Notes on the CIA spying case

The CIA announced it wasn't going to punish those responsible for spying/hacking on Senate computers. Since journalists widely get this story wrong, I thought I'd write up some notes getting it right. That's because while the CIA organization is guilty of gross misconduct, it's actually likely that no individual employees did anything wrong. The organization is guilty, but (possibly) the people aren't.

The first thing to note is that no hacking happened. These were CIA computers, at a CIA facility, managed by CIA sysadmins, who had the admin passwords.

That's the complicated bit. In 2009 when the Intelligence committee demanded to look at the torture/interrogation documents, the CIA balked about the security issues of staffers taking documents offsite. Therefore, they came to an agreement with the Senate: the CIA would set up a special secured network at their building, disconnected from the rest of the CIA network. The Senate staffers would go there to work. Documents would be transferred from the CIA's main network onto this special network by hand (probably USB flash drive or something).

The Senate committee didn't have to agree to this. By law, they have oversight, and can make decisions that screw the CIA. But the Continue reading

VMware NSX Loves Hardware

One of the core value propositions of VMware NSX is ability to take advantage of any underlying hardware infrastructure and deliver a fully decoupled virtualized network in software. VMware NSX loves a Modern Infrastructuregood hardware fabric,.

But that’s not the only hardware VMware NSX loves.

The votes have been cast and counted, and we are pleased to announce that VMware NSX was selected as the winner in the “Best Software Defined Infrastructure” category in the 2015 Modern Infrastructure Impact Awards. The awards were judged by the Modern Infrastructure e-zine editorial staff, in conjunction with users, readers, and industry experts.

The Modern Infrastructure Impact Awards recognize the top products, technologies and services in the essential areas of technology that Modern Infrastructure covers. The award-winning tools are those helping to run enterprise businesses with efficiency and insight — whether they’re used inside the data center or out.

VMware NSX delivers secure network services to applications running in the data center, resulting in instant and programmatic provisioning, fast and highly available infrastructure, and increased security and micro segmentation capabilities.

Read about the award here and to learn more about the business value of VMware NSX visit  vmware.com/products/nsx.

Roger

A Non-Programmer’s Introduction to Git

Git is a distributed version control system that is widely used by a number of open source projects. In this post, I’m going to provide a quick non-programmer’s introduction to Git, and encourage readers to spend some time getting familiar with Git. I think it is a time investment that will pay off down the road.

First, I’m going to provide some definitions/brief explanations in order to establish a foundation upon which you can build your Git knowledge. A version control system (sometimes just referred to as a VCS) is a system that tracks changes to files (or groups of files) over time.

The group of files that a VCS tracks is called a repository. The basic idea behind a VCS is that you could use it to “roll back” to an earlier version of any file (or group of files) in the repository in the event that the current version isn’t working or isn’t optimal. Almost all version control systems, including Git, support multiple repositories, and typically each repository would represent a particular project, component, or function. (I say “almost all version control systems” because there may be some VCS out there of which I am not aware that Continue reading

Case Study: Cogapp

cogapp

Our latest Ansible Case study features Cogapp, who helps the BBC, MoMA, and others organize their digital media, use Ansible for environment provisioning and content deployment. 

We use Ansible to build out the servers for deployments and to provision development VMs for our team. We also use Ansible to populate sample content for our development environments.

Our development team is 12 people; at least half of them have written or edited playbooks, and all of them have run playbooks to provision environments. When we started working with Ansible, each new project would cannibalize the last one and take some of the Ansible content. Now we have built a more standard library of content so we can spin up new projects quicker. We also use Galaxy roles wherever possible to standardize our server hardening playbooks so they can be shared across deployments.

Read the full case study.

 

SDN and Gartner’s Hype Cycle

Many years ago Gartner introduced their technology Hype Cycle, which maps visibility against maturity for new technology. The Hype Cycle in essence states that many new technologies get a large amount of visibility early in their maturity cycle. The visibility and enthusiasm drops significantly when reality sets in: technologies early in their maturity cycle will have low adoption rates. The vast majority of customers of technology are conservative in their choices, especially if this new technology is not (yet) fundamental to this customer’s business.

I call it common sense reality, Garter calls it the Trough of Disillusionment, fine. It is that realization that the technology may have lots of promises, but isn’t ready to be consumed.

That is where the real work starts, maturing the technology, driving solutions and use cases, creating the economic viability of the technology and tons of other stuff that needs to be done to get a customer base to actually buy into this technology. Not with words and attention, but with the only thing that matters ultimately, money. Gartner calls delivering these absolutely necessary components the Slope of Enlightenment.

Not every technology follows this cycle, not every technology survives the downward turn after the inflated Continue reading

Obama’s War on Hackers


In next week's State of the Union address, President Obama will propose new laws against hacking that could make either retweeting or clicking on the above link illegal. The new laws make it a felony to intentionally access unauthorized information even if it's been posted to a public website. The new laws make it a felony to traffic in information like passwords, where "trafficking" includes posting a link.

You might assume that things would never become that bad, but it’s already happening even with the current laws. Prosecutors went after Andrew “weev” Auernheimer for downloading a customer list AT&T negligently made public. They prosecuted Barret Brown for copying a URL to the Stratfor hack from one chatroom to another. A single click is all it takes. Prosecutors went after the PayPal-14 for clicking on a single link they knew would flood PayPal’s site with traffic.

Even if you don’t do any of this, you can still be guilty if you hang around with people who do. Obama proposes upgrading hacking to a “racketeering” offense, Continue reading

Distributed routing on VMware NSX

On the previous post a NSX environment has been configured with three isolated logical switches. In this post a distributed router will be added to route packets between logical switches inside tenant 1. Open the Web client and go to “Networking & Security -> NES Edges” and add a new logical (distributed) router: Configure username, […]

Routers vs Switches, When to position which?

Everyone knows the difference between a router and switch right? Good.. (for those that need a good refresher) this post is not going is not going to dive into that topic. What I want to talk about is Router vs Switching from a positioning standpoint. One question I often get asked working with customers is: “Can I […]

Author information

Derek Pocoroba

Derek Pocoroba
Principal Architect at sigmanet

Derek is a principal architect who helps customers of all sizes solve complex problems. His background ranges from Campus and Data centers designs. Within enterprise and service provider networks. With his 10 year IT experience he has worked on a wide range of products with a focus on Cisco. Derek is currently a CCIE#18559 studying for his CCDE.
TwitterLinkedIn

The post Routers vs Switches, When to position which? appeared first on Packet Pushers Podcast and was written by Derek Pocoroba.

OVN, Bringing Native Virtual Networking to OVS

By Justin Pettit, Ben Pfaff, Chris Wright, and Madhu Venugopal

Today we are excited to announce Open Virtual Network (OVN), a new project that brings virtual networking to the OVS user community. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Just like OVS, our design goal is to have a production quality implementation that can operate at significant scale.

Why are we doing this? The primary goal in developing Open vSwitch has always been to provide a production-ready low-level networking component for hypervisors that could support a diverse range of network environments.  As one example of the success of this approach, Open vSwitch is the most popular choice of virtual switch in OpenStack deployments. To make OVS more effective in these environments, we believe the logical next step is to augment the low-level switching capabilities with a lightweight control plane that provides native support for common virtual networking abstractions.

To achieve these goals, OVN’s design is narrowly focused on providing L2/L3 virtual networking. This distinguishes OVN from general-purpose SDN controllers or platforms.

OVN is a new project from the Open vSwitch team to Continue reading

AT&T Personifies Slow Crawl to SDN Ubiquity

AT&T Personifies Slow Crawl to SDN Ubiquity

by Brian Boyko, Contributor - January 13, 2015

The Wall Street Journal reported in a “CIO Journal” blog post that AT&T intends to virtualize 75% of its network by 2020, with “very specific operational planning,” according to SEVP of Technology and Operations, John Donovan. 

Why would AT&T push off SDN so far into the distant future? Then again, 2020 is only five years away. Five years is a relative timeframe in IT, and I think the length of AT&T’s transition not only underscores the size and scope of AT&T’s networks but also the caution to which they’re giving the task. This is understandable considering the complexity of managing SDN. 

Donovan says the motivation for AT&T is to reduce capital expenditures while increasing capacity in the network. In our recent survey of service providers, more than 40% said reducing costs is their number one driver for deploying SDN, compared to only 17% in 2013. The biggest drivers cited however – which corroborates AT&T’s desire to increase capacity – are improved agility and supporting new services such as cloud, big data applications, and mobility. 

According to the article, it Continue reading

Rules Shouldn’t Have Exceptions

MerkurRazor

On my way to Virtualization Field Day 4, I ran into a bit of a snafu at the airport that made me think about policy and application. When I put my carry-on luggage through the X-ray, the officer took it to the back and gave it a thorough screening. During that process, I was informed that my double-edged safety razor would not be able to make the trip (or the blade at least). I was vexed, as this razor had flown with me for at least a whole year with nary a peep from security. When I related as much to the officer, the response was “I’m sorry no one caught it before.”

Everyone Is The Same, Except For Me

This incident made me start thinking about polices in networking and security and how often they are arbitrarily enforced. We see it every day. The IT staff comes up with a new plan to reduce mailbox sizes or reduce congestion by enforcing quality of service (QoS). Everyone is all for the plan during the discussion stages. When the time comes to implement the idea, the exceptions start happening. Upper management won’t have mailbox limitations. The accounting department is Continue reading

Internet for the Next 3 Billion

37406-4

Last month, I traveled to Doha, Qatar to participate in the ITU’s Telecom World conference. While there I got to understand how a satellite provider brings Internet access to South Sudan using medium-earth orbit satellites and, amazingly, achieves terrestrial latencies to a region where reliable terrestrial connections simply don’t exist!  The mission of this company is to help close the digital divide by extending Internet access to the estimated three billion people on the planet who are currently not served.  Our measurements show the that performance improvement over traditional satellite can be dramatic.

ITU Telecom World

First, let me say a few words about the conference itself and then I’ll review this intriguing new satellite service.  In Doha, I was on a panel entitled Affordable International Backhaul and chaired by Abu Saaed Kahn of LIRNEAsia, a telecommunications policy institute primarily focused on the Asia-Pacific region.

Panel Session:Affordable International Backhaul
On the panel, Siddhartha Raja of the World Bank and Khaled Naguib Sedrak of NxtVn described creative approaches to the common problem of liberalizing telecom markets in developing countries. While it is an established fact that a liberalized telecom market yields better service for its customers and spurs greater economic growth, Continue reading

Zero Touch Provisioning in a Bare Metal World

Who doesn’t like automation?  If you’re speaking to somebody in IT, then the short answer is “nobody”.

While the term Zero Touch Provisioning (ZTP) might be increasingly more common to networking, the concept of automation has existed for years in IT.  At its core, ZTP is an automation solution that’s designed to reduce errors and save time when an IT administrator needs to bring new infrastructure online.

This is particularly useful for data center servers, where scale and configuration similarities across systems make automation a necessity.  In the server world, the Linux-based operating system has revolutionized on boarding and provisioning.  Rather than using command-line interfaces (CLI) to configure these systems one at a time, administrators can use automation tools to roll out the operating system software, patches, and packages on new servers with a single command, or the click of a mouse.

Advanced scripting capabilities also allow administrators to tailor the boot configuration of these systems with profiles for specific applications.  So for example, if you need ten servers for a new Hadoop cluster, you can load this with one profile, but if you need six new servers for a new web application, you can Continue reading

1 3,605 3,606 3,607 3,608 3,609 3,795