What’s inside your containers? Why visibility and control are critical for container security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

As organizations turn to containers to improve application delivery and agility, the security ramifications of the containers and their contents are coming under increased scrutiny.

Container providers Docker, Red Hat and others are moving aggressively to reassure the marketplace about container security. In August Docker delivered Docker Content Trust as part of the Docker 1.8 release. It uses encryption to secure the code and software versions running in Docker users’ software infrastructures. The idea is to protect Docker users from malicious backdoors included in shared application images and other potential security threats.

To read this article in full or to leave a comment, please click here

FireEye Myth and Reality

Some tech companies are always associated with their first acts. Dell just acquired my first employer, EMC Corporation, in order to expand its enterprise portfolio yet the company will always be linked with personal computers and its founder’s dorm room.  F5 has become a nexus that brings together networks and applications but will always retain the moniker of a load balancing company.  Bit9 has established itself as a major next-generation endpoint player yet some people can only think of its original focus on white listing.In my opinion, FireEye shares a similar limited reputation as many security professionals equate the company with a single cybersecurity technology, network “sandboxing,” in spite of its acquisitions, progress, and diversification. This perception seems especially true on Wall Street where financial analysts continue to judge FireEye based upon the number of competitive vendors who offer network sandboxes of their own. To read this article in full or to leave a comment, please click here

One year at Plexxi and the Future of Networking

It’s almost time to celebrate my one-year work anniversary with Plexxi, coming up next month. When I began here I set out with a grand vision set on building a simply better network. I’m grateful to the entire Plexxi team for their commitment and hard work to make many of our goals a reality. I believe that today we are better and stronger as a company. We have meaningful industry partnerships like our distribution agreement with Arrow, groundbreaking product developments and more financing to make our goals and growth plans a reality.

Last week I spoke with Chris Talbot, a writer at FierceEnterpriseCommunications and had the opportunity to reflect on my time with Plexxi so far. Chris and I discussed what led me to join Plexxi, why I believe in what we’re doing and why we’re pioneering a new path for networks that is going to lead the industry for years to come.

We are making great strides and I’m excited about the momentum we have going for us right now and what the future holds. You can find Chris’ article, The Future of Networking is Photonic Underlays here. Let me know what you think.

The post Continue reading

HP Is Shipping Unicorns Now: 10GBASE-T SFP+ Module

It's long been said that we'll never see an SFP+ transceiver for 10GBASE-T media. Too much power, too small package, too much heat, etc...

I'm not sure that never is quite right. There's this wonderful/horrible contraption:
Dawnray SFP+ module. Photo found here.
It's huge. It's ugly. Its covered with fins, so it must be hot. The data sheet says it consumes 7 Watts. Where's it getting 7W? Not from the SFP+ interface on the switch... Note the power cord attached to the module. It uses a wall wart!

This is not an elegant solution, but 10GBASE-T is hard, and this is the best we've got.

Until now.

/u/asdlkf recently pointed out on reddit that HP have published a data sheet1 for a much more elegant SFP+ module for 10GBASE-T.

There were rumors that this module was going to have a giant heatsink and protrude far beyond the SFP+ slot, but it turns out that's not the case. It looks really good, and it's only a bit longer than some 1000BASE-T modules that I have kicking around the office.

The module uses only 2.3W (no wall wart required, but plugging in lots of them will still tax most switches), Continue reading

Can myriad wireless networks connect as one fast, secure system?

Getting the innumerable wireless networks the military and some commercial enterprises to communicate just doesn’t work in many cases, creating serious communications and security problems for warfighters and others interacting with those networks.+More on Network World Gartner: IT should simplify security to fight inescapable hackers+Researchers at the Defense Advanced Research Projects Agency are looking for ways to change that problem with a new program called Dynamic Network Adaptation for Mission Optimization (DyNAMO).To read this article in full or to leave a comment, please click here

Can myriad wireless networks connect as one fast, secure system?

Getting the innumerable wireless networks the military and some commercial enterprises to communicate just doesn’t work in many cases, creating serious communications and security problems for warfighters and others interacting with those networks.+More on Network World Gartner: IT should simplify security to fight inescapable hackers+Researchers at the Defense Advanced Research Projects Agency are looking for ways to change that problem with a new program called Dynamic Network Adaptation for Mission Optimization (DyNAMO).To read this article in full or to leave a comment, please click here

Getting to Know Peter Sprygada, Director of Engineering

Knowing the members of our Ansible community is important to us, and we want you to get to know the members of our team in (and outside of!) the Ansible office. Stay tuned to the blog to learn more about the people who are helping to bring Ansible to life.

ansible-team-peter-sprygada This week we're happy to introduce you to Peter Sprygada, who recently joined Ansible to tackle all things networking. Prior to joining us at Ansible, Peter built a long career building and operating next generation network infrastructures and most recently ran the EOS+ CS team at Arista focusing on the integration of network operations with DevOps methodologies.

 

What’s your role at Ansible?

Mostly my days revolve around working closely with customers, partners and the fantastic Ansible community to bring more robust support for networking devices into Ansible and Ansible Tower. This includes applying Ansible to help evolve DevOps methodologies to solve problems associated with running network operations teams.

What exciting Ansible networking projects can you tell us about?

To start, we have been working closely with our network partners to transition many of the great modules that have been available in the wild and make them available to Continue reading

Gathering network device versions with Ansible using SNMP

Ansible SNMPUntil there is a universal standard which states how to access network devices I believe SNMP is the best option when it comes to determining what a device actually is. While SNMP’s glory days might be long gone, if there in fact were any. There are still some instances where SNMP is more handy than the modern APIs we have now. All network devices respond in the same way to SNMP queries. This can be compared to a REST API where you have to know the URL of the API before you can target a device. Even with SSH which is also a standard the implementation differs between various vendors, while this doesn’t matter if you are connecting to the device manually it does if you are using a script. Looking at Netmiko a Python library for SSH, you have to specify device vendor and class when you connect. This is because SSH doesn’t work the same with Cisco devices, compared to HP devices, as prompts and paging work differently. However with SNMP it always works the same, sure all vendors have specific MIBs that they use. But general queries for standard MIBs work the same. Using a standard MIB Continue reading

Worth Reading: Thoughts on the Open Internet

I’m sure we’ve all heard about “the Open Internet.” The expression builds upon a rich pedigree of term “open” in various contexts. For example, “open government” is the governing doctrine which holds that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight, a concept that appears to be able to trace its antecedents back to the age of enlightenment in 17th century Europe.

I would normally place worth reading items in the right column, Geoff has written a six part series about the open Internet that’s worth reading. I’ve put links to each piece here.

Thoughts on the Open Internet – Part 1: What Is “Open Internet”
Thoughts on the Open Internet – Part 2: The Where and How of “Internet Fragmentation”
Thoughts on the Open Internet – Part 3: Local Filtering and Blocking
Thoughts on the Open Internet – Part 4: Locality and Interdependence
Thoughts on the Open Internet – Part 5: Security
Thoughts on the Open Internet – Part 6: Final Thoughts

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Thoughts on the Open Internet appeared first on 'net work.

Gathering network device versions with Ansible using SNMP

Ansible SNMPUntil there is a universal standard which states how to access network devices I believe SNMP is the best option when it comes to determining what a device actually is. While SNMP’s glory days might be long gone, if there in fact were any. There are still some instances where SNMP is more handy than the modern APIs we have now. All network devices respond in the same way to SNMP queries. This can be compared to a REST API where you have to know the URL of the API before you can target a device. Even with SSH which is also a standard the implementation differs between various vendors, while this doesn’t matter if you are connecting to the device manually it does if you are using a script. Looking at Netmiko a Python library for SSH, you have to specify device vendor and class when you connect. This is because SSH doesn’t work the same with Cisco devices, compared to HP devices, as prompts and paging work differently. However with SNMP it always works the same, sure all vendors have specific MIBs that they use. But general queries for standard MIBs work the same. Using a standard MIB it’s possible to identify the manufacturer of a device and often it’s version. Continue reading

Riverbed Unleashes A Hungry “Project Tiger”

Riverbed's Project Tiger

“The future of the WAN is NOT . . . a router.”

These bold words were spoken by Riverbed’s Josh Dobies in a presentation to the delegates at Networking Field Day 10 this August, as a lead in to the first public announcement of “Project Tiger.”

Anatomy of a Tiger

Riverbed explained that the SteelHead appliances perform WAN optimization in sites with highly contended bandwidth. The SteelFusion appliances offer both “hyperconverged infrastructure” and WAN optimization. For sites that have plenty of bandwidth, however, there’s no Riverbed product you can put there and that–for Riverbed at least–is a problem. Riverbed’s proposed solution? Ironically, it’s an appliance that can act as a WAN router, but with some rather unusual features.

Key Technical Takeaways

The headline features of Project Tiger as I see it, are:

  • New SteelOS™ modular operating system (replacing RiOS)
  • Containerization technology, used for the SteelOS modules
  • Service-Chaining capability
  • Riverbed SD-WAN features
  • Zero Touch Provisioning (ZTP), with policy and configuration managed centrally in SteelCentral™
  • BGP and OSPF to exchange routes with adjacent MPLS CE routers, for example.

Surprisingly absent from that list, however, is WAN Optimization. Despite being Riverbed’s core competency, this is not a feature of the Project Tiger appliance. Because Continue reading

IDG Contributor Network: Huawei 5G hits 3.6 gigabits per second in field test

For anyone questioning the feasibility of super-high speed 5G networks—faster than wired is today—due to come on stream in 2020, be assured, tests have been completed that apparently indicate that the tech can actually work. China-based equipment maker Huawei has announced that it has, along with Japan’s largest Mobile Network Operator NTT DOCOMO, concluded a large-scale, non-lab field trial of 5G.Peak speeds Peak speeds reached 3.6Gbps Huawei says in a press release on its website. For comparison Verizon’s 4G LTE broadband in the U.S. has “peak download speeds approaching 50Mbps,” according to Verizon on its website.To read this article in full or to leave a comment, please click here

1 3,282 3,283 3,284 3,285 3,286 3,840