campus where in 1969 the first message was sent over ARPANET – the Internet’s predecessor.

On 18 September, the 25 Under 25 award ceremony honored young people around the world for their extraordinary work. Born in the age of the Internet, these everyday heroes are passionate about using it to make a positive impact on their communities. Their projects include connecting people with disabilities to employment opportunities, using AI to identify fake news, and humanizing issues affecting refugees and the LGBT community.

Learn more about the 25 Under 25 awardees

Watch the 25 Under 25 Award Ceremony

Just a few hours later, the 2017 Internet Society Global Internet Report: Paths to Our Digital Future was launched. The interactive report, the result of in-depth interviews, roundtables, and surveys conducted in 160 countries and 21 regions around the world, offers a glimpse into how the future of the Internet might impact humanity. The report encourages you to explore paths to our digital future, asks thought-provoking Continue reading

BrandPost: Find the Path to Networking Nirvana

Almost all enterprise-class organizations are sitting atop a pile of existing network infrastructure, dealing with the headaches of a complex hardware lifecycle. Many would like to find a smooth path to a virtual networking future in which hardware is no longer a barrier to change, but instead a gateway to flexible network options. Ask enterprise IT decision makers these days to select from a menu of connectivity options and odds are the top choice will be an “All of the above” response. They want bandwidth on demand, a manageable number of connectivity options to suit a distributed workforce, scalability, and the lowest cost. That networking nirvana may not be as far in the future as you once thought.To read this article in full or to leave a comment, please click here

At Ignite, Microsoft extends hybrid cloud beyond just infrastructure

For years Microsoft has talked about, previewed and at some times delayed the release of its Azure Stack hybrid cloud computing platform.But this week at its Ignite conference in Orlando Microsoft announced that Azure Stack is now shipping to customers, and in doing so the company is pitching its hybrid cloud platform as being about more than just connecting customer data centers to the public cloud.+MORE AT NETWORK WORLD: Azure Stack: Microsoft’s private-cloud platform and what IT pros need to know about it +To read this article in full or to leave a comment, please click here

Exciting new things for Docker with Windows Server 1709

What a difference a year makes… last September, Microsoft and Docker launched Docker Enterprise Edition (EE), a Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructures, for Windows Server 2016. Since then we’ve continued to work together and Windows Server 1709 contains several enhancements for Docker customers.

Docker Enterprise Edition Preview

To experiment with the new Docker and Windows features, a preview build of Docker is required. Here’s how to install it on Windows Server 1709 (this will also work on Insider builds):

Install-Module DockerProvider
Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview

To run Docker Windows containers in production on any Windows Server version, please stick to Docker EE 17.06.

Docker Linux Containers on Windows

A key focus of Windows Server version 1709 is support for Linux containers on Windows. We’ve already blogged about how we’re supporting Linux containers on Windows with the LinuxKit project.

To try Linux Containers on Windows Server 1709, install the preview Docker package and enable the feature. The preview Docker EE package includes a full LinuxKit system (all 13MB of it) for use when running Docker Linux containers.

[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine")
Restart-Service Docker

To disable, just remove the environment variable:

[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED",  Continue reading

Yes to databases in containers – Microsoft SQL Server available on Docker Store

Microsoft SQL Server 2017 is now available for the first time on multiple platforms: Windows, Linux and Docker. Your databases can be in containers with no lengthy setup and no prerequisites, and using Docker Enterprise Edition (EE) to modernize your database delivery. The speed and efficiency benefits of Docker and containerizing apps that IT Pros and developers have been enjoying for years are now available to DBAs.

 

Try the Docker SQL Server lab now and see how database containers start in seconds, and how you can package your own schemas as Docker images.

 

If you’ve ever sat through a SQL Server install, you know why this is a big deal: SQL Server takes a while to set up, and running multiple independent SQL Server instances on the same host is not simple. This complicates maintaining dev, test and CI/CD systems where tests and experiments might break the SQL Server instance.

With SQL Server in Docker containers, all that changes. Getting SQL Server is as simple as running `docker image pull`, and you can start as many instances on a host as you want, each of them fresh and clean, and tear them back down when you’re done.

Database engines Continue reading

1 1,927 1,928 1,929 1,930 1,931 3,878