BrandPost: How Secure SD-WAN Can Replace Traditional Branch Firewalls

By: Gabriel Gomane, Senior Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.Originally created primarily to support WAN virtualization, SD-WAN capabilities have evolved to manage more aspects of the network—including security. Today, secure SD-WAN solutions have also enabled IT teams to eliminate branch firewalls in favor of a simplified branch WAN infrastructure.The reasons are manifold. As network architecture continues to shift to the cloud, branch offices must now tackle new security challenges as the network grows more complex as more users connect outside the traditional security perimeter. At the same time, enterprises want additional flexibility to cope with the growing number of cloud applications, the ability to open new branches faster, or host new applications more quickly. The traditional network structure, built on MPLS, routers, and firewalls, simply cannot handle the flexibility enterprises need, due to the cost, complexity, and rigidity this hardware demands…especially as it was never designed to be part of the emerging cloud infrastructure of today. To read this article in full, please click here

Lenovo spends its 30th anniversary making 50 announcements

Lenovo Group is marking its 30th anniversary with its largest data-center product launch ever, with more than 50 new products covering servers, storage, and edge systems.Specifically, the celebration is for the ThinkSystem server, and many of the announcements were about upgrades. first introduced under the name PS/2 Server when IBM owned the business. It sold that x86 business to Lenovo in 2015, and it became the Lenovo Infrastructure Solutions Group.Due to the sheer numbers we won’t get into the individual products. Suffice it to say nearly everything is being upgraded. The next generation of ThinkSystem servers and storage, along with the ThinkEdge edge computing device lineup, as well as the ThinkAgile family of hyperconverged infrastructure appliances collectively are called Lenovo Infrastructure Solutions V3.To read this article in full, please click here

Lenovo spends its 30th anniversary making 50 announcements

SPEC Gets Serious About Datacenter Energy Metrics

Performance per watt is garnering increasing attention these days with efficiency and sustainability less of a PR point of pride and far more of a TCO concern. …

SPEC Gets Serious About Datacenter Energy Metrics was written by Nicole Hemsoth at The Next Platform.

Announcing Turnstile, a user-friendly, privacy-preserving alternative to CAPTCHA

Today, we’re announcing the open beta of Turnstile, an invisible alternative to CAPTCHA. Anyone, anywhere on the Internet, who wants to replace CAPTCHA on their site will be able to call a simple API, without having to be a Cloudflare customer or sending traffic through the Cloudflare global network. Sign up here for free.

There is no point in rehashing the fact that CAPTCHA provides a terrible user experience. It's been discussed in detail before on this blog, and countless times elsewhere. The creator of the CAPTCHA has even publicly lamented that he “unwittingly created a system that was frittering away, in ten-second increments, millions of hours of a most precious resource: human brain cycles.” We hate it, you hate it, everyone hates it. Today we’re giving everyone a better option.

Turnstile is our smart CAPTCHA alternative. It automatically chooses from a rotating suite of non-intrusive browser challenges based on telemetry and client behavior exhibited during a session. We talked in an earlier post about how we’ve used our Managed Challenge system to reduce our use of CAPTCHA by 91%. Now anyone can take advantage of this same technology to stop using CAPTCHA on their own site.

UX Continue reading

We’ve shipped so many products the Cloudflare dashboard needed its own search engine

Today we’re proud to announce our first release of quick search for the Cloudflare dashboard, a beta version of our first ever cross-dashboard search tool to help you navigate our products and features. This first release is now available to a small percentage of our customers. Want to request early access? Let us know by filling out this form.

What we’re launching

We’re launching quick search to speed up common interactions with the Cloudflare dashboard. Our dashboard allows you to configure Cloudflare’s full suite of products and features, and quick search gives you a shortcut.

To get started, you can access the quick search tool from anywhere within the Cloudflare dashboard by clicking the magnifying glass button in the top navigation, or hitting Ctrl + K on Linux and Windows or ⌘ + K on Mac. (If you find yourself forgetting which key combination it is just remember that it’s ⌘ or Ctrl-K-wik.) From there, enter a search term and then select from the results shown below.

Current supported functionality

What functionality will Continue reading

Private by design: building privacy-preserving products with Cloudflare’s Privacy Edge

When Cloudflare was founded, our value proposition had three pillars: more secure, more reliable, and more performant. Over time, we’ve realized that a better Internet is also a more private Internet, and we want to play a role in building it.

User awareness and expectations of and for privacy are higher than ever, but we believe that application developers and platforms shouldn’t have to start from scratch. We’re excited to introduce Privacy Edge – Code Auditability, Privacy Gateway, Privacy Proxy, and Cooperative Analytics – a suite of products that make it easy for site owners and developers to build privacy into their products, by default.

Building network-level privacy into the foundations of app infrastructure

As you’re browsing the web every day, information from the networks and apps you use can expose more information than you intend. When accumulated over time, identifiers like your IP address, cookies, browser and device characteristics create a unique profile that can be used to track your browsing activity. We don’t think this status quo is right for the Internet, or that consumers should have to understand the complex ecosystem of third-party trackers to maintain privacy. Instead, we’ve been working on technologies that encourage and enable Continue reading

Introducing Cloudflare’s free Botnet Threat Feed for service providers

We’re pleased to introduce Cloudflare’s free Botnet Threat Feed for Service Providers. This includes all types of service providers, ranging from hosting providers to ISPs and cloud compute providers.

This feed will give service providers threat intelligence on their own IP addresses that have participated in HTTP DDoS attacks as observed from the Cloudflare network — allowing them to crack down on abusers, take down botnet nodes, reduce their abuse-driven costs, and ultimately reduce the amount and force of DDoS attacks across the Internet. We’re giving away this feed for free as part of our mission to help build a better Internet.

Service providers that operate their own IP space can now sign up to the early access waiting list.

Cloudflare’s unique vantage point on DDoS attacks

Cloudflare provides services to millions of customers ranging from small businesses and individual developers to large enterprises, including 29% of Fortune 1000 companies. Today, about 20% of websites rely directly on Cloudflare’s services. This gives us a unique vantage point on tremendous amounts of DDoS attacks that target our customers.

DDoS attacks, by definition, are distributed. They originate from botnets of many sources — in some cases, from hundreds of thousands to millions Continue reading

Monitor your own network with free network flow analytics from Cloudflare

As a network engineer or manager, answering questions about the traffic flowing across your infrastructure is a key part of your job. Cloudflare built Magic Network Monitoring (previously called Flow Based Monitoring) to give you better visibility into your network and to answer questions like, “What is my network’s peak traffic volume? What are the sources of that traffic? When does my network see that traffic?” Today, Cloudflare is excited to announce early access to a free version of Magic Network Monitoring that will be available to everyone. You can request early access by filling out this form.

Magic Network Monitoring now features a powerful analytics dashboard, self-serve configuration, and a step-by-step onboarding wizard. You’ll have access to a tool that helps you visualize your traffic and filter by packet characteristics including protocols, source IPs, destination IPs, ports, TCP flags, and router IP. Magic Network Monitoring also includes network traffic volume alerts for specific IP addresses or IP prefixes on your network.

Making Network Monitoring easy

Magic Networking Monitoring allows customers to collect network analytics without installing a physical device like a network TAP (Test Access Point) or setting up overly complex remote monitoring systems. Our product works Continue reading

Dynamic inventory plugin collection for network device management

Tackling the complexities of enterprise inventories

One common challenge our customers face is the need to track hosts from multiple sources: LDAP, cloud providers, and enterprise CMDB systems. Using a dynamic inventory allows users to integrate with these systems and update the Ansible inventory as it varies over time, with hosts spinning up and shutting down in response to business demands.

Ansible supports two ways to connect with external inventory: Inventory plugins and inventory scripts.

Today we are going to cover dynamic inventory plugins as a Collection for network device management through an /etc/hosts file. This same type of setup can be used for creating any dynamic inventory using different items from /etc/hosts files to ini files or even csv’s.

The first mission: Where is the source of truth?

We are going to start by figuring out the source of truth of the inventory we want to import.

If you want to test and use this inventory plugin you can find the code in this Github repository:

https://github.com/jmcleroy/inventoryplugin.git

In this case, it will be an /etc/hosts file externally stored in the Github/Gitlab inventory plugin repo as a test, in a similar fashion this file Continue reading

Combining MLAG Clusters with VXLAN Fabric

In the previous MLAG Deep Dive blog posts we discussed the innards of a standalone MLAG cluster. Now let’s see what happens when we connect such a cluster to a VXLAN fabric – we’ll use our standard MLAG topology and add a VXLAN transport underlay to it with another switch connected to the other end of the underlay network.

MLAG cluster connected to a VXLAN fabric

Combining MLAG Clusters with VXLAN Fabric

Gelsinger Is Still Trying To Build The Next Intel

Intel chief executive officer Pat Gelsinger came into this week’s Intel Innovation 2022 conference less than two years into his plans to reshape the giant chip maker to fit into an IT world that is rapidly becoming more open, more cooperative, and more software-driven. …

Gelsinger Is Still Trying To Build The Next Intel was written by Jeffrey Burt at The Next Platform.

Revisiting BGP EVPN VXLAN to the hosts with SR Linux 22.6.3

Featuring Netlab 1.3.1 and FRR 8.3.1

Containerlab topology for EVPN-VXLAN-to-the-host

At the beginning of this year I wrote about my SR Linux BGP EVPN adventures, with considerations around underlay and overlay design and the illustrious iBGP-over-eBGP approach. Some readers may have noticed a resemblance to the constellation of Ursa Major — the Big Bear: A reference to our friends at CloudBear, a recent SR Linux customer.

Fast forward to September 2022 and we now have SR Linux 22.6.3 with some features I have been waiting for, like (e)BGP Unnumbered. From my side, I have been working with the open source community to extend support for tools like Netlab (formerly Netsim-tools), Containerlab and FRR to enable sophisticated and advanced network topologies using truly open source tools and components.

New features and changes

The issue of running BGP to Linux hosts using FRR popped up in several discussions. Though technically possible, it can be challenging to configure, and there are many design variations with implications that aren’t always obvious. To enable simple experimentation and quick design iterations, I decided to help out by extending Netlab with VLAN, VXLAN and VRF support for FRR. I also made some changes to Continue reading

Software vulnerabilities pose a risk to network infrastructure

As the Log4J crisis made clear, understanding what is in the software unpinning your applications is crucial to understanding your security posture. This is no less true of your network services.Enterprise-network infrastructure is still very much about hardware in data center and LAN and WAN, but now it is becoming more and more about software.In this era of software-defined networks, an ever-increasing number of network appliances are just proprietary software running on generic switching hardware or even a plain vanilla x86 server with extra network cards. That shift in emphasis from the hard to the soft has made the software stacks running the network a new source of risk and worry for cybersecurity.To read this article in full, please click here

Service Mesh and Ingress In Kubernetes: Lesson 6 – Consul Service Mesh And App Installation – Video

Continuing with examples of installing a service mesh, this video walks through deploying the Consul mesh. Host Michael Levan brings his background in system administration, software development, and DevOps to this video series. He has Kubernetes experience as both a developer and infrastructure engineer. He’s also a consultant and Pluralsight author, and host of the […]

The post Service Mesh and Ingress In Kubernetes: Lesson 6 – Consul Service Mesh And App Installation – Video appeared first on Packet Pushers.

Why Connectivity Makes Work From Home a Work in Progress

Residences can require business-class access services to support greater productivity, broadband bandwidth for collaboration, and robust security to better protect the expanded enterprise network.

Fortinet targets SD-WAN, 5G with new AIOps support

Fortinet has added support for AI operations to its Secure SD-WAN and 5G/LTE gateways giving customers more insights into the networks linking their distributed resources and reducing the time it takes to fix problems.The company has expanded its FortiAIOps platform, which uses artificial intelligence and machine learning (AI/ML) to collect network data and analytics to help identify and automate problem resolution. The addition of Secure SD-WAN and 5G/LTE fills out the FortiAIOps portfolio, which already supported WAN, wireless LAN, and LAN operations on a single console to manage and secure wired and wireless connectivity.To read this article in full, please click here

What is new in Calico v3.24

A couple of weeks ago, TIgera engineers released the new version of Calico, as part of a community effort to drive cloud security and networking even further. But before I begin diving into the details of this new release, I want to first spotlight a few of our community members who have merged their contributions to Calico Open Source for the first time.

Shout out to @agaffney for adding configurable labels and annotations to the tigera-operator deployment in Helm charts.

Shout out to @backjo for improving the Calico Windows installation script and adding support for IMDSv2 in AWS EC2 data retrieval.

Shout out to @EugenMayer for pointing out an improvement for the calicoctl binary in a Helm chart installation and @lou-lan for making it happen.

Shout out to @joskuijpers for informing the community about the outdated ipset package in the calico-node ARM64 image and @ScOut3R for updating it.

Shout out to @juanfresia for contributing changes to enable Calico to run without programming the route table, useful when integrating with other routing mechanisms.

Shout out to @muff1nman, who added Wireguard traffic to the Calico failsafe ports, allowing us to confidently apply network security policies without worrying about accidentally cutting off Continue reading

Intel To Broaden FPGA Lineup And Make Them At Home

Back in 2015, when Intel was flush with cash thanks to a near-monopoly from X86 datacenter compute, it shelled out an incredible $16.7 billion to acquire FPGA maker Altera because a few hyperscalers and cloud builders were monkeying around with offloading whole chunks of CPU compute to FPGAs to create SmartNICs. …

Intel To Broaden FPGA Lineup And Make Them At Home was written by Timothy Prickett Morgan at The Next Platform.

« Previous 1 … 383 384 385 386 387 … 3,794 Next »