SDxCentral Weekly News Roundup — August 12, 2016
The Broadband Forum brings NFV into the home.
Quiz #25 – Troubleshooting IPsec Authentication Headers (AH)
Your company has an IPsec tunnel with another company for achieving network connectivity between servers in 10.10.10.0/24 on your side to 10.20.20.0/24 on theirs. Lately they complained that their equipment has problems dealing with ESP and requested to migrate this existing IPsec tunnel from Encapsulating Security Payloads (ESP) to Authentication Headers (AH), since encryption/confidentiality was never a requirement for this tunnel. What could go wrong ?
Docker Weekly | Roundup
This week, we’re taking a look at how to quickly create a Docker swarm cluster, setup a mail forwarder on Docker, and better understand the new Docker 1.12.0 load-balancing feature. As we begin a new week, let’s recap our top 5 most-read stories for the week of August 7, 2016:
Worth Reading: Email optimization
The post Worth Reading: Email optimization appeared first on 'net work.
The telecom money pit: How to use audits to find significant discrepancies and big savings
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Analysts estimate that 10% to 20% of telecom charges are billed in error, and the financial impact can range from a few dollars to tens of thousands of dollars a month.
On any given monthly statement the items being over-billed run the gamut of services delivered by the provider, and can include charges for invalid circuits, billing disputes, contractual issues, fraudulent charges, set-up fees and improper rates. These charges can appear on the invoice or can be buried within the bundled services comprising monthly recurring charges.
To read this article in full or to leave a comment, please click here
Do you trust your cloud provider? Addressing these questions will help put you at ease
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
Finding a cloud provider you can trust has become a major responsibility. Cloud providers come in all shapes and sizes—from global organizations delivering a range of services to small shops specializing in a limited number of capabilities. To normalize the differences you need to ask consistent questions about key issues.
Security should be at or near the very top of your list, with their answers providing the transparency which will help build trust. An essential first step is to avoid making assumptions on what security is and isn’t with respect to a provider. Every provider is different, with different rules, service-level agreements (SLAs), and terms and conditions. Make sure you thoroughly understand what each service provider commits to you, the customer.
To read this article in full or to leave a comment, please click here
Auto Renew Let’s Encrypt Certificates
I’m a big fan of Let’s Encrypt (free, widely trusted SSL certificates) but not a big fan of most of the client software available for requesting and renewing certificates. Unlike a typical certificate authority, Let’s Encrypt doesn’t have a webui for requesting/renewing certs; everything is driven via an automated process that is run between a Let’s Encrypt software client and the Let’s Encrypt web service.
Since the protocols that Let’s Encrypt uses are standards-based, there are many open source clients available. Being security conscious, I have a few concerns with most of the clients:
- Complication. Many of the clients are hundreds of lines long and unnecessarily complicated. This makes the code really hard to audit and since this code is playing with my crypto key material, I do want to audit it.
- Elevated privilege. At least one of the clients I saw required root permission. That’s a non starter.
I can’t remember how, but I discovered a very clean, very simple client called acme-tiny at github.com/diafygi/acme-tiny. This script was obviously written by someone who shares the same concerns as I do and I highly recommend it to others.
I used acme-tiny to request my initial certificates — and it Continue reading
10 key considerations when building a private cloud
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
A private cloud enables enterprises to secure and control applications and data while providing the ability for development teams to deliver business value faster and in a frictionless manner. But while building a private cloud can transform IT, it can also be an expensive science experiment without careful planning and preparation. Here are ten considerations that will help ensure success.
1. Involve the stakeholders. Private clouds are not purely an IT project. The various business units that will be the actual users should be involved in figuring out the specifications and deliverables. A cloud changes the transactional relationship between IT and business. Both sides have to be engaged in figuring out and accepting how that relationship changes with a private cloud.
To read this article in full or to leave a comment, please click here
SD-WAN takes advantage of the 100x MPLS/Internet price gap
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Everyone is generally aware that MPLS is expensive compared to Internet connectivity (check out “Why MPLS is so expensive”), but are you aware exactly how enormous the difference is? Even with MPLS prices coming down, the precipitous drop in Internet prices has made the gap larger.
A few years ago MPLS typically cost $300-$600 per Mbps per month for the copper connectivity (i.e. n x T1/E1) typically deployed at all but the largest enterprise locations, while today in most of North America and much of Europe a more typical range is $100 - $300 per Mbps per month.
To read this article in full or to leave a comment, please click here
