Why Five Nines of Service Availability Matters for SASE

The following sponsored blog post was written by Anupam Upadhyaya at Palo Alto Networks. We thank Palo Alto Networks for being a sponsor. Prisma Access, the cloud-delivered security service from Palo Alto Networks, delivers an industry-leading 99.999% uptime SLA A question that is often asked in the industry is “Do we really need 99.999% uptime […]

The post Why Five Nines of Service Availability Matters for SASE appeared first on Packet Pushers.

Using Calico Egress gateway and access controls to secure traffic

As more organizations embrace containerization and adopt Kubernetes, they reap the benefits of platform scalability, application portability, and optimized infrastructure utilization. However, with this shift comes a new set of security challenges related to enabling connectivity for applications in heterogeneous environments.

In this blog post, we’ll explore a real-life scenario of security exposure resulting from egress traffic leaving the Kubernetes cluster. We’ll examine how the Calico Egress Gateway can help mitigate these issues by providing robust access control. By using Calico Egress Gateway, enterprises can secure communication from their Kubernetes workloads to the internet, 3rd party applications and networks while maintaining a high level of security.

The Calico Egress Gateway enforces security policies to regulate traffic flowing out of the Kubernetes cluster, providing granular control over egress traffic. This ensures that only authorized traffic is allowed to leave the cluster, mitigating the risks associated with unauthorized outbound traffic.

Egress security challenges

For enterprises developing cloud-native applications with containers and Kubernetes, a frequent requirement is to connect to a database server hosted either on-prem or in the cloud, which is safeguarded by a network-based firewall. Since workloads with Kubernetes are dynamic without a fixed IP address, enabling such connectivity from workloads Continue reading

IBM offers bare metal LinuxONE instances through the cloud

IBM is now offering bare metal instances in the cloud powered by its LinuxONE hardware with a pitch that enterprises can consolidate workloads and reduce energy consumption compared to x86 servers under similar conditions.The LinuxONE servers feature the Telum processor that IBM uses in its z16 mainframe, but they're designed to run multiple flavors of enterprise Linux rather than the mainframe z/OS.IBM shipped the fourth generation of its LinuxONE product line last September, dubbed LinuxONE Emperor, promising both scale-out and scale-up performance and requiring a lot less hardware than standard x86 servers. More recently, it introduced LinuxONE Rockhopper, a smaller-scale system for more modest deployments.To read this article in full, please click here

IBM offers bare metal LinuxONE instances through the cloud

IBM is now offering bare metal instances in the cloud powered by its LinuxONE hardware with a pitch that enterprises can consolidate workloads and reduce energy consumption compared to x86 servers under similar conditions.The LinuxONE servers feature the Telum processor that IBM uses in its z16 mainframe, but they're designed to run multiple flavors of enterprise Linux rather than the mainframe z/OS.IBM shipped the fourth generation of its LinuxONE product line last September, dubbed LinuxONE Emperor, promising both scale-out and scale-up performance and requiring a lot less hardware than standard x86 servers. More recently, it introduced LinuxONE Rockhopper, a smaller-scale system for more modest deployments.To read this article in full, please click here

Kubernetes Unpacked 024: Day Zero Kubernetes With Kristina Devochko

In this episode, Michael catches up with Kristina Devochko, a Senior Software Architect to talk about Day Zero Kubernetes. Originally, Michael thought that it would be similar to Day One and Day Two Ops, but Day Zero is drastically different. Kristina and Michael discuss what engineers need to know to get the job done, how to think about planning Kubernetes architecture, and overall security best practices for what’s needed in Day Zero.

Kubernetes Unpacked 024: Day Zero Kubernetes With Kristina Devochko

In this episode, Michael catches up with Kristina Devochko, a Senior Software Architect to talk about Day Zero Kubernetes. Originally, Michael thought that it would be similar to Day One and Day Two Ops, but Day Zero is drastically different. Kristina and Michael discuss what engineers need to know to get the job done, how to think about planning Kubernetes architecture, and overall security best practices for what’s needed in Day Zero.

The post Kubernetes Unpacked 024: Day Zero Kubernetes With Kristina Devochko appeared first on Packet Pushers.

Mastodon Needs More Brand Support

As much as I want to move over to Mastodon full time, there’s one thing I feel that is massively holding it back. Yes, you can laud the big things about federations and freedom as much as you want. However, one thing I’ve seen hanging out in the fringes of the Fediverse that will ultimately hold Mastodon back is the hostility toward brands.

Welcoming The Crowd

If you’re already up in arms because of that opening, ask yourself why. What is it about a brand that has you upset? Don’t they have the same right to share on the platform as the rest of us? I will admit that not every person on Mastodon has this outward hostility toward companies. However I can also sense this feeling that brands don’t belong.

It reminds me a lot of the thinly veiled distaste for companies that some Linux proponents have. The “get your dirty binary drivers out of my pristine kernel” crowd. The ones that want the brands to bend to their will and only do things the way they want. If you can’t provide us the drivers and software for free with full code support for us to hack as much Continue reading

Bosch to acquire TSI Semiconductor, invest $1.5 B post acquisition

German engineering and technology firm Bosch has announced its intent to acquire US-based chipmaker TSI Semiconductors and invest $1.5 billion over the next few years to tap the rising demand for chips globally, especially in the automotive and electronics sector.“With the acquisition of TSI Semiconductors, we are establishing manufacturing capacity for silicon carbide (SiC) chips in an important sales market while also increasing our semiconductor manufacturing, globally,” Stefan Hartung, chairman of the Bosch board of management, said in a statement.Neither of the companies disclosed the cost of acquisition or the terms.Silicon carbide semiconductors can operate at higher temperatures, voltages, and frequencies compared to other semiconductors, making them more efficient for use across solar-powered devices, electric vehicles, aerospace applications, and other applications such as 5G.To read this article in full, please click here

Why Is OSPF (and BGP) More Complex than STP?

I got this question from one of my readers:

Why are OSPF and BGP are more complex than STP from a designer or administrator point of view? I tried everything to come to a conclusion but I couldn’t find a concluded answer, ChatGPT gave a circular loop answer.

There are numerous reasons why a protocol, a technology or a solution might be more complex than another seemingly similar one (or as Russ White would have said, “if you haven’t found the tradeoffs, you haven’t looked hard enough”):

Read more …

Why Is OSPF (and BGP) More Complex than STP?

I got this question from one of my readers:

Why are OSPF and BGP are more complex than STP from a designer or administrator point of view? I tried everything to come to a conclusion but I couldn’t find a concluded answer, ChatGPT gave a circular loop answer.

There are numerous reasons why a protocol, a technology or a solution might be more complex than another seemingly similar one (or as Russ White would have said, “if you haven’t found the tradeoffs, you haven’t looked hard enough"):

Read more …

Your decommissioned routers could be a security disaster

Here's bad news: It's easy to buy used enterprise routers that haven’t been decommissioned properly and that still contain data about the organizations they were once connected to, including IPsec credentials, application lists, and cryptographic keys.“This leaves critical and sensitive configuration data from the original owner or operatoraccessible to the purchaser and open to abuse,” according to a white paper by Cameron Camp, security researcher, and Tony Anscombe, chief security evangelist, for security firm Eset (See: Discarded, not destroyed: Old routers reveal corporate secrets).To read this article in full, please click here

Your decommissioned routers could be a security disaster

Here's bad news: It's easy to buy used enterprise routers that haven’t been decommissioned properly and that still contain data about the organizations they were once connected to, including IPsec credentials, application lists, and cryptographic keys.“This leaves critical and sensitive configuration data from the original owner or operatoraccessible to the purchaser and open to abuse,” according to a white paper by Cameron Camp, security researcher, and Tony Anscombe, chief security evangelist, for security firm Eset (See: Discarded, not destroyed: Old routers reveal corporate secrets).To read this article in full, please click here

Keeping Large Language Models From Running Off The Rails

The heady, exciting days of ChatGPT and other generative AI and large-language models (LLMs) is beginning to give way to the understanding that enterprises will need to get a tight grasp on how these models are being used in their operations or they will risk privacy, security, legal, and other problems down the road.

Keeping Large Language Models From Running Off The Rails was written by Jeffrey Burt at The Next Platform.

Calico’s 3.26.0 update unlocks high density vertical scaling in Kubernetes

Kubernetes is a highly popular and widely used container orchestration platform designed to deploy and manage containerized applications at a scale, with strong horizontal scaling capabilities that can support up to 5,000 nodes; the only limit in adding nodes to your cluster is your budget. However, its vertical scaling is restricted by its default configurations, with a cap of 110 pods per node. To maximize the use of hardware resources and minimize the need for costly horizontal scaling, users can adjust the kubelet maximum pod configuration to increase this limit allowing more pods to run concurrently on a single node.

To avoid network performance issues and achieve efficient horizontal scaling in a Kubernetes cluster that is tasked to run a large number of pods, high-speed links and switches are essential. A reliable and flexible Software Defined Networking (SDN) solution, such as Calico, is also important for managing network traffic efficiently. Calico has been tested and proven by numerous companies for horizontal scaling, but in this post, we will discuss recent improvements made to help vertical scaling of containerized applications to just work.

For example, the following chart illustrates the efficiency achieved with the improvements of vertical scaling in Calico 3. Continue reading

1 257 258 259 260 261 3,791