Operationalizing Micro-segmentation – NSX Securing “Anywhere” – Part III

hand-813525_1280Welcome to part 3 of the Micro-Segmentation Defined – NSX Securing “Anywhere” blog series. This installment covers how to operationalize NSX Micro-Segmentation. Be sure to check out Part 1 on the definition of micro-segmentation and Part 2 on securing physical workloads with NSX.

This blog covers the following topics:

  1. Micro-segmentation design patterns
  2. Determining appropriate security groups and policies
  3. Deploying micro-segmentation
  4. Application lifecycle management with vRealize Automation and NSX
  5. Day 2 operations for micro-segmentation

Micro-segmentation design patterns

Micro-segmentation can be implemented based on various design patterns reflecting specific requirements.  The NSX Distributed Firewall (DFW) can be used to provide controlled communication between workloads independent of their network connectivity. These workloads can, for example, all connect to a single VLAN. Distributed logical switches and routers can be leveraged to provide isolation or segmentation between different environments or application tiers, regardless of the underlying physical network, as well as many other benefits.  Furthermore, the NSX Edge Service Gateway (ESG) can provide additional functionality such as NAT or load balancing and the NSX Service Insertion framework enables partner services such as L7 firewalling, agent-less anti-virus or IPS/IDS applied to workloads that need additional security controls.

Picture1
Figure 1: Leveraging the DFW to provide Continue reading

Microservices Gone Wild – Tech Dive Part 3

Tech Dive - Microservices

In this third post in the series about microservices, I’ll finish building my main application so that I can demonstrate a microservices-based application in action, albeit for a very basic set of functions. This post may be a little go-heavy in places, but bear with it and I’ll get to the demo soon enough. It doesn’t really matter what language is being used; I just used go because it’s good practice for me.

Building The Main Application

As a reminder, the main application will need to accept two numbers on the command line then will need to multiply the two numbers and then square that product. The two mathematical functions (multiply and square) are now offered via a REST API, and each one has its own separate Docker container with apache/PHP to service those requests.

I have created hostnames for the two microservice containers (DNS is the only smart way to address a microservice, after all) and they are accessed as:

  • multiply.userv.myapp:5001
  • square.userv.myapp:5002

The API path is /api/ followed by the name of the function, multiply or square, and the values to feed to the function are supplied as the query string. Most APIs tend Continue reading

Yahoo abandons fight, sells internet business to Verizon for $4.8B

Ailing Yahoo is selling off its operating business for about $4.8 billion to Verizon Communications, in a cash deal that will reduce the storied tech firm to mainly holding its cash, stakes in Alibaba and Yahoo Japan and non-core patents.For Verizon, the acquisition will help it gain Yahoo’s 1 billion monthly active users, its internet properties and key applications like search and email, and its advertising systems. Verizon is not unfamiliar to the acquisition and integration of web companies after its 2015 acquisition of AOL for $4.4 billion, when it acquired similar assets.MORE ON NETWORK WORLD: 5 free Ethernet tools you should check out The transaction is expected to be completed by the first quarter of next year, subject to regulatory approvals, ending a long-drawn out bidding process for the company. After the transaction is closed, Yahoo will be integrated with AOL under Marni Walden, its executive vice president and president of the Product Innovation and New Businesses organization at Verizon, the communications company said Monday.To read this article in full or to leave a comment, please click here

A look at the new Verizon/Yahoo homepage

As press reports confirm Verizon’s long-anticipated acquisition of fallen Internet icon Yahoo, here’s a look at the Verizon-festooned Yahoo homepage that is already active.The URL is www.verizon.yahoo.com. Note the prominent Verizon logo, as well as links to Verizon FiOS and other Verizon services.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How IoT helps transplant surgeons track organ shipments

Transplanting organs is a matter of life and death. That’s why a donated organ has to be transported quickly and safely.There are more than 120,000 people on the United Network For Organ Sharing (UNOS) National Waiting List. Some patients have to wait up to five years for an organ donation. With so much at stake, how do you make sure a donated organ is transported safely to the recipient?Organ donation process The demand for donated organs greatly exceeds the supply, so patients are carefully screened before being added to the Organ Waiting List. The Health Resources & Services Administration (HRSA) defines the policies to be followed by the Organ Procurement and Transplantation Network (OPTN). Here is a simplified version of the protocol used to allocate donated organs:To read this article in full or to leave a comment, please click here

A Thirst For Petabyte Scale All-Flash Arrays

Some technology trends get their start among enterprises, some from hyperscalers or HPC organizations. With flash storage, it was small businesses and hyperscalers who, for their own reasons, got the market growing, drawing in engineering talent and venture capital to give us the plethora of options available on the market today. Now, the big customers are ready to take the plunge.

It is no coincidence, then, that Pure Storage has architected systems that scale to multiple petabytes of capacity to meet their needs. Large enterprises with pressing demands for scaling in terms of both performance and capacity need a different

A Thirst For Petabyte Scale All-Flash Arrays was written by Timothy Prickett Morgan at The Next Platform.

EVPN – the basics

A great EVPN overview and detailed walkthrough from a colleague of mine… Nice and clear.

PACKETS AND STUFF

So I decided to take a deep dive into eVPN, I’ll mostly be looking into VLAN-aware bundling, as per RFC 7432 – and mostly because I think this will fit more closely, with the types of deployments most of the customers are used to – good old IRB interfaces and bridge-tables!

As everyone knows, VPLS has been available for many years now and it’s pretty widely deployed, most of the customers I see have some flavour of VPLS configured on their networks and use it to good effect – so why eVPN? what’s the point in introducing a new technology if the current one appears to work fine.

The reality is that multipoint layer-2 VPNs (VPLS) were never quite as polished as layer-3 VPNs, when layer-3 VPNs were first invented they became, and still are the in many cases the “go to” technology for layer-3 connectivity across MPLS networks, and…

View original post 4,444 more words


New products of the week 7.25.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Sophos SafeGuard Encryption 8Key features:  Sophos SafeGuard Encryption 8 is a new synchronized encryption solution that protects data against theft from malware, attackers or accidental leaks. All organizations can now choose to adopt the best practice of “always-on” file-level encryption to protect data by default. More info. To read this article in full or to leave a comment, please click here

New products of the week 7.25.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Sophos SafeGuard Encryption 8Key features:  Sophos SafeGuard Encryption 8 is a new synchronized encryption solution that protects data against theft from malware, attackers or accidental leaks. All organizations can now choose to adopt the best practice of “always-on” file-level encryption to protect data by default. More info. To read this article in full or to leave a comment, please click here

Evolved Packet Core – Welcome to Long Term Evolution!

As an end user, I am always welcoming the “4G” Signal indicator on my mobile because basically for me this maps to a better Download Speed, good quality VoIP calls (skype, Hangout, Whatsapp, etc) , better Streaming, and HD Videos. This article is all about the “4G” indicator. I am discussing the Evolved Packet Core together with […]

The post Evolved Packet Core – Welcome to Long Term Evolution! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

IS-IS level 1, IS-IS Routing Protocol Levels

What is IS-IS Level 1 ? Why IS-IS level 1 is used ? What are the IS-IS levels ? What is the corresponding Area type in OSPF ? IS-IS Level 1 is also called as IS-IS Level 1 sub domain. IS-IS is a link state routing protocol, similar to OSPF. You can read detail comparison […]

The post IS-IS level 1, IS-IS Routing Protocol Levels appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

51% off Inflatable Lounge Bag Hammock Air Sofa and Pool Float – Deal Alert

This innovative "lounge" requires no external pump and is a suitable substitute for folding chairs, bean bags, hammocks, picnic blankets and pool floats. To inflate, simply unfold, scoop air into it, roll and buckle. Elastic loops allow you to anchor your lounger to solid ground in the windiest conditions. Currently averages 5 out of 5 stars on Amazon from 59 reviewers (read reviews). It's list price of $79.99 has been reduced by 51% to just $39. See this discounted summer item now on Amazon.To read this article in full or to leave a comment, please click here

Jinja2 and… Powershell? Automation(ish) Microsoft DHCP

Most of us have home labs, right?

I’m in the middle of doing some zero touch provisioning testing, and I had the need to create a bunch of DHCP scopes and reservations, some with scope specific options, and some with client specific options. As often as I’ve had to create a Microsoft DHCP server in the lab and set up some custom scopes, I decided I was going to figure out how to automate this as much as I could with a little effort as possible.

After taking a quick look around for a python library to help me out, python being my weapon of choice, I realized that I was going to have to get into some Powershell scripting. I’ve dabbled before, but I’ve never really take the time to learn much about Powershell control structures ( loops, conditionals, pipes, etc…).  I really didn’t want to spend the time getting up to speed on a new language, so I instead decided I was going to use the python skills I had to auto generate the scripts using a little jinja2 and some google-technician skills.

Figuring out the Powershell Syntax

This was the easy part actually, Microsoft has some pretty Continue reading

German shooter hacked Facebook account to lure victims, bought gun on dark net

The media is delving into the digital life of the teenage shooter who opened fire at McDonald’s in Munich Germany’s Olympia Mall. Nine people were killed and 27 others were injured in the tragic rampage. In the end, he killed himself. So far, it’s been reported that he hacked Facebook to lure victims, bought a gun on the ‘dark net’ and played the ‘violent’ video game Counter-Strike.Shooter hacked a girl’s Facebook account to target and social engineer victims18-year-old mass shooting gunman Ali David Sonboly purportedly used Facebook to social engineer, aka “lure,” victims to McDonald’s. The Telegraph reported that the shooter, who had dual German-Iranian citizenship, had hacked into a “pretty teenage” girl’s Facebook account.To read this article in full or to leave a comment, please click here

German shooter hacked Facebook account to lure victims, bought gun on dark net

The media is delving into the digital life of the teenage shooter who opened fire at McDonald’s in Munich Germany’s Olympia Mall. Nine people were killed and 27 others were injured in the tragic rampage. In the end, he killed himself. So far, it’s been reported that he hacked Facebook to lure victims, bought a gun on the ‘dark net’ and played the ‘violent’ video game Counter-Strike.Shooter hacked a girl’s Facebook account to target and social engineer victims18-year-old mass shooting gunman Ali David Sonboly purportedly used Facebook to social engineer, aka “lure,” victims to McDonald’s. The Telegraph reported that the shooter, who had dual German-Iranian citizenship, had hacked into a “pretty teenage” girl’s Facebook account.To read this article in full or to leave a comment, please click here