Cross-VC NSX for Multi-site Solutions

The Cross-VC NSX feature introduced in VMware NSX 6.2, allows for NSX logical networking and security support across multiple vCenters. Logical switches (LS), distributed logical routers (DLR) and distributed firewall (DFW) can now be deployed across multiple vCenter domains. These Cross-VC NSX objects are called Universal objects. The universal objects are similar to distributed logical switches, routers, and firewall except they have global or universal scope, meaning they can span multiple vCenter instances. With Cross-VC NSX functionality, in addition to the prior local-scope single vCenter objects, users can implement Universal Logical Switches (ULS), Universal Distributed Logical Routers (UDLR), and Universal DFW (UDFW) across a multi-vCenter environment that can be within a single data center site or across multiple data center sites. In this post we’ll take a look at how we do this. Continue reading

The Trouble with Tor

The Tor Project makes a browser that allows anyone to surf the Internet anonymously. Tor stands for "the Onion router" and that describes how the service works. Traffic is routed through a number of relays run across the Internet where each relay only knows the next hop (because each hop is enclosed in a cryptographic envelope), not the ultimate destination, until the traffic gets to the final exit node which connects to the website — like peeling the layers of an onion.

Storm clouds over Glastonbury Tor CC BY 2.0 image by Ben Salter

Think of it like a black box: traffic goes into the box, is bounced around between a random set of relays, and ultimately comes out to connect to the requested site. Anonymity is assured because anyone monitoring the network would have a difficult time tying the individuals making the requests going into the black box with the requests coming out.

Importance and Challenges of Anonymity

Anonymity online is important for a number of reasons we at CloudFlare believe in. For instance, Tor is instrumental in ensuring that individuals living in repressive regimes can access information that may otherwise be blocked or illegal. We this is so important that we offer Continue reading

DMVPN vs. GETVPN

DMVPN vs. GETVPN – In this post I am going to cover the similarities and the differences between GETVPN and the DMVPN. For the DMVPN basics, please read this post. Both technologies provide overlay virtual private network in general and I will use the below comparison table and the design attributes listed in it. For the […]

The post DMVPN vs. GETVPN appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Most managed security tools will be cloud based by 2020, IHS predicts

Even as security remains a concern for cloud users, research firm IHS says managed security vendors are increasingly delivering their security products via the cloud.And by 2020, most managed security services will be delivered via the cloud, IHS predicts.+MORE AT NETWORK WORLD: IT is getting cloud storage security all wrong +  IHS IHS predicts that by 2020, more managed security vendors will deliver their products via the cloud than on-premises. To read this article in full or to leave a comment, please click here

Court vacates iPhone hack order against Apple, focus shifts to New York

A judge in California vacated on Tuesday an earlier order asking Apple to assist the FBI in cracking the passcode of an iPhone 5c running iOS 9 that was used by one of the San Bernardino terrorists.The focus of the dispute between Apple and the government over whether it can be compelled to help agencies access data on iPhones now shifts to a court in Brooklyn, New York, where Apple is contesting an order to extract data from the passcode-locked iPhone 5s of an alleged drug dealer.The FBI had requested the California court on Monday to vacate the order as the government had successfully accessed the data stored on the iPhone used by Syed Rizwan Farook and no longer required Apple’s assistance.To read this article in full or to leave a comment, please click here

CNBC just collected your password and shared it with marketers

CNBC inadvertently exposed peoples' passwords after it ran an article Tuesday that ironically was intended to promote secure password practices. The story was removed from CNBC's website shortly after it ran following a flurry of criticism from security experts. Vice's Motherboard posted a link to the archived version. Embedded within the story was a tool in which people could enter their passwords. The tool would then evaluate a password and estimate how long it would take to crack it. A note said the tool was for "entertainment and educational purposes" and would not store the passwords. That turned out not to be accurate, as well as having other problems.To read this article in full or to leave a comment, please click here

Next-Generation Network Telemetry

Late last year, I was pleased to be part of a special Tech Field Day event focused on network analytics. We had a day full of presentations from folks like Netflix, Google, and some goofball with a wrinkly jacket - all focused on what the next-generation networks will look like with respect to analytics. This was a while ago, but I’ve wanted to write about this ever since, and a recent conversation gave me the spark I needed.

Next-Generation Network Telemetry

Late last year, I was pleased to be part of a special Tech Field Day event focused on network analytics. We had a day full of presentations from folks like Netflix, Google, and some goofball with a wrinkly jacket - all focused on what the next-generation networks will look like with respect to analytics. This was a while ago, but I’ve wanted to write about this ever since, and a recent conversation gave me the spark I needed.

Spousetivities at OpenStack Summit in Austin

Long-time readers know that my wife, Crystal, has been running this thing called Spousetivities for a few (OK, eight) years now. While Spousetivities originally started out as a VMworld thing, it rapidly expanded, and this year Spousetivities will be at a number of events. That includes the spring OpenStack Summit in Austin, TX!

If you’re planning to attend the Summit in Austin, why not bring your spouse/fiancé/partner/significant other with you? I can tell you from personal experience that having him or her there with you makes the conference experience more pleasant. In this particular case, Austin is a great place to visit in April and it is very affordable. Besides, Spousetivities has a great set of activities planned to keep your traveling companion(s) entertained while you’re at the conference.

Here’s a quick look at some of what’s planned for that week:

  • Explore Austin via a unique scavenger hunt experience, complete with prizes
  • Cruise the lake on private, luxury paddle-wheel boat while enjoying a delicious catered lunch
  • BBQ galore—after all, this is the BBQ capital and Spousetivities will make sure you get to try the famous BBQ of the Salt Lick
  • Quaint and relaxing tour of historic Fredericksburg

On the Spousetivities Continue reading

Next-Generation Network Telemetry

Late last year, I was pleased to be part of a special Tech Field Day event focused on network analytics. We had a day full of presentations from folks like Netflix, Google, and some goofball with a wrinkly jacket - all focused on what the next-generation networks will look like with respect to analytics.

This was a while ago, but I’ve wanted to write about this ever since, and a recent conversation gave me the spark I needed.

Microservices

First, I want to mention that - in no small part due to the Netflix presentation - this was one of the first times I’ve heard microservices brought up in a network tooling context. Sure, microservices are all the rage and we’ve definitely seen a lot of activity regarding how to bring our networks up to the level required by these new application architectures. However, starting with this event, I’ve also started to notice a tremendous value in approaching the network software itself with a microservices architecture, instead of the monolithic network monitoring/management software we use today.

More on that in a future post.

Out With The “Pull”, In With the “Stream”

If you haven’t watched any of the videos from Continue reading

Writing elsewhere on the net

Hi Folks,
I write for a few other publications, so I’ve made this handy page to link to external articles. I’ll update this page as new articles are released.

Human Infrastructure Magazine

Issue 23 – How To Unblock Your Project
Issue 27 – Email Stinks For Process Documentation

Network Computing

Demystifying The 10x Network Engineer
The Broken Window Theory of Network Configuration

Packet Pushers

All my posts on the PacketPushers Blog
Enjoy.

The post Writing elsewhere on the net appeared first on NetworkSherpa.

How to detect TrueCrypt blobs being passed around

So, challenge accepted:

tl;dr: The NSA should be able to go back through it's rolling 90 day backlog of Internet metadata and find all other terrorist cells using this method.

From what we can piece together from the NYTimes article, it appears that ISIS is passing around TrueCrypt container files as a way of messaging. This is really weird. It has the has the property of security through obscurity, which is that it has the nice property of evading detection for a while because we'd never consider that ISIS would do such a strange thing. But it has the bad property that once discovered, it now becomes easier to track. With the keys found on the USB drive, we can now start decrypting things that were a mystery before.

We are going off of very little information at the moment, but let's imagine some fictional things.

First, we need to figure out what is meant by a file or hosting site in Turkey. Such hosting sites are all over the place, as you can find with a Continue reading

Is the Cisco 6500 Series invincible?

The Cisco 6500 Series has proven itself time and time again to be a mainstay in the networking industry. Cisco has done a commendable job with continued enhancements to ensure that the industry’s golden child maintains relevance. If this is the case, why do IT professionals still fear its supposedly impending obsolescence and feel pressure to upgrade to newer models? Let’s just say rumors of its demise are greatly exaggerated.As the industry moves toward 10/40Gig and higher, the need for bandwidth and port density only increases. Software-defined networking (SDN), while certainly worthy of consideration, may not be the best option for all organizations just yet. However, the need for high-speed switching connectivity and robust services remains a concern for the here and now. Enter: The Cisco 6500 Series.To read this article in full or to leave a comment, please click here

1 2,930 2,931 2,932 2,933 2,934 3,697