Register Now for the HP DemoFriday on HP SDN Applications!
Registration is now open for the HP DemoFriday! Learn how your organization can enhance optimization & visibility with HP SDN applications.
Using an Apt Proxy
In this post I’ll show you how to use apt-cacher-ng as an Apt proxy for Ubuntu systems on your network. I’m sure there are a lot of other resources that also provide this information, but I’m including it here for the sake of completeness and making it as easy as possible for others. Using an Apt proxy will help reduce the traffic coming from your network to external repositories, but it simpler and easier than running your own internal repository or mirror.
This isn’t the first time I’ve discussed apt-cacher-ng; almost two years ago I showed you how to use Puppet to configure Ubuntu to use apt-cacher-ng. This post focuses on the manual configuration of an Apt proxy.
On the server side, setting up an Apt proxy is as simple as one command:
apt-get install apt-cacher-ng
I’m sure there are some optimizations or advanced configurations, but this is enough to get the Apt proxy up and running.
On the client side, there are a couple of ways to configure the system. You could use a tool like Puppet (as described here), or manually configure the system. If you choose manual configuration, you can place the configuration in either /etc/apt/apt. Continue reading
Adopt a “Whole Stack” View to NFV (Part 2)
Service creation requires a new, layered model of networking that incorporates policy & service abstraction. Meet the "whole stack" concept.
Virtualized
The post Virtualized appeared first on 'net work.
Adopt a “Whole Stack” View to NFV
Service creation requires a new, layered model of networking
IBM Goes Full OpenStack for Cloud Services
IBM rolls out OpenStack to its public cloud.
Stupidities of Switch Programming (written in June 2013)
In June 2013 I wrote a rant that got stuck in my Evernote Blog Posts notebook for almost two years. Sadly, not much has changed since I wrote it, so I decided to publish it as-is.
In the meantime, the only vendor that’s working on making generic network deployments simpler seems to be Cumulus Networks (most other vendors went down the path of building proprietary fabrics, be it ACI, DFA, IRF, QFabric, Virtual Chassis or proprietary OpenFlow extensions).
Arista used to be in the same camp (I loved all the nifty little features they were rolling out to make ops simpler), but it seems they lost their mojo after the IPO.
Read more ...Using Check Point Identity Awareness with NAT
Check Point Identity Awareness is problematic in environments that have multiple customers, overlapping private address space, and NAT. It can be done, if you understand the traffic flows, the connections needed, and how to combine several features. Here’s how I did it.
Background: Typical Check Point Management Flows
A quick reminder of the traditional flows used for Check Point firewall management:
Check Point Management Clients (e.g. SmartDashboard, SmartLog) connect to the management server to configure policies, view logs, etc.
Policies are compiled and pushed from the management server to the firewall(s). Logs are sent from the firewall back to the management server. All good.
Identity Awareness: Additional Connections
Identity Awareness lets you define rules based upon user identities, rather than IP addresses. So you can say “This AD group is allowed to connect directly to the SQL Server.” Much nicer Continue reading