Don’t Let the Cybersecurity Trust Mark Become Like Food Labeling

I got several press releases this week talking about the newest program from the US Federal government for cybersecurity labeling. This program is something designed to help consumers understand how secure IoT devices are and the challenges that can be faced trying to keep your network secure from the large number of smart devices that are being implemented today. Consumer Reports has been pushing for something like this for a while and lauded the move with some caution. I’m going to take it a little further. We need to be very careful about this so it doesn’t become as worthless as the nutrition labels mandated by the government.

Absolute Units

Having labels is certainly better than not having them. Knowing how much sugar a sports drink has is way more helpful than when I was growing up and we had to guess. Knowing where to find that info on a package means I’m not having to go find it somewhere on the Internet1. However, all is not sunshine and roses. That’s because of the way that companies choose to fudge their numbers.

Food companies spent a lot of time trying to work the numbers on those nutrition labels for Continue reading

AI Is A Modest – But Important – Slice Of TSMC’s Business

Given the exorbitant demand for compute and networking for running Ai workloads and the dominance of Taiwan Semiconductor Manufacturing Co in making the compute engine chips and providing the complex packaging for them, you would think that the world’s largest foundry would be making money hands over fist in the second quarter.

The post AI Is A Modest – But Important – Slice Of TSMC’s Business first appeared on The Next Platform.

AI Is A Modest – But Important – Slice Of TSMC’s Business was written by Timothy Prickett Morgan at The Next Platform.

Hedge 187: Buffer Bloat with Bjørn T

Buffer bloat causes permanent delay at multiple points along the path between a server and client—but it is hard to measure and resolve. Bjørn Teigen joins Tom and Russ on this episode of the Hedge to discuss the problem, solutions based in routers, and research into how to solve the problem at the host. You can find Bjørn’s recent paper in this area here, and he blogs here.

download

Migration Coordinator – In Place Migration Modes

In the first part of this blog series, we took a high level view of all the modes that are available with Migration Coordinator, a fully GSS supported tool built into NSX that enables migrating from NSX from vSphere to NSX (NSX-T).

The second blog in this series, will take a closer look at the available options for in-place migrations, along with the pros and cons of each approach.

NSX for vSphere: Fixed Topology

This mode was the very first mode introduced with migration coordinator in the NSX 2.4 release. This mode supports migrating configuration and workloads to NSX, using the same hosts that are running NSX for vSphere. It only needs extra capacity to run the NSX appliances such as the Managers and Edges.

Locating the mode: Marked in red below.

 

NSX Prep

  1. Installation: NSX manager and Edges
  2. Configuration: None

Pros:

  1. Workload Migration: Built in
  2. Bridging: Built in

Cons:

  1. Customization options: None
  2. Timing workload migration: No control
  3. Supported topologies: Only 5

Distributed Firewall, Host and Workload

This mode is useful when the requirement is to migrate only Distributed Firewall configuration.

Locating the mode

This mode is under the “Advanced Migration Modes” marked in red below.

NSX Prep:

  1. Continue reading

Cisco, Arista, HPE, Intel lead consortium to supersize Ethernet for AI infrastructures

AI workloads are expected to put unprecedented performance and capacity demands on networks, and a handful of networking vendors have teamed up to enhance today’s Ethernet technology in order to handle the scale and speed required by AI.AMD, Arista, Broadcom, Cisco, Eviden, HPE, Intel, Meta and Microsoft announced the Ultra Ethernet Consortium (UEC), a group hosted by the Linux Foundation that’s working to develop physical, link, transport and software layer Ethernet advances.The industry celebrated Ethernet’s 50th anniversary this year. The hallmark of Ethernet has been its flexibility and adaptability, and the venerable technology will undoubtedly play a critical role when it comes to supporting AI infrastructures. But there are concerns that today’s traditional network interconnects cannot provide the required performance, scale and bandwidth to keep up with AI demands, and the consortium aims to address those concerns.To read this article in full, please click here

Optimizing Network Performance using Topology Aware Routing with Calico eBPF and Standard Linux dataplane

In this blog post, we will explore the concept of Kubernetes topology aware routing and how it can enhance network performance for workloads running in Amazon. We will delve into topology aware routing and discuss its benefits in terms of reducing latency and optimizing network traffic flow. In addition, we’ll show you how to minimize the performance impact of overlay networking, using encapsulation only when necessary for communication across availability zones. By doing so, we can enhance network performance by optimizing the utilization of resources based on network topology.

Understanding Topology Aware Routing

Kubernetes clusters are being deployed more often in multi-zone environments. The nodes that make up the cluster are spread across availability zones. If one availability zone is having problems, the nodes in the other availability zones will keep working, and your cluster will continue to provide service for your customers. While this helps to ensure high availability, it also results in increased latency for inter-zone workload communication and can result in inter-zone data transfer costs.

Under normal circumstances, when traffic is directed to a Kubernetes Service, it evenly distributes requests among the pods that support it. Those pods can be spread across nodes in different zones. Topology Continue reading

Ethernet Consortium Shoots For 1 Million Node Clusters That Beat InfiniBand

Here we go again. Some big hyperscalers and cloud builders and their ASIC and switch suppliers are unhappy about Ethernet, and rather than wait for the IEEE to address issues, they are taking matters in their own hands to create what will ultimately become an IEEE standard that moves Ethernet forward in a direction and speed of their choosing.

The post Ethernet Consortium Shoots For 1 Million Node Clusters That Beat InfiniBand first appeared on The Next Platform.

Ethernet Consortium Shoots For 1 Million Node Clusters That Beat InfiniBand was written by Timothy Prickett Morgan at The Next Platform.

Protecting data on Apple devices with Cloudflare and Jamf

Protecting data on Apple devices with Cloudflare and Jamf
Protecting data on Apple devices with Cloudflare and Jamf

Today we’re excited to announce Cloudflare’s partnership with Jamf to extend Cloudflare’s Zero Trust Solutions to Jamf customers. This unique offering will enable Jamf customers to easily implement network Data Loss Prevention (DLP), Remote Browser Isolation (RBI), and SaaS Tenancy Controls from Cloudflare to prevent sensitive data loss from their Apple devices.

Jamf is a leader in protecting Apple devices and ensures secure, consumer-simple technology for 71,000+ businesses, schools and hospitals. Today Jamf manages ~30 million Apple devices with MDM, and our partnership extends powerful policy capabilities into the network.

“One of the most unforgettable lines I’ve heard from an enterprise customer is their belief that ‘Apple devices are like walking USB sticks that leave through the business’s front door every day.’ It doesn’t have to be that way! We are on a mission at Jamf to help our customers achieve the security and compliance controls they need to confidently support Apple devices at scale in their complex environments. While we are doing everything we can to reach this future, we can’t do it alone. I’m thrilled to be partnering with Cloudflare to deliver a set of enterprise-grade compliance controls in a novel way that leverages our Continue reading

Worth Reading: Eyes Like Saucers

Gerben Wierda published a nice description of common reactions to new unicorn-dust-based technologies:

  • Eyes that glaze over
  • Eyes like saucers
  • Eyes that narrow

He uses generative AI as an example to explain why it might be a bad idea that people in the first two categories make strategic decisions, but of course nothing ever stops people desperately believing in vendor fairy tales, including long-distance vMotion, SDN or intent-based networking.

Worth Reading: Eyes Like Saucers

Gerben Wierda published a nice description of common reactions to new unicorn-dust-based technologies:

  • Eyes that glaze over
  • Eyes like saucers
  • Eyes that narrow

He uses generative AI as an example to explain why it might be a bad idea that people in the first two categories make strategic decisions, but of course nothing ever stops people desperately believing in vendor fairy tales, including long-distance vMotion, SDN or intent-based networking.

EnGenius to release Wi-Fi 7 access point for the enterprise

Enterprise networking hardware vendor EnGenuis will release one of the first Wi-Fi 7-enabled access points for business use, the company announced this week.The ECW536 uses the Qualcomm Networking Pro 1220 chipset, and features a 4x4x4 antenna configuration. It’s got two 10Gb ethernet ports, and boasts several security enhancements, including business-class encryption protocols, RADIUS and isolated guest access.The main draw, however, is Wi-Fi 7 connectivity. Wi-Fi 7, also known as 802.11be, is the latest and greatest Wi-Fi specification, although official certification from the IEEE isn’t expected to start until the second half of 2024. The key upgrades in Wi-Fi 7 include wider channels (up to 320MHz), 4K quadrature amplitude modulation rather than 1K, and muiltilink operation, which uses multiple radio bands at the same time to serve one connection. All that adds up to a substantially increased theoretical throughput peak, at 46Gbps.To read this article in full, please click here

EnGenius to release Wi-Fi 7 router for the enterprise

Enterprise networking hardware vendor EnGenuis will release one of the first Wi-Fi 7-enabled routers for business use, the company announced this week.The ECW536 uses the Qualcomm Networking Pro 1220 chipset, and features a 4x4x4 antenna configuration. It’s got two 10Gb ethernet ports, and boasts several security enhancements, including business-class encryption protocols, RADIUS and isolated guest access.The main draw, however, is Wi-Fi 7 connectivity. Wi-Fi 7, also known as 802.11be, is the latest and greatest Wi-Fi specification, although official certification from the IEEE isn’t expected to start until the second half of 2024. The key upgrades in Wi-Fi 7 include wider channels (up to 320MHz), 4K quadrature amplitude modulation rather than 1K, and muiltilink operation, which uses multiple radio bands at the same time to serve one connection. All that adds up to a substantially increased theoretical throughput peak, at 46Gbps.To read this article in full, please click here

Assigning sudo privilege to users on Linux

The sudo command is a very important command on Linux systems. You might say that it allows users to run privileged commands without logging in as root, and that is true. However, the more important point is that it allows individuals to manage Linux systems – adding accounts, running updates, installing applications and backing up the system – without requiring these things be done using the root account. This is consistent with the policy that says root privilege should only be used as needed and that no one should simply log in as root and run all of their commands. Doing routine work using the root account is considered dangerous because any typos or commands run in the wrong location can have very serious consequences.To read this article in full, please click here

Assigning sudo privilege to users on Linux

The sudo command is a very important command on Linux systems. You might say that it allows users to run privileged commands without logging in as root, and that is true. However, the more important point is that it allows individuals to manage Linux systems – adding accounts, running updates, installing applications and backing up the system – without requiring these things be done using the root account. This is consistent with the policy that says root privilege should only be used as needed and that no one should simply log in as root and run all of their commands. Doing routine work using the root account is considered dangerous because any typos or commands run in the wrong location can have very serious consequences.To read this article in full, please click here

UK competition agency provisionally OKs Broadcom’s $6B VMware acquisition

The UK’s Competition Market Authority (CMA) has provisionally cleared Broadcom’s proposed acquisition of VMWare, paving the way for the $61 billion deal to go ahead.In November 2022, the CMA announced it was launching an in-depth investigation into the proposed deal, looking into whether the proposed merger “may be expected to result in a substantial lessening of competition within any market or markets in the United Kingdom for goods or services.”In particular, the CMA was concerned that the deal could harm the ability of Broadcom’s rivals to compete with VMware’s server virtualisation software, and if there would be a potential financial benefit to Broadcom and VMware if they were to make rival products work less well with VMware’s softwareTo read this article in full, please click here

1 207 208 209 210 211 3,788