Case Study: Let’s Encrypt DNS-01

Last week I shared how IPng Networks deployed a loadbalanced frontend cluster of NGINX webservers that have public IPv4 / IPv6 addresses, but talk to a bunch of internal webservers that are in a private network which isn’t directly connected to the internet, so called IPng Site Local [ref] with addresses 198.19.0.0/16 and 2001:678:d78:500::/56.

I wrote in [that article] that IPng will be using ACME HTTP-01 validation, which asks the certificate authority, in this case Let’s Encrypt, to contact the webserver on a well-known URI for each domain that I’m requesting a certificate for. Unsurprisingly, several folks reached out to me asking “well what about DNS-01”, and one sentence caught their eye:

Some SSL certificate providers allow for wildcards (ie. *.ipng.ch), but I’m going to keep it relatively simple and use [Let’s Encrypt] which offers free certificates with a validity of three months.

I could’ve seen this one coming! The sentence can be read to imply it doesn’t, but of course Let’s Encrypt offers wildcard certificates. It just doesn’t satisfy my relatively simple qualifier of the second part of the sentence … So here I go, down the Continue reading

F5 offers new distributed cloud services for multicloud connectivity

Enterprise networking and application security company F5 is rolling out two new features to help businesses simplify different management tasks for today’s complex, multicloud environments.The core problem with multicloud is heightened complexity and its associated costs in management headaches and security weaknesses. Distributed deployments, the company said in its announcement of the new capabilities this week, decrease visibility into the workings of complex systems, making it easier for security holes to go unnoticed.F5’s new Distributed Cloud App Connect and Distributed Cloud Network are aimed squarely at addressing those problems via APIs designed to knit various applications and services together in a single-pane-of-glass management console.To read this article in full, please click here

IPv6 Buzz 122: Using IPv6 Networks For IPv4 As A Service

On today's IPv6 Buzz podcast we explore the topic of using IPv6 networks to provide IPv4 as a Service (IPv4aaS). Enterprises may become more interested in IPv4aaS as they connect disparate services in their environments. We discuss how IPv4aaS works, and enterprise and service provider use cases.

The post IPv6 Buzz 122: Using IPv6 Networks For IPv4 As A Service appeared first on Packet Pushers.

A Deeper Look: Red Hat Named a Leader in the Forrester Wave

This week, we announced that Red Hat has been named a leader in The Forrester Wave Infrastructure Automation, Q1 2023. In an effort to help explain this result from our point of view, the following blog answers some of the most frequently asked questions.

 

What is The Forrester Wave?

“The Forrester Wave™ is a guide for buyers considering their purchasing options in a technology marketplace and is based on our analysis and opinion. To offer an equitable process for all participants, Forrester follows a publicly available methodology, which we apply consistently across all participating vendors.” [source

Forrester has been a mainstay throughout people’s automation journeys, and Red Hat is proud to be recognized as a leader in the results of this Q1 2023 report.

 

What were the results?

Red Hat, specifically focused on Ansible Automation Platform, has been named a leader in the Q1, 2023 Forrester Wave™ Infrastructure Automation report. 

Refer to the following graphic, that can be viewed in the final report:

 

Download the Final Report

 

Why is this significant to us?

We believe Forrester is one of the most recognized technology analyst firms in the IT space, and Continue reading

Node.js compatibility for Cloudflare Workers – starting with Async Context Tracking, EventEmitter, Buffer, assert, and util

Node.js compatibility for Cloudflare Workers – starting with Async Context Tracking, EventEmitter, Buffer, assert, and util
Node.js compatibility for Cloudflare Workers – starting with Async Context Tracking, EventEmitter, Buffer, assert, and util

Over the coming months, Cloudflare Workers will start to roll out built-in compatibility with Node.js core APIs as part of an effort to support increased compatibility across JavaScript runtimes.

We are happy to announce today that the first of these Node.js APIs – AsyncLocalStorage, EventEmitter, Buffer, assert, and parts of util – are now available for use. These APIs are provided directly by the open-source Cloudflare Workers runtime, with no need to bundle polyfill implementations into your own code.

These new APIs are available today — start using them by enabling the nodejs_compat compatibility flag in your Workers.

Async Context Tracking with the AsyncLocalStorage API

The AsyncLocalStorage API provides a way to track context across asynchronous operations. It allows you to pass a value through your program, even across multiple layers of asynchronous code, without having to pass a context value between operations.

Consider an example where we want to add debug logging that works through multiple layers of an application, where each log contains the ID of the current request. Without AsyncLocalStorage, it would be necessary to explicitly pass the request ID down through every function call that might invoke the logging Continue reading

Out now! Auto-renew TLS certifications with DCV Delegation

Out now! Auto-renew TLS certifications with DCV Delegation
Out now! Auto-renew TLS certifications with DCV Delegation

To get a TLS certificate issued, the requesting party must prove that they own the domain through a process called Domain Control Validation (DCV). As industry wide standards have evolved to enhance security measures, this process has become manual for Cloudflare customers that manage their DNS externally. Today, we’re excited to announce DCV Delegation — a feature that gives all customers the ability offload the DCV process to Cloudflare, so that all certificates can be auto-renewed without the management overhead.

Security is of utmost importance when it comes to managing web traffic, and one of the most critical aspects of security is ensuring that your application always has a TLS certificate that’s valid and up-to-date. Renewing TLS certificates can be an arduous and time-consuming task, especially as the recommended certificate lifecycle continues to gradually decrease, causing certificates to be renewed more frequently. Failure to get a certificate renewed can result in downtime or insecure connection which can lead to revenue decrease, mis-trust with your customers, and a management nightmare for your Ops team.

Every time a certificate is renewed with a Certificate Authority (CA), the certificate needs to pass a check called Domain Control Validation (DCV). This is a process Continue reading

Cloud vs on-prem: SaaS vendor 37signals bails out of the public cloud

David Heinemeier Hansson, co-owner and CTO at SaaS vendor 37signals, is quitting the cloud and wants everyone to know about it. In a series of blog posts, Hansson has challenged the cloud business model, rebutted assumptions associated with cloud computing, and argued that the consolidation of power among hyperscalers is not necessarily a good thing.It might seem counterintuitive for a SaaS vendor to be publicly taking pot shots at the cloud and suggesting that other companies re-consider their cloud investments.  Has Hansson, the creator of Ruby on Rails, gone off the rails?Hansson’s argument is simple:  By pulling server workloads off the Amazon AWS infrastructure, purchasing new hardware from Dell, and running his business from a colocation facility, he will save millions of dollars.To read this article in full, please click here

Commercial quantum networks inch closer to primetime

As commercial availability of quantum computers moves closer to reality, researchers and vendors are investing in efforts to create quantum-secured networks.Quantum networks use entangled photons or other particles to ensure secure communications, but they are not, in and of themselves, used for general communication. Quantum networks are expensive and slow. And though nobody can listen in on the messages without breaking the entanglement of the photons, hackers can still try to attack the systems before the messages get into the quantum network, or after they leave it.Instead, quantum networks today are largely used for quantum key distribution (QKD), which uses quantum mechanics to secure the transmission of symmetric encryption keys. According to a June report by quantum industry analyst firm IQT research, the worldwide market for quantum networks will near $1.5 billion in 2027 and grow to more than $8 billion by 2031, and QKD will be the main revenue driver, followed by a rise in networks that use emerging quantum repeaters to connect quantum computers together and quantum sensor networks.To read this article in full, please click here

Cloud vs on-prem: SaaS vendor 37signals bails out of the public cloud

David Heinemeier Hansson, co-owner and CTO at SaaS vendor 37signals, is quitting the cloud and wants everyone to know about it. In a series of blog posts, Hansson has challenged the cloud business model, rebutted assumptions associated with cloud computing, and argued that the consolidation of power among hyperscalers is not necessarily a good thing.It might seem counterintuitive for a SaaS vendor to be publicly taking pot shots at the cloud and suggesting that other companies re-consider their cloud investments.  Has Hansson, the creator of Ruby on Rails, gone off the rails?Hansson’s argument is simple:  By pulling server workloads off the Amazon AWS infrastructure, purchasing new hardware from Dell, and running his business from a colocation facility, he will save millions of dollars.To read this article in full, please click here

Commercial quantum networks inch closer to primetime

As commercial availability of quantum computers moves closer to reality, researchers and vendors are investing in efforts to create quantum-secured networks.Quantum networks use entangled photons or other particles to ensure secure communications, but they are not, in and of themselves, used for general communication. Quantum networks are expensive and slow. And though nobody can listen in on the messages without breaking the entanglement of the photons, hackers can still try to attack the systems before the messages get into the quantum network, or after they leave it.Instead, quantum networks today are largely used for quantum key distribution (QKD), which uses quantum mechanics to secure the transmission of symmetric encryption keys. According to a June report by quantum industry analyst firm IQT research, the worldwide market for quantum networks will near $1.5 billion in 2027 and grow to more than $8 billion by 2031, and QKD will be the main revenue driver, followed by a rise in networks that use emerging quantum repeaters to connect quantum computers together and quantum sensor networks.To read this article in full, please click here

Will ChatGPT Replace Stack Overflow?

TL&DR: No. You can move on.

NANOG87 summary by John Kristoff prompted me to look at NANOG87 presentations, and one of them discussed ChatGPT and Network Engineering (video). I couldn’t resist the clickbait ;)

Like most using ChatGPT for something articles we’re seeing these days, the presentation is a bit too positive for my taste. After all, it’s all fine and dandy to claim ChatGPT generates working router configurations and related Jinja2 templates if you know what the correct configurations should look like and can confidently say “and this is where it made a mistake” afterwards.

Read more …

Will ChatGPT Replace Stack Overflow?

TL&DR: No. You can move on.

NANOG87 summary by John Kristoff prompted me to look at NANOG87 presentations, and one of them discussed ChatGPT and Network Engineering (video). I couldn’t resist the clickbait ;)

Like most using ChatGPT for something articles we’re seeing these days, the presentation is a bit too positive for my taste. After all, it’s all fine and dandy to claim ChatGPT generates working router configurations and related Jinja2 templates if you know what the correct configurations should look like and can confidently say “and this is where it made a mistake” afterwards.

Read more …

More Power To You – Energy Efficiently

Every year, a fairly large portion of the several tens of millions of servers running in the world needs to be replaced because the cost of using the old machinery can be higher than buying in the new machinery – and this can be true even if the old kit is entirely paid for and completely depreciated.

More Power To You – Energy Efficiently was written by Timothy Prickett Morgan at The Next Platform.

Preparing For Upcoming Hybrid Classical-Quantum Compute

If quantum computers are going to become a commercial thing sometime down the road – and there’s a lot of money and time going into the effort to make them viable for use by HPC organizations and enterprises – it’s increasingly likely that it will be in combination with classical computers.

Preparing For Upcoming Hybrid Classical-Quantum Compute was written by Jeffrey Burt at The Next Platform.

1 289 290 291 292 293 3,804