Using Default AWS Resources with Pulumi

Per the AWS documentation (although I’m sure there are exceptions), when you start using AWS you are given some automatically-created resources: a default VPC that contains public subnets in each availability zone in the region along with an Internet gateway and settings to enable DNS resolution. Most of the infrastructure-as-code tutorials that I’ve seen start with creating a VPC and subnets and gateway, but what if you wanted to use these default resources instead? I wasn’t really able to find a good walkthrough on how to do this, so this post provides some sample Go code you can use with Pulumi to identify these default AWS resources and use them.

I’ll approach this from the perspective of wanting to launch an EC2 instance in the default infrastructure that AWS provides for you in a region. To launch an EC2 instance using Pulumi (and most other infrastructure-as-code tools), there are several pieces of information you need:

  1. An AMI ID
  2. The instance type
  3. The name of an SSH keypair that’s been uploaded to/created in AWS
  4. A subnet ID
  5. A security group ID

The first three are probably things you’ll want to parameterize (i.e., make it possible for you to pass Continue reading

ClickHouse SF Bay Area Meetup: Akvorado

Here are the slides I presented for a ClickHouse SF Bay Area Meetup in July 2022, hosted by Altinity. They are about Akvorado, a network flow collector and visualizer, and notably on how it relies on ClickHouse, a column-oriented database.

Slides in PDF format

The meetup was recorded and available on YouTube. Here is the part relevant to my presentation, with subtitles:1

I got a few questions about how to get information from the higher layers, like HTTP. As my use case for Akvorado was at the network edge, my answers were mostly negative. However, as sFlow is extensible, when collecting flows from Linux servers instead, you could embed additional data and they could be exported as well.

I also got a question about doing aggregation in a single table. ClickHouse can aggregate automatically data using TTL. My answer for not doing that is partial. There is another reason: the retention periods of the various tables may overlap. For example, the main table keeps data for 15 days, but even in these 15 days, if I do a query on a 12-hour window, it is faster to use the flows_1m0s aggregated table, unless I request something about Continue reading

Day Two Cloud 156: Multi-Cloud Experience Monitoring With Broadcom Software (Sponsored)

It's hard to guarantee quality of experience for users accessing cloud applications. The users are connected via networks we don’t own, and the apps are hosted on networks we don’t own. So what can a network operations team do about quality of experience in a world of cloud-hosted apps and cloud-connected users? Sponsor Broadcom Software is here to help us answer this question.

IBM bolsters quantum cryptography for z16 mainframe

While the need for it may be years away, IBM has added additional mainframe protection against future quantum-based security attacks.When Big Blue rolled out the newest iteration of its mainframe – the z16—in April, one of its core design pillars was a promise to protect organizations from anticipated quantum-based security threats. Specifically, the z16 supports the Crypto Express8S adapter to deliver quantum-safe APIs that will let enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications, IBM stated.To read this article in full, please click here

IBM bolsters quantum cryptography for z16 mainframe

While the need for it may be years away, IBM has added additional mainframe protection against future quantum-based security attacks.When Big Blue rolled out the newest iteration of its mainframe – the z16—in April, one of its core design pillars was a promise to protect organizations from anticipated quantum-based security threats. Specifically, the z16 supports the Crypto Express8S adapter to deliver quantum-safe APIs that will let enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications, IBM stated.To read this article in full, please click here

IBM bolsters quantum cryptography for z16 mainframe

While the need for it may be years away, IBM has added additional mainframe protection against future quantum-based security attacks.When Big Blue rolled out the newest iteration of its mainframe – the z16—in April, one of its core design pillars was a promise to protect organizations from anticipated quantum-based security threats. Specifically, the z16 supports the Crypto Express8S adapter to deliver quantum-safe APIs that will let enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications, IBM stated.To read this article in full, please click here

IBM bolsters quantum cryptography for z16 mainframe

While the need for it may be years away, IBM has added additional mainframe protection against future quantum-based security attacks.When Big Blue rolled out the newest iteration of its mainframe – the z16—in April, one of its core design pillars was a promise to protect organizations from anticipated quantum-based security threats. Specifically, the z16 supports the Crypto Express8S adapter to deliver quantum-safe APIs that will let enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications, IBM stated.To read this article in full, please click here

Privacy And Networking Part 5: The Data Lifecycle

In the previous posts in this series, I concluded that privacy is everyone’s responsibility, that IP addresses (and a lot of other information network engineers handle) are protected information, and while processing packets probably doesn’t trigger any privacy warnings, network logging should and does. In this post, I want to start answering the question—okay, what […]

The post Privacy And Networking Part 5: The Data Lifecycle appeared first on Packet Pushers.

Twilight Zone: File Transfer Never Completes

Ages ago when we were building networks using super-expensive 64kbps WAN links, a customer sent us a weird bug report:

Everything works fine, but we cannot transfer one particular file between two locations – the file transfer stalls and eventually times out. At the same time, we’re seeing increased number of CRC errors on the WAN link.

My chat with the engineer handling the ticket went along these lines:

Read more …

Twilight Zone: File Transfer Never Completes

Ages ago when we were building networks using super-expensive 64kbps WAN links, a customer sent us a weird bug report:

Everything works fine, but we cannot transfer one particular file between two locations – the file transfer stalls and eventually times out. At the same time, we’re seeing increased number of CRC errors on the WAN link.

My chat with the engineer handling the ticket went along these lines:

Read more …

IBM Uses Power10 CPU As An I/O Switch

Back in early July, we covered the launch of IBM’s entry and midrange Power10 systems and mused about how Big Blue could use these systems to reinvigorate an HPC business rather than just satisfy the needs of the enterprise customers who run transaction processing systems and are looking to add AI inference to their applications through matrix math units on the Power10 chip.

IBM Uses Power10 CPU As An I/O Switch was written by Timothy Prickett Morgan at The Next Platform.

Getting started with container security

A couple of days ago, I was checking my Twitter feed and saw a tweet from someone saying how frustrated he was that DockerHub (a renowned container registry) was down. Someone else replied to the tweet, recommending the tweet’s author to check out Google’s repository, where they have DockerHub mirrors in Google Cloud.

My first reaction was “Nice! How clever of this person (or Google) to have thought of this idea.” My next thought was, wait. This could lead to potential security risks for some developers who are not familiar with how these registries are updated and what images go into these mirrored sites. Imagine when application developers are busy scrambling to check-in their latest update to the CI/CD pipeline of the software they are building, and in that time crunch, their go-to container registry is down. Do developers really have the time to check if there are vulnerable images in every registry they use? Will there be an easy, streamlined way to automatically scan the images no matter which registry developers use to pull their images? The short answer is yes, and we will look into that in this blog.

Scan all your container assets with Calico Cloud

Continue reading

Aruba boosts AI capabilities to help enterprises manage, troubleshoot the edge

Aruba is adding AIOps features to its Edge Services Platform (ESP) to help customers automate everyday tasks, shrink the time needed to find and fix problems, and increase edge security controls.Rolled out in 2020, Aruba ESP analyzes telemetry data generated from Aruba Wi-Fi or network switching gear and uses it to automatically optimize connectivity, discover network problems, and secure the overall edge environment. ESP builds a data lake of a customer’s data center, campus, and SD-WAN switch information, and it combines that data with statistics from billions of data points generated daily by Aruba devices worldwide.To read this article in full, please click here

Aruba boosts AI capabilities to help enterprises manage, troubleshoot the edge

Aruba is adding AIOps features to its Edge Services Platform (ESP) to help customers automate everyday tasks, shrink the time needed to find and fix problems, and increase edge security controls.Rolled out in 2020, Aruba ESP analyzes telemetry data generated from Aruba Wi-Fi or network switching gear and uses it to automatically optimize connectivity, discover network problems, and secure the overall edge environment. ESP builds a data lake of a customer’s data center, campus, and SD-WAN switch information, and it combines that data with statistics from billions of data points generated daily by Aruba devices worldwide.To read this article in full, please click here

1 481 482 483 484 485 3,858