Technology Short Take #55

Welcome to Technology Short Take #55! Here’s hoping I’ve managed to find something of value and interest to you in this latest collection of links and articles from around the web on networking, storage, virtualization, security, and other data center-related technologies. Enjoy!

Networking

• I recently came across Kuryr, an OpenStack project aimed at connecting Docker’s libnetwork efforts to OpenStack Neutron. The end result, as I understand it, would be to allow any Neutron plugin to be able to provide container networking functionality to Docker via libnetwork. This makes sense to me, although I think that network virtualization products are still going to need to integrate directly with libnetwork so that they can be used in environments outside of OpenStack. If you’re interested in getting more information on Kuryr, check out Gal Sagie’s post here or read this follow-up post on using Kuryr and OVN (Open Virtual Network) together.
• Drew Conry-Murray has a post up on the Packet Pushers blog talking about the benefits and challenges of a single OS; specifically, the benefits and challenges pertaining to Arista and EOS. Lots of companies like to tout the “single OS” banner, but there can be value in having specialized OSes custom-built Continue reading

Red Hat and the Ansible Community

Now that Ansible is a part of Red Hat, some people may wonder about the future of the Ansible project. Specifically, a few people have expressed concerns that Ansible may become more Red Hat-centric at the expense of other platforms or open source projects.  Here is the good news: the Ansible community strategy has not changed.

As always, we want to make it as easy as possible to work with any projects and communities who want to work with Ansible. Now that we have the resources of Red Hat behind us, we plan to accelerate these efforts. We want to do more integrations with more open source communities and more technologies.

One of the reasons that Red Hat purchased Ansible in the first place was because Red Hat understands the importance of a broad and diverse community. Google “Ansible plus <open source project>” for nearly any project and you will find Ansible playbooks and modules and blog posts and videos and slide decks and all kinds of other information, all intended to make working with that project easier.  We have thousands of people attending Ansible meetups and events all over the world.  We have millions of users.  We Continue reading

Featured: ClearPath Networks’ Cliff Young Shares Outlook on vCPE, NFV and Linux Containers

ClearPath Networks' CEO Cliff Young discusses NFV, vCPE and Linux Containers.

Worth Reading: Thoughts on the Open Internet

The FCC’s view of an “Open Internet” appears to be closely bound to the concept of “Net Neutrality,” a concept that attempts to preclude a carriage service provider from explicitly favouring (or disrupting) particular services over and above any other. via circleid

The post Worth Reading: Thoughts on the Open Internet appeared first on 'net work.

Appformix and Ansible: Product Deployments Made Simple

We began by searching for an orchestration and configuration management tool for our test lab, and we ended up with Ansible playbooks that we ship with our product.

Automation is a key tenet of our engineering team at AppFormix. Repetitive tasks are automated, such as those surrounding continuous integration, host configuration, maintenance, and backups. This saves time and allows us to document a task, which in turn enables others to understand, contribute, and use the automation. Our engineers spend their time creating our product that provides infrastructure performance optimization for cloud-based datacenters, leaving the mundane work to computers.

We began our automation with Python and Bourne shell scripts, since we were familiar with these languages. Such scripts worked great for a set of steps to perform on a single host, but become very complex when managing several hosts (like in a cloud). We used ssh, scp, and Fabric, but found it challenging to maintain configuration about every host and handle errors robustly.

As our engineering team and deployments grew in size, we needed a sustainable tool to configure our testbeds and deploy our software. We chose Ansible for a number of reasons, including:

• Agentless. Ansible’s agentless design did not require Continue reading

OpenStack Appliance Startup ZeroStack Raises $16M

ZeroStack adds to its OpenStack war chest.

On the hunt for merger or acquisition? Make sure your target is secure

Security experts regularly exhort organizations to improve their security not just internally but externally as well, in their business relationships with third parties.In many cases, it is more than an exhortation – it’s a mandate. Last year’s updated standards for the payment card industry (PCI) made a point of addressing third-party risks.But some evidence suggests an area of third-party relationships where security still lags is mergers and acquisitions (M&A).In a survey of, “214 global deal-makers from corporates, financial institutions, investors and legal services providers,” the London-based law firm Freshfields Bruckhaus Deringer found that while there is plenty of awareness (74 percent of acquirers and 60 percent of sellers) about the effect that cyber security risks can have on a pending deal, a large majority of respondents – 78 percent – “believe cyber security is not analyzed in great depth or specifically quantified as part of the M&A due diligence process.”To read this article in full or to leave a comment, please click here

Attackers hijack CCTV cameras and network-attached storage devices to launch DDoS attacks

We've reached a point that security researchers have long warned is coming: insecure embedded devices connected to the Internet are routinely being hacked and used in attacks.The latest example is a distributed denial-of-service (DDoS) attack detected recently by security firm Imperva. It was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras protecting businesses around the world instead of a typical computer botnet.The attack peaked at 20,000 requests per second and originated from around 900 closed-circuit television (CCTV) cameras running embedded versions of Linux and the BusyBox toolkit, researchers from Imperva's Incapsula team said in a blog post Wednesday.To read this article in full or to leave a comment, please click here

Tom Hollingsworth On Automating the Data Center Network

Finding a Needle in a Galaxy of Roles

We are really excited to announce the release of Galaxy 1.1. It’s only been a few short weeks since Galaxy 1.0 debuted, and here we are again!

This time we added some powerful enhancements to make searching Ansible roles a much better experience. With over 3,500 roles in Galaxy and more being added every day, it can be a real challenge to sift through platforms, categories and descriptions to find exactly what you need. In Galaxy 1.1 we solved this problem.

Galaxy Tags

As the author of a role, you know better than we do how to describe the role and what terms users will search to discover the role. So to make describing roles better for authors and users, we replaced our limited set a categories with Galaxy Tags, allowing the author to add a list of free-form search terms to a role.

Let’s take a quick look at creating a role with Galaxy and using the new Galaxy Tags feature. We start by creating a role using the ansible-galaxy command line utility that comes installed with Ansible:

ansible-galaxy init ansible-role-myrole

 This creates the following directory structure and some supporting files for the new role:

ansible-role-myrole/
 Continue reading

PQ Show 61: The UNetLab Project

UnetLab, or the Unified Networking Lab, is a virtual lab for networking engineers. An alternative to GNS3 and Cisco VIRL, it aims to be easy to use. Find out its unique features and how to get started with a lab project.

The post PQ Show 61: The UNetLab Project appeared first on Packet Pushers.

Was CLNP Really Broken?

One of my readers sent me this question after listening to the podcast with Douglas Comer:

Professor Comer mentioned that IP choose a network attachment address model over an endpoint model because of scalability. He said if you did endpoint addressing it wouldn’t scale. I remember reading a bunch of your blog posts about CNLP (I hope I’m remembering the right acronym) and I believe you liked endpoint addressing better than network attachment point addressing.

As always, the answer is “it depends” (aka “we’re both right” ;).

NTT Picks PLUMgrid for Virtual Networking

NTT is a fresh win for PLUMgrid since its new CEO joined in June.

Microsoft to pay up to US$15K for bugs in two Visual Studio tools

Microsoft has started a three-month bug bounty program for two tools that are part of Visual Studio 2015.The program applies to the beta versions of Core CLR, which is the execution engine for .NET Core, and ASP.NET, Microsoft's framework for building websites and web applications. Both are open source."The more secure we can make our frameworks, the more secure your software can be," wrote Barry Dorrans, security lead for ASP.NET, in a blog post on Tuesday.All supported platforms that .NET Core and ASP.NET run on will be eligible for bounties except for beta 8, which will exclude the networking stack for Linux and OS X, Dorrans wrote.To read this article in full or to leave a comment, please click here

Back to Basics: Power and Cooling Cheat Sheet

As a supplement to the Back to Basics: Power article, I created this cheat sheet to stow away for a rainy day. Next time you need to remember how to calculate wattage, or need to look up a foreign power connector, this will be a handy tool.

The post Back to Basics: Power and Cooling Cheat Sheet appeared first on Packet Pushers.

Back to Basics: Power

In this article I will be walking through some of the elements of power design and management in a context relevant to IT engineers. Although we, as IT-centric engineers, may only deal with electrical power systems once in a while, it can be very useful to understand the principles at work and come in handy […]

The post Back to Basics: Power appeared first on Packet Pushers.

Researchers warn computer clocks can be easily scrambled

In 2012, two servers run by the U.S. Navy rolled back their clocks 12 years, deciding it was the year 2000.The servers were very important: they're part of a worldwide network that helps computers keep the right time using the Network Time Protocol (NTP).Computers that checked in with the Navy's servers and adjusted their clocks accordingly had a variety of problems with their phones systems, routers and authentication systems.The incident underscored the serious problems that can occur when using NTP, one of the oldest Internet protocols published in 1985.The protocol is fairly robust, but researchers from Boston University said on Wednesday they've found several flaws in NTP that could undermine encrypted communications and even jam up bitcoin transactions.To read this article in full or to leave a comment, please click here

Researchers warn computer clocks can be easily scrambled

In 2012, two servers run by the U.S. Navy rolled back their clocks 12 years, deciding it was the year 2000.The servers were very important: they're part of a worldwide network that helps computers keep the right time using the Network Time Protocol (NTP).MORE: 10 Cool Network & Computing Research ProjectsComputers that checked in with the Navy's servers and adjusted their clocks accordingly had a variety of problems with their phones systems, routers and authentication systems.To read this article in full or to leave a comment, please click here

A ‘Pause’ in Enterprise Cloud Spending Hurts EMC Stock

This pause in cloud spending could last two years, says EMC CEO.

Biden vs Risk Analysis