Let’s start with the elephant in the room: how do you know whether you can reach a host you want to communicate with directly? In the following diagram, how does A know whether B is sitting next to it?
This post describes how to install Active Directory Certificate Services (ADCS) onto a domain controller. It’s for labbing purposes which means I’m going to run this all on a single server instead of a more realistic setup with offline root, issuing CA, and possibly intermediate CA. Don’t use this post for anything designed to go into production!
To add the ADCS role. Go to Server Manager, click Add roles and features. Click Next until you get to Server Roles. Select Active Directory Certificate Series:
Click Add Features. Click Next. Click Next. Then a warning is displayed that it’s not possible to change the computer name or domain settings:
Click Next. Select Certification Authority and Certification Authority Web Enrollment:
Selecting Certification Authority Web Enrollment will install IIS and a small web site will be built to provide certificate services.
Click Add Features. Click Next. Click Next. Select Restart the destination server automatically if required:
Click Install. The installation starts:
When the installation has finished, click Close. Click AD CS in Server Manager. Click More… where it says Configuration required for Active Directory Certificate Services:
Click Configure Active Directory Certificate Services on the destination server:
Job hunting is never easy and on today’s Day Two Cloud, Katrina Janeczko shares her journey from college to her current role at Comcast. Katrina discusses the challenges of job hunting, the relevance of her education, and the impact of AI tools on her learning process. She also talks about the importance of networking, mentorship,... Read more »
Todd Thorpe is today’s guest on Heavy Wireless joining host Keith Parsons to explain the evolution of Wi-Fi technology in Multiple Dwelling Units (MDUs) like apartments and condos. Todd, with over 20 years of MDU experience, discusses the industry’s transformation from early coax cable services to modern managed Wi-Fi solutions. The challenges of retrofitting older... Read more »
Uzair Khan from RUSH University Medical Center is today’s guest on the Network Automation Nerds podcast. Uzair discusses the complexities of healthcare technology and the critical role of automation in enhancing operational efficiency and patient safety. He provides examples of how Itential’s automation and orchestration products have given his teams the tools they need to... Read more »
Kubernetes recently Kubernetes to enter its rebellious phase.
It will experience awkward growth spurts (as new use cases force Kubernetes to adapt); it might go through an identity crisis (is it a platform or is it an API?); it will ask for less supervision and more independence (and rely on AI-driven tooling to require less direct human oversight).
As Kubernetes matures into adolescence, let’s consider how its networking and security circulatory systems grow and adapt. With eBPF, the technology that lets you run custom programs within the Linux (and, soon, Windows) kernel, is not stopping. Beyond networking and security (and the Tetragon projects I work on), more use cases are emerging as you will learn during KubeCon:
Measuring Introducing Continue reading
Industrial Control Systems (ICS) and Operational Technology (OT) used to stand apart from traditional IT. But those worlds are converging, and IT pros, including infosec teams and network engineers, need to become familiar with the operational challenges and quirks of ICS/OT systems. On today’s Packet Protector, guest Mike Holcomb demystifies ICS and OT for IT... Read more »
Brijesh Tripathi’s early career took him on a path that wound through Nvidia to Apple to Tesla to Zoox – an autonomous driving company now a subsidiary of Amazon. …
We are excited to share that Meta has deployed the Arista 7700R4 Distributed Etherlink Switch (DES) for its latest Ethernet-based AI cluster. It's useful to reflect on how we arrived at this point and the strength of the partnership with Meta.
Cloudflare's network spans more than 330 cities in over 120 countries, serving over 60 million HTTP requests per second and 39 million DNS queries per second on average. These numbers will continue to grow, and at an accelerating pace, as will Cloudflare’s infrastructure to support them. While we can continue to scale out by deploying more servers, it is also paramount for us to develop and deploy more performant and more efficient servers.
At the heart of each server is the processor (central processing unit, or CPU). Even though many aspects of a server rack can be redesigned to improve the cost to serve a request, CPU remains the biggest lever, as it is typically the primary compute resource in a server, and the primary enabler of new technologies.
TLDR; Keep your eye on Meter, a Network-as-a-Service company with a vision so far in the future that it seems nearly impossible, yet they are actively...
SPONSORED FEATURE: There’s no doubt that generative AI (GenAI) is a revolutionary technology which has the power to fundamentally change the way we all work. …
Cloudflare One, our secure access service edge (SASE) platform, is introducing a new integration with Okta, the identity and access management (IAM) vendor, to share risk indicators in real-time and simplify how organizations can dynamically manage their security posture in response to changes across their environments.
For many organizations, it is becoming increasingly challenging and inefficient to adapt to risks across their growing attack surface. In particular, security teams struggle with multiple siloed tools that fail to share risk data effectively with each other, leading to excessive manual effort to extract signals from the noise. To address this complexity, Cloudflare launched risk posture management capabilities earlier this year to make it easier for organizations to accomplish three key jobs on one platform:
Exchanging risk telemetry with best-in-class security tools, and
Enforcing risk controls based on those dynamic first- and third-party risk scores.
Today’s announcement builds on these capabilities (particularly job #2) and our partnership with Okta by enabling organizations to share Cloudflare’s real-time user risk scores with Okta, which can then automatically enforce policies based on that user’s risk. In this way, organizations can adapt Continue reading
Take a Network Break! This week we cover a new Juniper announcement and discuss how the company is bringing its security portfolio under its AI umbrella, Aryaka adding CASB to its SASE menu, and whether the FTC’s prescriptive security requirements for Marriott will actually lead to better security. Cisco invests in a GPU-as-a-Service startup, stealthy... Read more »
In the previous post, Setting up Active Directory for ISE Lab, we enabled Active Directory Domain Services. The DNS role was also added automatically as part of this process. In this post, we’ll add DHCP to the server.
Go to Server Manager, click Add roles and features. Click Next until you get to Server Roles. Select DHCP Server. This will display a window asking if required services should be installed:
Click Add Features. Click Next until getting to the Confirmation screen. Select Restart the destination server automatically if required. Since this is a lab, it’s OK to restart.
Select Yes. Then Click Install. The installation starts:
After the installation finishes, click Close.
The DHCP role has been added:
Let’s configure two DHCP scopes, one for employees and one for guests. Open the DHCP app, then expand the server and then IPv4. Right click on IPv4 and select New Scope…
This launches the New Scope Wizard:
Give the scope a name and a description:
Click Next. Then configure starting IP, ending IP, and the subnet mask:
Click Next. I’m not adding any exclusions so clicking Next again. Then configure the lease duration, I’m setting it to 1 day instead of Continue reading
On today’s episode, guest James Henderson joins the Packet Pushers to discuss Cisco’s Network Service Orchestrator (NSO). NSO’s role in network automation, its declarative management approach, and the challenges it presents are some of the things James shares with the hosts. They also cover operational requirements, deployment challenges, and performance considerations, in addition to discussing... Read more »
AI networking is a popular topic at the up coming OCP Global Summit in San Jose, California, with an entire morning on Wednesday October 16 devoted to the subject.
Of particular interest is the talk, Leveraging open technologies to monitor packet drops in AI cluster fabrics, by Aldrin Isaac, eBay, describing the challenge, AI clusters operate most efficiently over lossless networks for optimum job completion times which can be significantly impacted by dropped packets. Although networks can be designed to minimize packet loss by choosing the right network topology, optimizing network devices and protocols, an effective monitoring and troubleshooting network performance tool is still required. Such tool should capture packet drops, raise notifications and identify various drop reasons and pin point where the drops caused congestions. In turn, it allows the governing management application to tune configurations of relevant infrastructure components, including switches, NICs and GPU servers.
The talk will share the results and best practices of a TAM (Telemetry and Monitoring) solution being prepared for deployment at eBay. It leverages OCP’s SAI and open sFlow drop notification technologies as part of eBay’s ongoing initiatives to adopt open networking hardware and community SONiC for its data centers.