Heavy Networking 647: Fortinet’s ZTNA Differentiation Starts With The OS (Sponsored)

A full zero trust architecture goes up and down the stack, bringing in policy and enforcement strategies from the application layer, all the way down into the network. On today's Heavy Networking podcast we discuss zero trust network access, or ZTNA, with sponsor Fortinet. ZTNA is but one part of a robust zero trust architecture, but what a crucial component it is. Alex Samonte, Director of Technical Architecture, joins us to get into nerdy specifics about Fortinet’s ZTNA.

Heavy Networking 647: Fortinet’s ZTNA Differentiation Starts With The OS (Sponsored)

A full zero trust architecture goes up and down the stack, bringing in policy and enforcement strategies from the application layer, all the way down into the network. On today's Heavy Networking podcast we discuss zero trust network access, or ZTNA, with sponsor Fortinet. ZTNA is but one part of a robust zero trust architecture, but what a crucial component it is. Alex Samonte, Director of Technical Architecture, joins us to get into nerdy specifics about Fortinet’s ZTNA.

The post Heavy Networking 647: Fortinet’s ZTNA Differentiation Starts With The OS (Sponsored) appeared first on Packet Pushers.

How Idit Levine’s Athletic Past Fueled Solo.io‘s Startup

How Idit Levine’s Athletic Past Fueled Solo.io‘s Startup “I was basically going to compete with all my international friends for two minutes without parents, without anything,” Levine said. “I think it made me who I am today. It’s really giving you a lot of confidence to teach you how to handle situations … stay calm and still focus.” Developing that calm and focus proved an asset during Levine’s subsequent career in professional basketball in Israel, and when she later started her own company. In this episode of The Tech Founder Odyssey podcast series, Levine, founder and CEO of Colleen Coll and Heather Joslyn of The New Stack After finishing school and service in the Israeli Army, Levine was still unsure of what she wanted to do. She noticed her brother and sister’s fascination with computers. Soon enough, she recalled,  “I picked up a book to teach myself how to program.” Continue reading

Redundancy Is Not Resiliency

Most people carry a spare tire in their car. It’s there in case you get a flat and need to change the tire before you can be on your way again. In my old VAR job I drove a lot away from home and to the middle of nowhere so I didn’t want to rely on roadside assistance. Instead I just grabbed the extra tire out of the back if I needed it and went on my way. However, the process wasn’t entirely hitless. Even the pit crew for a racing team needs time to change tires. I could probably get it done in 20 minutes with appropriate cursing but those were 20 minutes that I wasn’t doing anything else beyond fixing a tire.

Spare tires are redundant. You have an extra thing to replace something that isn’t working. IT operations teams are familiar with redundant systems. Maybe you have a cold spare on the shelf for a switch that might go down. You might have a cold or warm data center location for a disaster. You could even have redundant devices in your enterprise to help you get back in to your equipment if something causes it to go Continue reading

The Basics of Network Address Translation (NAT)

The last video in the 2-hour-long Network Addressing part of How Networks Really Work discusses Network Address Translation.

After watching it, you might want to spend some extra quality time (with a bit of soap opera vibe) enjoying the recent Dual ISP deployment operational issues and uncertainties thread on the v6ops mailing list with a “surprising” result: NPTv6 or NAT66 is the least horrible way to do it.

Watch the video
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.

The Basics of Network Address Translation (NAT)

The last video in the 2-hour-long Network Addressing part of How Networks Really Work discusses Network Address Translation.

After watching it, you might want to spend some extra quality time (with a bit of soap opera vibe) enjoying the recent Dual ISP deployment operational issues and uncertainties thread on the v6ops mailing list with a “surprising” result: NPTv6 or NAT66 is the least horrible way to do it.

Watch the video
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.

ARM updates Neoverse enterprise processor roadmap

Arm has introduced the next generation of its Neoverse high performance core technology, and Nvidia will be one of the first licensees to offer it out of the gate.Arm introduced the Neoverse N-Series processors for data center use in 2019, along with the Neoverse E-Series for edge computing and the Neoverse V-Series for high performance computing (HPC).For Neoverse V2, Arm is claiming higher per-thread performance at half the power consumption of its x86 competitors. Dermot O’Driscoll, vice president of product solutions at Arm, said on a conference call with journalists that the main aim of V2 is improved performance for cloud and single-thread workloads while balancing power consumption.To read this article in full, please click here

ARM updates Neoverse enterprise processor roadmap

Arm has introduced the next generation of its Neoverse high performance core technology, and Nvidia will be one of the first licensees to offer it out of the gate.Arm introduced the Neoverse N-Series processors for data center use in 2019, along with the Neoverse E-Series for edge computing and the Neoverse V-Series for high performance computing (HPC).For Neoverse V2, Arm is claiming higher per-thread performance at half the power consumption of its x86 competitors. Dermot O’Driscoll, vice president of product solutions at Arm, said on a conference call with journalists that the main aim of V2 is improved performance for cloud and single-thread workloads while balancing power consumption.To read this article in full, please click here

How to configure a standby Azure AD Connect server

Organizations often use Azure AD Connect to maintain the relationship between their on-prem active directory and their Office 365/Azure cloud instance, and when doing this, it’s important that they build in redundancy with business continuity in mind.Recently our organization sought to make two meaningful changes to its sync relationship: set up a non-domain-controller AD Connect server configure the existing sync server as a standby for failover in the event of problems with the primary server [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

How to configure a standby Azure AD Connect server

Organizations often use Azure AD Connect to maintain the relationship between their on-prem active directory and their Office 365/Azure cloud instance, and when doing this, it’s important that they build in redundancy with business continuity in mind.Recently our organization sought to make two meaningful changes to its sync relationship: set up a non-domain-controller AD Connect server configure the existing sync server as a standby for failover in the event of problems with the primary server [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

Juniper Apstra Freeform Supports New Topologies, Protocols For Data Center Automation–With Caveats

Juniper Apstra has introduced Freeform, a new way to consume Apstra's data center automation platform without being tied to stringent reference architectures. While Freeform expands the network topologies and protocols Apstra can work with, it comes with its own tradeoffs.

The post Juniper Apstra Freeform Supports New Topologies, Protocols For Data Center Automation–With Caveats appeared first on Packet Pushers.

Juniper increases flexibility of its data-center automation and assurance platform

Juniper Networks has expanded the features of its Apstra intent-based networking software to include broader configuration and multiprotocol support, and has added a new licensing scheme.The latest version of Apstra includes a feature called Freeform Reference Designs  for designing data-center networks that support any protocol, topology or network domain. Data center reference designs are offered by all major data center players and typically feature validated, repeatable infrastructure system maps on how networked resources are configured.To read this article in full, please click here

Low latency flow analytics


Real-time analytics on network flow data with Apache Pinot describes LinkedIn's flow ingestion and analytics pipeline for sFlow and IPFIX exports from network devices. The solution uses Apache Kafka message queues to connect LinkedIn's InFlow flow analyzer with the Apache Pinot datastore to support low latency queries. The article describes the scale of the monitoring system, InFlow receives 50k flows per second from over 100 different network devices on the LinkedIn backbone and edge devices and states InFlow requires storage of tens of TBs of data with a retention of 30 days. The article concludes, Following the successful onboarding of flow data to a real-time table on Pinot, freshness of data improved from 15 mins to 1 minute and query latencies were reduced by as much as 95%.
The sFlow-RT real-time analytics engine provides a faster, simpler, more scaleable, alternative for flow monitoring. sFlow-RT  radically simplifies the measurement pipeline, combining flow collection, enrichment, and analytics in a single programmable stage. Removing pipeline stages improves data freshness — flow measurements represent an up to the second view of traffic flowing through the monitored network devices. The improvement from minute to sub-second data freshness enhances automation use cases such as automated DDoS Continue reading

Using Cloudflare R2 as an apt/yum repository

Using Cloudflare R2 as an apt/yum repository
Using Cloudflare R2 as an apt/yum repository

In this blog post, we’re going to talk about how we use Cloudflare R2 as an apt/yum repository to bring cloudflared (the Cloudflare Tunnel daemon) to your Debian/Ubuntu and CentOS/RHEL systems and how you can do it for your own distributable in a few easy steps!

I work on Cloudflare Tunnel, a product which enables customers to quickly connect their private networks and services through the Cloudflare global network without needing to expose any public IPs or ports through their firewall. Cloudflare Tunnel is managed for users by cloudflared, a tool that runs on the same network as the private services. It proxies traffic for these services via Cloudflare, and users can then access these services securely through the Cloudflare network.

Our connector, cloudflared, was designed to be lightweight and flexible enough to be effectively deployed on a Raspberry Pi, a router, your laptop, or a server running on a data center with applications ranging from IoT control to private networking. Naturally, this means cloudflared comes built for a myriad of operating systems, architectures and package distributions: You could download the appropriate package from our GitHub releases, brew install it or apt/yum install it (https://pkg.cloudflare. Continue reading

Multi-Cloud: Myths and Reality

I keep hearing numerous variations of the following argument from people believing in the unlimited powers of multi-cloud1 (deploying your workloads in multiple public cloud providers):

We don’t install all our servers in the same DC. But would you trust one Cloud Server Provider with all your applications? That’s why you should use multi-cloud.

I’ve been hearing similar arguments for at least 30 years, including:

Read more …
1 391 392 393 394 395 3,794