Azure Networking Fundamentals: Network Security Group (NSG)

Comment: Here is a part of the introduction section of the second chapter of my Azure Networking Fundamentals book. I will also publish other chapters' introduction sections soon so you can see if the book is for you. The book is available at Leanpub and Amazon (links on the right pane).

This chapter introduces three NSG scenarios. The first example explains the NSG-NIC association. In this section, we create a VM that acts as a Bastion host*). Instead of using the Azure Bastion service, we deploy a custom-made vm-Bastion to snet-dmz and allow SSH connection from the external network. The second example describes the NSG-Subnet association. In this section, we launch vm-Front-1 in the front-end subnet. Then we deploy an NSG that allows SSH connection from the Bastion host IP address. The last part of the chapter introduces an Application Security Group (ASG), which we are using to form a logical VM group. We can then use the ASG as a destination in the security rule in NSG. There are two ASGs in figure 2-1. We can create a logical group of VMs by associating them with the same Application Security Group (ASG). The ASG can then be used Continue reading

Accelerating cloud-native development brings opportunities and challenges for enterprises

By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. This momentum of these workloads and solutions presents a significant opportunity for companies that can meet the challenges of the burgeoning industry.

As digitalization continues pushing applications and services to the cloud, many companies discover that traditional security, compliance, and observability approaches do not transfer directly to cloud-native architectures. This is the primary takeaway from Tigera’s recent The State of Cloud-Native Security report. As 75% of companies surveyed are focusing on cloud-native application development, it is imperative that leaders understand the differences, challenges, and opportunities of cloud-native environments to ensure they reap the efficiency, flexibility, and speed that these architectures offer.

Containers: Rethinking security

The flexibility container workloads provide makes the traditional ‘castle and moat’ approach to security obsolete. Cloud-native architectures do not have a single vulnerable entry point but many potential attack vectors because of the increased attack surface. Sixty-seven percent of companies named security as the top challenge regarding the speed of deployment cycles. Further, 69% of companies identified container-level firewall capabilities, such as intrusion detection and prevention, web application firewall, protection from “Denial of Service” Continue reading

BrandPost: Three Ways SD-WAN and Networking-as-a-Service Benefit Sustainability and ESG

By: Gabriel Gomane, Senior Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.Environment, social, and governance, or ESG, has become a hot topic in corporate strategy as a key component to driving shareholder value and interest. Sustainability, in particular, is often considered the main focus to attain ESG goals due to growing climate change concerns. That strategy, however, must look beyond traditional methods and expand to encompass IT and corporate computing practices, which in turn can drive a significant chunk of an organization’s carbon footprint through its vast energy needs.In a recent Gartner survey, CEOs considered environmental sustainability as a key differentiator and placed environmental sustainability in the top 10 strategic business priorities. Additionally, 74% of CEOs agreed that increasing Environmental, Social and Governance (ESG) efforts attract investors toward their companies[1].To read this article in full, please click here

Fundamentals of Network Automation with Ansible Validated Content using the network.base collection

Fundamentals of Network Automation blog

We introduced resource modules in Ansible 2.9, which provided a path for users to ease network management, especially across multiple different product vendors. This announcement was significant because these resource modules added a well structured representation of device configurations and made it easy to manage common network configurations.

At AnsibleFest 2022, we announced a new addition to the content ecosystem offered through the platform: Ansible validated content. Ansible validated content is use cases-focused automation that is packaged as Collections. They contain Ansible plugins, roles and playbooks that you can use as an automation job through Red Hat Ansible Automation Platform.

The Ansible validated content for network base focuses on abstract platform-agnostic network automation and enhances the experience of resource module consumption by providing production-ready content. This network base content acts as the core to the other network validated content, which I will explain more about in the examples below.

Network base use cases

The network.base Collection acts as a core for other Ansible validated content, as it provides the platform agnostic role called Resource Manager, which is the platform-agnostic entry point for managing all of the resources supported for a given network OS. It includes the Continue reading

Intelligent, automatic restarts for unhealthy Kafka consumers

At Cloudflare, we take steps to ensure we are resilient against failure at all levels of our infrastructure. This includes Kafka, which we use for critical workflows such as sending time-sensitive emails and alerts.

We learned a lot about keeping our applications that leverage Kafka healthy, so they can always be operational. Application health checks are notoriously hard to implement: What determines an application as healthy? How can we keep services operational at all times?

These can be implemented in many ways. We’ll talk about an approach that allows us to considerably reduce incidents with unhealthy applications while requiring less manual intervention.

Kafka at Cloudflare

Cloudflare is a big adopter of Kafka. We use Kafka as a way to decouple services due to its asynchronous nature and reliability. It allows different teams to work effectively without creating dependencies on one another. You can also read more about how other teams at Cloudflare use Kafka in this post.

Kafka is used to send and receive messages. Messages represent some kind of event like a credit card payment or details of a new user created in your platform. These messages can be represented in multiple ways: JSON, Protobuf, Avro and so on.

Will DPUs Change the Network?

It’s easy to get excited about what seems to be a new technology and conclude that it will forever change the way we do things. For example, I’ve seen claims that SmartNICs (also known as Data Processing Units – DPU) will forever change the network.

TL&DR: Of course they won’t.

Before we start discussing the details, it’s worth remembering what a DPU is: it’s another server with its own CPU, memory, and network interface card (NIC) that happens to have PCI hardware that emulates the host interface cards. It might also have dedicated FPGA or ASICs.

Will DPUs Change the Network?

TL&DR: Of course they won’t.

Melbourne home to AWS’ second region in Australia

Amazon Web Services (AWS) on Tuesday said its second infrastructure region in Australia has been made available for customers.The new region in Melbourne (codenamed: ap-southeast-4), which was first announced in December 2020, will consist of three availability zones.Availability zones are the building blocks of an AWS region that place infrastructure in separate and distinct geographic locations.AWS had launched its first infrastructure region in Sydney in 2012, which also has three availability zones.Other than the two regions, Australia is home to seven Amazon CloudFront Edge locations in Australia, backed by a Regional Edge cache in Sydney. The company had launched an additional CloudFront point of presence (PoP) in Perth in 2018.To read this article in full, please click here

Melbourne home to AWS’ second region in Australia

Introducing IRP v4.1.1 and the latest BGP Redirect & FlowSpec Redirect threat mitigation mechanisms.

The post Introducing IRP v4.1.1 and the latest BGP Redirect & FlowSpec Redirect threat mitigation mechanisms. appeared first on Noction.

Introducing IRP v4.1.1 and the latest BGP Redirect & FlowSpec Redirect threat mitigation mechanisms.

The post Introducing IRP v4.1.1 and the latest BGP Redirect & FlowSpec Redirect threat mitigation mechanisms. appeared first on Noction.

Nvidia targets insider attacks with digital fingerprinting technology

A new AI-based system from Nvidia sniffs out unusual behavior and ties it to users, in an effort to prevent insider attacks and protect digital credentials.

Nvidia targets insider attacks with digital fingerprinting technology

A new AI-based system from Nvidia sniffs out unusual behavior and ties it to users, in an effort to prevent insider attacks and protect digital credentials.

Network Break 414: 230 Juniper Vulnerabilities, Should Cisco Patch An EOL Router, T-Mobile Takes Weeks To Spot Breach

On today's Network Break podcast we cover a raft of Juniper vulnerabilities, whether Cisco should patch serious vulnerabilities in end-of-life products, a big T-Mobile breach, Avaya dealing with significant debt, sweeping rounds of layoffs, and more IT news.

Network Break 414: 230 Juniper Vulnerabilities, Should Cisco Patch An EOL Router, T-Mobile Takes Weeks To Spot Breach

The post Network Break 414: 230 Juniper Vulnerabilities, Should Cisco Patch An EOL Router, T-Mobile Takes Weeks To Spot Breach appeared first on Packet Pushers.

IDC: With possible recession looming, IT pros plan spending adjustments

Facing what they perceive as an inevitable recession, IT planners are moving ahead with infrastructure investment but also calculating how to shift priorities if spending cuts become unavoidable, according to monthly surveys by IDC.Roughly 81% of respondents expect their spending to stay the same or increase for 2023, despite anticipating economic “storms of disruption." The results are based on surveys conducted in November and December 2022 of more than 800 IT decision makers in North America, Asia/Pacific, and Europe.Cloud spending is increasing, and an IDC Quick poll of 69 CIOs from its global CIO Executive Council conducted in December found two-thirds of them are already spending more on cloud services than they budgeted. The two studies are cited in the IDC report “Early 2023 Cloud Budget Outlook: Aligning IT Spending with the Business Conditions” published this month.To read this article in full, please click here

Working with image files on the Linux command line

While the best way to view or manipulate image files on Linux is to open them on your desktop for viewing or manipulating with tools like Gimp, there are quite a few ways to get important details on the command line.Identifying image type by file extension In general, image files can be identified on the command line by listing their names. Clearly ".jpg" represents a jpeg file, ".png" a portable network graphics file, ".gif" a graphics interchange format file, ".tiff" a tagged image file and so on.$ ls -l images -rw-rw-r--. 1 shs shs 256093 Jul 15 2018 mycats.jpg -rw-r-----. 1 shs shs 784238 Jul 15 2018 mycats.png -rw-rw-r--. 1 shs shs 6760 Jul 15 2018 arrow.jpg -rw-r-----. 1 shs shs 8853 Jul 15 2018 arrow.png Nearly all of the time you can rely on file extensions accurately reporting the file type, but there's more you can do with additional commands.To read this article in full, please click here

Working with image files on the Linux command line

Ansible Wisdom and ChatGPT: Putting it to the test

Image: DALL-E

Artificial intelligence (AI) is revolutionizing how we work and play in exciting ways. At first glance, AI tools, such as ChatGPT, seem to provide all the correct answers. But once we delve deeper and implement the suggestions, it often isn’t as effortless as it appears. This is especially true when generating code.

In this blog, we wanted to put ChatGPT to the test and see how it fares with developing Ansible Playbooks and share our results. We’ll also cover the experience and feedback from developers across domains.

We’ll also provide more information on our upcoming automation AI superpower, Project Wisdom.

First, let’s briefly discuss what ChatGPT is and how it works.

What is ChatGPT?

“We’ve trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests.”

OpenAI ChatGPT release announcement

ChatGPT is a chatbot developed by OpenAI and built on top of their GPT (Generative Pre-trained Transformer) 3.5 large language model.

Large language models (LLM) are trained on massive amounts of data to predict the next word in a sentence. GPT 3. Continue reading

AWS pledges $35 billion of additional investment for Virginia data centers

Amazon Web Services has confirmed it plans to invest a further $35 billion by 2040 in Virginia, expanding its US-EAST-1 region by establishing multiple data center campuses across the state and creating 1,000 new jobs.Governor of Virginia Glenn Youngkin announced the news on January 20, saying he was excited that AWS has chosen to continue its growth in the region.“Virginia will continue to encourage the development of this new generation of data center campuses across multiple regions of the Commonwealth,” he said in a statement.To read this article in full, please click here

« Previous 1 … 399 400 401 402 403 … 3,877 Next »