Book Review: Model-Driven DevOps

Earlier this month at Cisco Live in Las Vegas, I attended a presentation by Steven Carter and Jason King titled Model-Driven DevOps: The Enterprise Automation Framework You've Been Looking For! They discussed the importance of robustly modeling your network data — a quality very dear to me, as you might expect — and having a clear strategy for automating changes, and shared an example automation architecture for reference. It was a refreshing take on introducing network engineers to DevOps methodologies, and the first time I've seen anyone clearly map software development practices to network automation.

Interested to dive deeper into the material than a 45-minute session would allow, I was pleased to learn that their talk derived from a book of the same name that they co-authored. Coupled with the lingering geeky high from Cisco Live, it made for an excellent read on the flight back home.

cover.jpg

The book's content is broken into seven easily digestible chapters, each dedicated to a particular step along a path toward network automation:

  • Chapter 1: A Lightbulb Goes Off
  • Chapter 2: A Better Way
  • Chapter 3: Consumable Infrastructure
  • Chapter 4: Infrastructure as Code
  • Chapter 5: Continuous Integration/Continuous Deployment
  • Chapter 6: Implementation
  • Chapter 7: Human Continue reading

Hasura Launches New Data Network for APIs Only

Data networks are generally used for file sharing, application operations or internet access, but what about a network strictly for distributing application programming interfaces? After all, an API is pretty esoteric, given that it is not standard data but a set of rules that define how two pieces of software can interact with each other. Well, that out-of-the-ordinary system now exists, and it’s designed to do a ton of heavy lifting behind the scenes that developers will appreciate. Bangalore- and San Francisco-based Hasura DDN, a new edge network using Graph Query Language and designed for transporting real-time, streaming and analytical data. It enables developers to run low-latency/high-performance data APIs at a global scale, with no additional effort and no additional fees, according to the company. Hasura CEO and co-founder

Cisco firewall upgrade boosts visibility into encrypted traffic

The software that runs Cisco’s new Firewall 4200 Series now includes the ability to see into encrypted traffic without decrypting it, which the vendor says will allow enterprise customers to better protect hybrid and multicloud applications.The enhanced Cisco Encrypted Visibility Engine (EVE) is part of the 7.4 version of the Secure Firewall operating system. Version 7.4 also includes zero-trust capabilities and improved application access control. The 4200 Series’ operating system also helps improve overall firewall performance – it’s twice as fast as previous high-end Cisco firewalls, the company says.EVE, which has been available since version 7.2 of the software, takes things further than traditional firewalls because it now lets customers detect the client application within an encrypted tunnel, according to Rick Miles, vice president of product management, cloud and network security in Cisco’s security business group.To read this article in full, please click here

Cisco firewall upgrade boosts visibility into encrypted traffic

The software that runs Cisco’s new Firewall 4200 Series now includes the ability to see into encrypted traffic without decrypting it, which the vendor says will allow enterprise customers to better protect hybrid and multicloud applications.The enhanced Cisco Encrypted Visibility Engine (EVE) is part of the 7.4 version of the Secure Firewall operating system. Version 7.4 also includes zero-trust capabilities and improved application access control. The 4200 Series’ operating system also helps improve overall firewall performance – it’s twice as fast as previous high-end Cisco firewalls, the company says.EVE, which has been available since version 7.2 of the software, takes things further than traditional firewalls because it now lets customers detect the client application within an encrypted tunnel, according to Rick Miles, vice president of product management, cloud and network security in Cisco’s security business group.To read this article in full, please click here

IPv6 Buzz 129: IPv6 Architecture And Subnetting With Daryll Swer

Today's IPv6 Buzz podcast gets into IPv6 architecture and subnetting including how geography fits into IPv6 subnetting, minimum allocation sizes from the RIR to end-users, whether current RIR policies will provide sufficient address space for a future-proof IPv6 architecture, and more. Our guest is Daryll Swer.

The post IPv6 Buzz 129: IPv6 Architecture And Subnetting With Daryll Swer appeared first on Packet Pushers.

How to use the new Constructed Inventory Feature in Ansible Automation Platform 2.4

The New Constructed Inventory Feature

In this blog we introduced the idea for a new smarter way of handling inventory based on the Ansible constructed plugin. Now in Ansible Automation Platform 2.4, we have introduced this as a fully supported feature and this blog aims to introduce you to it! 

Constructed inventory is the successor to the existing Smart Inventory feature, and  is now presented as another choice when creating an Inventory in Ansible Automation Platform controller. This will take a list of ‘normal’ inventories as input, perform user-defined operations, filter, and produce a resultant inventory with content from the input inventories.

 

What is Constructed Inventory?

The function is similar to the existing smart inventory - in that it allows users to run jobs against hosts in multiple inventories. 

Constructed inventory however introduces new capabilities, including the built in ability to define and use both hostvars and groupvars:

  • Groups are present in constructed inventory and play a key role in its configuration.
  • User-defined logic (to add groups, vars, and down-select hosts) is run via ansible-inventory, which controller does for you, and is shown in the UI through an inventory update.
  • The format of user-defined logic Continue reading

AI requirements exceed infrastructure capabilities for many IT teams, study finds

As adoption of artificial intelligence (AI) technology accelerates, IT organizations are concerned that their existing infrastructure isn’t powerful enough to keep up.AI hardware – especially training hardware – is becoming more and more power hungry, according to Equinix, which just released its 2023 Global Tech Trends Survey.The power draw from traditional racks in a data center is between 5 kW and 10 kW per rack. But, increasingly, newer generations of GPU-based racks are pushing power draws north of 30 kW per rack, and in some cases as high as 72 kW per rack, according to Kaladhar Voruganti, senior technologist at Equinix. “So, definitely, it's very hard to host this type of infrastructure in private data centers,” he said.To read this article in full, please click here

AI requirements exceed infrastructure capabilities for many IT teams, study finds

As adoption of artificial intelligence (AI) technology accelerates, IT organizations are concerned that their existing infrastructure isn’t powerful enough to keep up.AI hardware – especially training hardware – is becoming more and more power hungry, according to Equinix, which just released its 2023 Global Tech Trends Survey.The power draw from traditional racks in a data center is between 5 kW and 10 kW per rack. But, increasingly, newer generations of GPU-based racks are pushing power draws north of 30 kW per rack, and in some cases as high as 72 kW per rack, according to Kaladhar Voruganti, senior technologist at Equinix. “So, definitely, it's very hard to host this type of infrastructure in private data centers,” he said.To read this article in full, please click here

Recovery options: Copy-on write vs redirect-on-write snapshots

Snapshots are a very popular way to create virtual copies of an entire system in order to facilitate very quick (or even instant) recovery.  A properly designed snapshot-based recovery system can recover very large volumes in just minutes and can often do so to a point in time just minutes ago. In contrast, a typical restore of such size would likely take many hours and would typically lose at least a day’s worth of data.There are two distinct approaches when it comes to creating snapshots: copy-on-write and redirect-on-write. Let’s talk about the advantages and disadvantages associated with each method, as they will greatly determine the impact on system performance, and therefore your ability to keep snapshots for a long time.To read this article in full, please click here

Day Two Cloud 200: Coaching For Accidental (And On-Purpose) Managers

Going from a tech role to manager is more than just a new gig---it's a full-blown career change. On today's Day Two Cloud we talk with management coach Steve Dwire about a manager's primary responsibilities, what new managers usually get wrong, management education vs. experience, and how to get better at the job. This episode goes places we didn't expect, so come along for the ride.

Day Two Cloud 200: Coaching For Accidental (And On-Purpose) Managers

Going from a tech role to manager is more than just a new gig---it's a full-blown career change. On today's Day Two Cloud we talk with management coach Steve Dwire about a manager's primary responsibilities, what new managers usually get wrong, management education vs. experience, and how to get better at the job. This episode goes places we didn't expect, so come along for the ride.

The post Day Two Cloud 200: Coaching For Accidental (And On-Purpose) Managers appeared first on Packet Pushers.

Leveraging Calico flow logs for enhanced observability

In my previous blog post, I discussed how transitioning from legacy monolithic applications to microservices based applications running on Kubernetes brings a range of benefits, but that it also increases the application’s attack surface. I zoomed in on creating security policies to harden the distributed microservice application, but another key challenge this transition brings is observing and monitoring the workload communication and known and unknown security gaps.

In a more traditional application architecture, traffic will flow between tiers of an application and will usually traverse a firewall, and at that point, can be observed and actioned. In Kubernetes, the network architecture is much flatter, and thus creates a challenge for the more traditional means of observing flows in the cluster.

However since Calico is able to secure workloads on this flat network, it also means it can observe these traffic flows, too. In fact, Calico can report far more data about these flows over what a traditional 5-tuple firewall would, allowing DevOps and Security teams to make more informed decisions to effectively secure their applications.

Calico’s 52 data types

Traditional firewalls will report on five data types, or tuples, of a flow. Namely:

  1. The source IP address
  2. The destination Continue reading

Finding files on Linux in all sorts of ways

The Linux find command can locate files based on almost any criteria that you might need. This post describes the many criteria you can use to find what you’re looking for – even when you can’t remember what you named a file or when you last changed it or added content.Basic find syntax The basic syntax for the find command looks like this:$ find [starting location] [criteria] [options] [action to take] The starting location can be a directory name (e.g., /var/log), the current directory (.), your home directory whether you’re sitting in it or not (~), or a directory relative to your current position (e.g., ./bin). You can be as specific as you want when entering the starting location.To read this article in full, please click here

1 218 219 220 221 222 3,788