Make your FortiGate firewalls work with Kubernetes: How Calico enables Fortinet firewalls to secure Kubernetes workloads

FortiGate firewalls are highly popular and extensively utilized for perimeter-based security in a wide range of applications, including monolithic applications developed and deployed using the traditional waterfall model. These firewalls establish a secure perimeter around applications, effectively managing inbound and outbound traffic for the organization. FortiGate relies on IP addresses for implementing “allow/deny” policies.

The use of IP addresses is effective for non-cloud native applications, where static IP addresses serve as definitive network identifiers. However, in a Kubernetes environment, workloads have dynamic IP addresses that change whenever they are restarted or scaled out to different nodes. This dynamic nature poses challenges when utilizing FortiGate with Kubernetes workloads, requiring continuous updates to firewall rules and the opening of large CIDR ranges for node-based access. This introduces security and compliance risks, as workloads running on these CIDR ranges gain unrestricted access to external or public services.

To facilitate the usage of FortiGate firewalls with Kubernetes workloads, it becomes crucial to identify workloads that necessitate access to external resources and assign them fixed IP addresses for utilization in FortiGate firewall rules. The integration of Calico with FortiGate firewalls and FortiManager offers an elegant solution, enabling the use of FortiGate firewalls while retaining existing Continue reading

Nvidia joins with Dell to target on-prem generative AI

Dell Technologies and Nvidia are jointly launching an initiative called Project Helix that will help enterprises to build and manage generative AI models on-premises, they said Tuesday.The companies will combine their hardware and software infrastructure in the project to support the complete generative AI lifecycle from infrastructure provisioning through modeling, training, fine-tuning, application development, and deployment, to deploying inference and streamlining results, they said in a joint statement.Dell will contribute its PowerEdge servers, such as the PowerEdge XE9680 and PowerEdge R760xa, which are optimized to deliver performance for generative AI training and AI inferencing, while Nvidia contribution to Project Helix, will be its H100 Tensor Core GPUs and Nvidia Networking to form the infrastructure backbone for generative AI workloads.To read this article in full, please click here

Nvidia joins with Dell to target on-prem generative AI

Dell Technologies and Nvidia are jointly launching an initiative called Project Helix that will help enterprises to build and manage generative AI models on-premises, they said Tuesday.The companies will combine their hardware and software infrastructure in the project to support the complete generative AI lifecycle from infrastructure provisioning through modeling, training, fine-tuning, application development, and deployment, to deploying inference and streamlining results, they said in a joint statement.Dell will contribute its PowerEdge servers, such as the PowerEdge XE9680 and PowerEdge R760xa, which are optimized to deliver performance for generative AI training and AI inferencing, while Nvidia contribution to Project Helix, will be its H100 Tensor Core GPUs and Nvidia Networking to form the infrastructure backbone for generative AI workloads.To read this article in full, please click here

Event-Driven Ansible is Here

event driven ansible is here

As you may recall, we introduced Event-Driven Ansible in developer preview last fall at AnsibleFest. Since that time, much work has been done across the community, the Red Hat development teams, customers, and last but not least, Red Hat partners. Today, we are pleased to announce that Event-Driven Ansible will be concluding its developer preview and will become generally available as part of Red Hat Ansible Automation Platform 2.4.  

If you are new to Event-Driven Ansible, check out the developer preview blog I wrote last fall to learn the basics, and you may also be interested in this video on Ansible Rulebooks, as well as others in this playlist. 


Transform your work with Event-Driven Ansible

For many IT teams, there is too much work to do and not enough time to get it all done. Event-Driven Ansible can help your team work smarter, not harder. How often are you doing routine tasks that get in the way of key priorities? How often are you needing to “drop everything” to respond to a ticket enrichment request or handle a user administration issue? Have you had to wake up at night to remediate an issue? How often are Continue reading

Event-Driven Ansible is Here

As you may recall, we introduced Event-Driven Ansible in developer preview last fall at AnsibleFest. Since that time, much work has been done across the community, the Red Hat development teams, customers, and last but not least, Red Hat partners. Today, we are pleased to announce that Event-Driven Ansible will be concluding its developer preview and will become generally available as part of Red Hat Ansible Automation Platform 2.4.

If you are new to Event-Driven Ansible, check out the developer preview blog I wrote last fall to learn the basics, and you may also be interested in this video on Ansible Rulebooks, as well as others in this playlist.

Transform your work with Event-Driven Ansible

For many IT teams, there is too much work to do and not enough time to get it all done. Event-Driven Ansible can help your team work smarter, not harder. How often are you doing routine tasks that get in the way of key priorities? How often are you needing to "drop everything" to respond to a ticket enrichment request or handle a user administration issue? Have you had to wake up at night to remediate an issue? How often are you adjusting Continue reading

Arriving soon: Red Hat Ansible Certified and validated Content Collections for Event-Driven Ansible

EDA arriving soon blog

Since we announced Event-Driven Ansible in developer preview at AnsibleFest last October, we have been working with a number of technology partners to provide integrated offerings via Ansible Content Collections for Event-Driven Ansible. We know that partner integrations are an important source of event intelligence that can be used to create full end-to-end event-driven automation across your Day 2 operations.  

Many of these integrations are in the area of event-source plugins that make it possible for Event-Driven Ansible’s decisioning capability to receive intelligence about a condition in the IT environment that needs a response.  

Today at Red Hat Summit, as we announce Event-Driven Ansible as a capability that will be included in Red Hat Ansible Automation Platform 2.4, we are pleased to unveil the initial set of partners who are creating Ansible Content Collections for Event-Driven Ansible. Many of these will be Red Hat Ansible Certified Content Collections, and some partners are already in the certification process. Others are planned to certify in the near future. As each Collection is complete, subscribers can find and download them in Ansible automation hub

Keep an eye out for further communication around new certified collections, and in the meantime, Continue reading

Event-Driven Ansible: Driving Innovations at the Edge

Across every industry, automation at the edge is enabling emerging use cases, helping organizations drive the next wave of innovation as they explore and execute digital transformation initiatives. The introduction of Event-Driven Ansible is especially exciting when considering the impacts to edge environments. 

 

Event-Driven Ansible at the edge

The edge can bring new challenges of limited or no IT staffing in remote locations such as branches, stores, warehouses, or plant floors. These remote edge facilities are often more focused on Operational Technology (OT), or small form factor IT devices.   

Having a single platform to enable manually and automatically initiated actions across an entire technology landscape – from data center to cloud to edge – is critical to facilitating IT/OT convergence, a necessity in order to maintain competitiveness.  

Ansible Automation Platform does not require an agent to be present on a target system receiving an automated action, which is convenient and ideal for technologies that cannot host an agent, such as an edge device or network router. This feature makes Event-Driven Ansible a simpler solution to deploy and more capable of handling automation at the edge.  

 

Where do you start? Think big, Continue reading

Now on sale at Bed Bath & Beyond: One slightly used data center

With Bed Bath & Beyond filing for bankruptcy last month, it’s liquidation-sale time. That doesn’t mean just  blankets and cookware; it also includes its data center in North Carolina. Not just its servers but the whole facility.The data center in Claremont, N.C., was built in 2013 with a total of 47,500 square feet, 9,500 feet of which is raised floor space, with the ability to double the amount of raised floor space and boost the total power from 1MW to 3.5MW.It is rated a Tier III on the data-center ranking scale of I through IV. Tier III data centers have redundant components and infrastructure for power and cooling, with a guaranteed 99.982% availability.To read this article in full, please click here

Now on sale at Bed Bath & Beyond: One slightly used data center

With Bed Bath & Beyond filing for bankruptcy last month, it’s liquidation-sale time. That doesn’t mean just  blankets and cookware; it also includes its data center in North Carolina. Not just its servers but the whole facility.The data center in Claremont, N.C., was built in 2013 with a total of 47,500 square feet, 9,500 feet of which is raised floor space, with the ability to double the amount of raised floor space and boost the total power from 1MW to 3.5MW.It is rated a Tier III on the data-center ranking scale of I through IV. Tier III data centers have redundant components and infrastructure for power and cooling, with a guaranteed 99.982% availability.To read this article in full, please click here

Dealing with Cisco ACI Quirks

Sebastian described an interesting Cisco ACI quirk they had the privilege of chasing around:

We’ve encountered VM connectivity issues after VM movements from one vPC leaf pair to a different vPC leaf pair with ACI. The issue did not occur immediately (due to ACI’s bounce entries) and only sometimes, which made it very difficult to reproduce synthetically, but due to DRS and a large number of VMs it occurred frequently enough, that it was a serious problem for us.

Here’s what they figured out:

Read more …

Dealing with Cisco ACI Quirks

Sebastian described an interesting Cisco ACI quirk they had the privilege of chasing around:

We’ve encountered VM connectivity issues after VM movements from one vPC leaf pair to a different vPC leaf pair with ACI. The issue did not occur immediately (due to ACI’s bounce entries) and only sometimes, which made it very difficult to reproduce synthetically, but due to DRS and a large number of VMs it occurred frequently enough, that it was a serious problem for us.

Here’s what they figured out:

Read more …

BrandPost: The role of network access control in Zero Trust security

By: Eve-Marie Lanza, Senior Security Solutions Marketing Manager, HPE Aruba Networking.An advertising campaign from the 1980s posited that peanut butter and chocolate were, “two great tastes that taste great together.” While confectionary tastes may vary, there’s no denying that some things just work better together. When it comes to IT security, network access control, and Zero Trust security are like peanut butter and chocolate—great on their own, undeniably better together.Network access control vs. Zero Trust securityNetwork access control and Zero Trust security are not the same, but they are related.To read this article in full, please click here

1 290 291 292 293 294 3,842