Automating a Multi-Action Security Workflow with VMware NSX

This post was written by VMware’s John Dias, (VCP-DCV), Sr. Systems Engineer, Cloud Management Solutions Engineering Team, and Hadar Freehling, Security & Compliance Systems Engineer Specialist

***

Through a joint effort with Hadar Freehling, one of my esteemed peers here at VMware, we co-developed a proof-of-concept workflow for a network security use case.  Hadar created a short video showing and explaining the use case, but in summary this is a workflow that reacts to and remediates a security issue flagged by third-party integration with VMware NSX. In the video, TrendMicro is used but it could be any other partner integration with vShield Endpoint.

Here’s what happens:

  • A virus is detected on a VM and is quarantined by the AV solution
  • The AV solution tags the VM with an NSX security tag
  • VMware NSX places the VM in a new Security Group, whose network policies steer all VM traffic through an intrusion prevention system (IPS)
  • vCenter Orchestrator (vCO) monitors the security group for changes and when a VM is added
    • a snapshot of the VM is taken for forensic purposes
    • a vSpan session (RSPAN) is set up on the Distributed Virtual Switch to begin capturing inbound/outbound traffic on the VM
    • once the Continue reading

Nontraditional network integrations

If you listen to the chatter around the network industry, you are starting to see a lot more discussion about integration. While particularly clueful individuals have been hip to the fact for awhile, it seems the industry at large is just awakening to the idea that the network does not exist in isolation. Put differently, the idea that the network can be oblivious to everything around it (and they to the network) is losing steam as orchestration frameworks like OpenStack take deeper root.

Having glue between the major infrastructure components is critical to having seamless operation across all the resources required to satisfy an application or tenant workload. But there is additional (potentially greater!) advantage to be had by performing some less traditional integrations.

Where do integrations matter?

There are two primary reasons to have integrated infrastructure: to cut down on time and to cut down on mistakes. Integration is almost always in support of automation. Depending on the exact integration, that automation is in support of making things faster and cheaper, or in making things less prone to Layer 8 issues.

The point here is that integration is rarely done just for the sake of integration. Companies need Continue reading

The History of Open

Everybody is talking about “open” this or that – from Cisco making claims to new companies embracing open source code as a means of developing or accelerating their go-to-market strategies. But what does “open” really mean?

One challenge in using a broad and you might say amorphous term like open is that it can lead to confusion or a negative first impression that “this is just marketing.” To get some perspective, let’s look back a bit and see how we got to this point of open and what the original intent was.

Open systems are computer systems that provide some combination of interoperability, portability, and open software standards. (“Open” can also refer to specific installations that are configured to allow unrestricted access by people and/or other computers; this article does not discuss that meaning.)

The term “open” was popularized in the early 1980s, mainly to describe systems based on Unix, especially in contrast to the more entrenched mainframes, minicomputers, and engineering workstations in use at that time. Unlike older legacy systems, the newer generation of Unix systems featured standardized programming interfaces and peripheral interconnects. Third party development of hardware and software was Continue reading

OpenDaylight in the Enterprise: OpenFlow and NETCONF in the right places

When using Open Daylight (ODL), two open standards for configuration are OpenFlow & NETCONF. Which is the better choice ? Is there an option for both ? A use case on when to use OpenFlow and NETCONF protocols in the Enterprise by using the best features of each protocol.

The post OpenDaylight in the Enterprise: OpenFlow and NETCONF in the right places appeared first on EtherealMind.

How We Filter Information About IT Products

The amount of information to be found out about tech products is astonishing. Anything you’d like to know about virtually any product is a Google search away. The hits you’ll get back are loaded with information, some useful and some…less useful. I am awash in data to ingest each and every day. I […]

Close to the wire: How route analytics can help prevent BGP-caused outages

Close to the wire: How route analytics can help prevent BGP-caused outages

by Brian Boyko, Contributor - September 16, 2014

At around 3:00 a.m. Eastern Daylight Time on August 13th, Internet users started reporting slow connectivity and intermediate outages. This impacted many large networks and hosting providers including eBay, Comcast, and Time-Warner.

The problem was that some older Cisco routers have a default limit of 512k border gateway protocol (BGP) routing entries in their TCAM memory. Normally, routing tables typically have around 500k entries, so there’s a little bit of a buffer. But BGP prefix aggregation for a major service provider’s systems temporarily failed. The service provider quickly fixed the problem on their end, but not before 15,000 new prefixes were sent to the global routing table, surpassing that 512k limit. 

There is a work-around for these routers to increase the maximum size for the routing tables, but one has to wonder why these routers were running so close to maximum to begin with. In short, there is clearly a need for a larger margin of error. 

The August 13th event highlights one of the reasons that route analytics are more important than ever. With the visibility Continue reading

Network Monitoring Videos from NFD8

In yesterday’s post (Network Monitoring – So Many Choices), I neglected to link to the videos from Networking Field Day 8 covering the network monitoring portions of the presentations from Gigamon, Pluribus and Big Switch. So rather than go back … Continue reading

If you liked this post, please do click through to the source at Network Monitoring Videos from NFD8 and give me a share/like. Thank you!

Why is Lync The Killer SDN Application?

lync-logo

The key to showing the promise of SDN is to find a real-world application to showcase capabilities.  I recently wrote about using SDN to slice education networks.  But this is just one idea.  When it comes to real promise, you have to shelve the approach and trot out a name.  People have to know that SDN will help them fix something on their network or optimize an troublesome program.  And it appears that application is Microsoft Lync.

MIssing Lync

Microsoft Lync (neè Microsoft Office Communicator) is a software application designed to facilitate communications.  It includes voice calling capability, instant messaging, and collaboration tools.  The voice part is particularly appealing to small businesses.  With a Microsoft Office 365 for Business subscription, you gain access to Lync.  That means introducing a voice soft client to your users.  And if it’s available, people are going to use it.

As a former voice engineer, I can tell you that soft clients are a bit of a pain to configure.  They have their own way of doing things.  Especially when Quality of Service (QoS) is involved.  In the past, tagging soft client voice packets with Cisco Jabber required setting cluster-wide parameters for all clients.  It Continue reading

Docker Closes $40M Series C Led by Sequoia

Today is a great day for the Docker team and the whole Docker ecosystem.

We are pleased to announce that Docker has closed a $40M Series C funding round led by Sequoia Capital.  In addition to giving us significant financial resources, Docker now has the insights and support of a board that includes Benchmark, Greylock, Sequoia, Trinity, and Jerry Yang.

This puts us in a great position to invest aggressively in the future of distributed applications. We’ll be able to significantly expand and build the Docker platform and our ecosystem of developers, contributors, and partners, while developing a broader set of solutions for enterprise users. We are also very fortunate that we’ll be gaining the counsel of Bill Coughran, who was the SVP of Engineering at Google for eight years prior to joining Sequoia, and who helped spearhead the extensive adoption of container-based technologies in Google’s infrastructure.

While the size, composition, and valuation of the round are great, they are really a lagging indicator of the amazing work done by the Docker team and community. They demonstrate the amazing impact our open source project is having. Our user community has grown exponentially into the millions and we have a constantly expanding network of contributors, Continue reading

After cheap, what is important for cloud services?

Amazon is indisputably the biggest name in cloud service providers. They have built up a strong market presence primarily on the argument that access to cheap compute and storage resources is attractive to companies looking to shed IT costs as they move from on-premises solutions to the cloud. But after the initial push for cheap resources, how will this market develop?

Is cheap really cheap?

Amazon has cut prices to their cloud offering more than 40 times since introducing the service in 2006. The way this gets translated in press circles is that cloud services pricing is approaching some floor. But is that true?

In October 2013, Ben Kepes over at Forbes wrote an interesting article that included a discussion of AWS pricing. In the article, he quotes some work done by Profitbricks that shows AWS pricing relative to Moore’s Law. The article is here, and the image from the article is below:aws-moores-law

Moore’s Law tells us that performance will roughly double every two years. Of course it is not really a law but more a principle useful in forecasting how generalized compute and storage performance will track over time. The other side of this law is that we have Continue reading

python interface-checker

I’d like helpdesk to be able to enable and disable switchports without requiring them to know the underlying OS. My plan is to have a webpage with a list of devices. When you click on a device it will check the interfaces status via SNMP and display administrative and operational status of all interfaces on […]

The Four Paths to SDN

After the initial onslaught of SDN washing, four distinct approaches to SDN have started to emerge, from centralized control plane architectures to smart reuse of existing protocols.

As always, each approach has its benefits and drawbacks, and there’s no universally best solution. You just got four more (somewhat immature) tools in your toolbox. And now for the details.

Read more ...

Show 205 – Open Source Network Monitoring with OMDistro.org

Network monitoring is one of our most requested topics on Packet Pushers, and this week we take on open source monitoring solutions. Why open source? Because commercial NMS solutions are all over the place in functionality and price. So, if it’s possible to put a solid NMS in place based on open source, then it’s […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 205 – Open Source Network Monitoring with OMDistro.org appeared first on Packet Pushers Podcast and was written by Ethan Banks.

The Evolution from Products to Platforms in Software Driven Cloud Networking

Legacy networking vendors have often declared that they do not build “boxes” but actually build “systems and architectures”. I have tried to understand what that really means. Undoubtedly, new applications on the Internet have evolved and now depend on a modern infrastructure that outlives any particular static workload or physical machine. Indeed, at Arista, we along with our customers are looking at a technology evolution that goes beyond individual components to a universal cloud architecture.

Disruptive Innovation Begins with Products, aka “Boxes”

Building a “best of breed” product is a vital foundation to building a good system. Typical metrics may include feeds and speeds such as latency, power, port density (non-blocking), fabric capacity, throughput and scale combined with a feature-rich network operating system. Examples of this include Cisco’s routers and Catalyst switches (with IOS) in the 1990s, F5’s Big IP and Splunk’s data analytics in the past decade, or even more recently, Arista’s 7000 series Leaf-Spine-Spline products. Vendors with breakthrough products are pioneers and thought-leaders in their markets and often establish trends rather than follow them. Sustained differentiation beyond point features is a common theme. Such products are disruptive in nature, bringing critical business benefits and reducing capex spend within Continue reading

How Stacks are Handled in Go.

At CloudFlare, We use Go for a variety of services and applications. In this blog post, We're going to take a deep dive into some of the technical intricacies of Go.

One of the more important features of Go is goroutines. They are cheap, cooperatively scheduled threads of execution that are used for a variety of operations, like timeouts, generators and racing multiple backends against each other. To make goroutines suitable for as many tasks as possible, we have to make sure that each goroutine takes up the least amount of memory, but also have people be able to start them up with a minimal amount of configuration.

To achieve this, Go manages stacks in way that behaves like any other language, but is quite different in how they're implemented.

An introduction to thread stacks

Before we look at Go, let's look at how stacks are managed in a traditional language like C.

When you start up a thread in C, the standard library is responsible for allocating a block of memory to be used as that thread's stack. It will allocate this block, tell the kernel where it is and let the kernel handle the execution of the thread. Continue reading

What Good is UML?

A friend of mine — Tony P to be exact — recently talked me into reading up on UML. I hadn’t worked a lot with modeling languages in a serious way before, but I took the bait and read UML Distilled (Safari Amazon). Okay — this is actually interesting stuff. First, a short review of the book itself.

There are, according to the author, two sorts of UML models. The one advocated here is sketchup, which is used to outline a process or the relationship between various components. There is a stricter version of UML that can actually be compiled into software, but I immediately attached the PowerPoint compiler to this in my head (right or wrong, there’s something about moving from a model to a product without anything in the middle that just doesn’t seem right to me — maybe I’m just an old fogy or something). The progress of the book is useful, moving from the basic concept of modeling languages, a history of the UML, and finally through several constructs within the UML. The author attempts to take you through enough constructs to get you to the point of being able to use the UML Continue reading

1 3,723 3,724 3,725 3,726 3,727 3,859