0

10 Resources to Get Started on Container Network Security

Ready to get started? The following resources and tutorials will enhance your understanding of container network security and help you get started.

Analyst Research

Get an independent analyst’s view on the state of container security:

• GigaOm Radar Report for Evaluating Service Mesh
• Forrester Research: Best Practices for Container Security

Blogs

Many container network security experts are blogging about lessons learned and sharing their knowledge on how to secure mod- ern applications. Follow their conversations:

• Securing Modern Applications and APIs: Why and How?
• It’s Time to Rethink Security Across the Software Supply Chain
• Multi-Cloud Connectivity and Security Needs of Kubernetes Applications
• Announcing the General Availability of Container Security in VMware Carbon Black Cloud
• VMware to Help Customers Make Modern Apps More Secure with Intent to Acquire Mesh7
• Forging a Path to Continuous, Risk-based Security with VMware Tanzu Service Mesh

Courses and Certifications

Developers and platform operators alike need to learn how to secure applications and platforms. Why not take a class to enrich your understanding? There are many free and low-cost options, including the following:

• Kubernetes Security Essentials
• Kubernetes Security Fundamentals
• Networking in Kubernetes
• Kubernetes Platform Security
• Kubernetes Networking Deep Dive
• Interacting with Kubernetes – Introduction to Ingress
• Kubernetes Security
• Service Continue reading

0

Day Two Cloud 122: Two Customer Journeys To VMware Cloud (Sponsored)

Ethan Banks and Ned Bellavance hosted a panel discussion at VMworld 2021 with two VMware customers using VMware Cloud---the University of Miami and Sterling National Bank. This discussion looks at what works, where the customers ran into issues, and how their cloud journeys are progressing.

0

Day Two Cloud 122: Two Customer Journeys To VMware Cloud (Sponsored)

Ethan Banks and Ned Bellavance hosted a panel discussion at VMworld 2021 with two VMware customers using VMware Cloud---the University of Miami and Sterling National Bank. This discussion looks at what works, where the customers ran into issues, and how their cloud journeys are progressing.

The post Day Two Cloud 122: Two Customer Journeys To VMware Cloud (Sponsored) appeared first on Packet Pushers.

0

The tale of a single register value

“Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth.” — Sherlock Holmes

Intro

It’s not every day that you get to debug what may well be a packet of death. It was certainly the first time for me.

What do I mean by “a packet of death”? A software bug where the network stack crashes in reaction to a single received network packet, taking down the whole operating system with it. Like in the well known case of Windows ping of death.

Challenge accepted.

It starts with an oops

Around a year ago we started seeing kernel crashes in the Linux ipv4 stack. Servers were crashing sporadically, but we learned the hard way to never ignore cases like that — when possible we always trace crashes. We also couldn’t tie it to a particular kernel version, which could indicate a regression which hopefully could be tracked down to a single faulty change in the Linux kernel.

The crashed servers were leaving behind only a crash report, affectionately known as a “kernel oops”. Let’s take a look at it and go over what information we have there.

Parts of the oops, like offsets into Continue reading

0

The Circular Data Center: Deploy a Cloud Operating Model While Lowering Cost and Climate Impacts

ITRenew has announced that Pluribus Netvisor ONE OS and the Adaptive Cloud Fabric controllerless SDN software are now available as part of Sesame by ITRenew rack-scale cloud solutions. Pluribus is very pleased to take part in this new circular approach to building data centers; one where we can deliver a cloud operating model with on-prem performance, while also helping our customers achieve their sustainability goals.

The timing of this partnership is apropos given the global attention to COP26, the United Nations Climate Change Conference and ongoing efforts worldwide to scale back emissions. While all industries have a responsibility on this front, the data center industry has specific, well-documented sustainability challenges that are only just starting to be properly addressed.

Most efforts to build the “green data center” have largely focused on increasing energy efficiency and using renewable energy sources, even though power used during the operational phase is only part of the problem. The bigger environmental culprit is that the industry continues to manufacture and deploy brand-new IT infrastructure equipment at a rapid pace.

In its report, “The Financial & Sustainability Case for Circularity,” ITRenew used a lifecycle model, assuming a typical 3-year operational lifetime for the equipment, Continue reading

0

The Circular Data Center: Deploy a Cloud Operating Model While Lowering Cost and Climate Impacts

ITRenew has announced that Pluribus Netvisor ONE OS and the Adaptive Cloud Fabric controllerless SDN software are now available as part of Sesame by ITRenew rack-scale cloud solutions.

The post The Circular Data Center: Deploy a Cloud Operating Model While Lowering Cost and Climate Impacts appeared first on Pluribus Networks.

0

La découverte des peers BGP LLDP

The post La découverte des peers BGP LLDP appeared first on Noction.

0

Even Simple Data Models Are a Huge Win

Dan Augustine sent me a wonderful example illustrating how even a very simple data model together with some automation templates can simplify a large-scale deployment.

---

We have a 100 router installation coming up for our schools and both of our installation vendors do not use open source templating tools and they are not willing to share.

Having taken the Data Models in Network Automation part of your Network Automation Concepts webinar, I decided to install GitLab, make an Ansible project and invite our installation partners to the project.

0

Even Simple Data Models Are a Huge Win

Dan Augustine sent me a wonderful example illustrating how even a very simple data model together with some automation templates can simplify a large-scale deployment.

---

We have a 100 router installation coming up for our schools and both of our installation vendors do not use open source templating tools and they are not willing to share.

Having taken the Data Models in Network Automation part of your Network Automation Concepts webinar, I decided to install GitLab, make an Ansible project and invite our installation partners to the project.

0

Using the cheat command on Fedora Linux

The term "cheat sheet" has long been used to refer to listings of commands with quick explanations and examples that help people get used to running them on the Linux command line and understanding their many options.Most Linux users have, at one time or another, relied on cheat sheets to get them started. There is, however, a tool called "cheat" that comes with a couple hundred cheat sheets and that installs quickly and easily on Fedora and likely many other Linux systems. Read on to see how the cheat command works.Finding installed packages on Fedora Linux systems First, to install cheat on Fedora, use a command like one of these:To read this article in full, please click here

0

Using the cheat command on Fedora Linux

The term "cheat sheet" has long been used to refer to listings of commands with quick explanations and examples that help people get used to running them on the Linux command line and understanding their many options.Most Linux users have, at one time or another, relied on cheat sheets to get them started. There is, however, a tool called "cheat" that comes with a couple hundred cheat sheets and that installs quickly and easily on Fedora and likely many other Linux systems. Read on to see how the cheat command works.Finding installed packages on Fedora Linux systems First, to install cheat on Fedora, use a command like one of these:To read this article in full, please click here

0

How PowerShell can find features and roles on Windows servers

The PowerShell Get-WindowsFeature command—or, more properly, cmdlet—can retrieve a list of Windows features, including server roles, that are installed on a server or workstation running Windows, making it a handy tool for server admins.Learning about it can point up its value and how a broader knowledge of PowerShell commands may lead to more efficient administration of Windows servers.[Get regularly scheduled insights by signing up for Network World newsletters.] Tim Ferrill By default, the output of the Get-WindowsFeature cmdlet provides something of a hierarchical view with individual features having boxes checked or not depending on their installation status. (Click to expand the image at left.) This is great for quickly eyeballing a single server to get an idea of what functions it provides, but as the list contains upwards of 250 roles and features, it starts to lose practicality when you are looking for a specific set of features or want to inventory multiple servers in a single pass.To read this article in full, please click here

0

How PowerShell can find features and roles on Windows servers

The PowerShell Get-WindowsFeature command—or, more properly, cmdlet—can retrieve a list of Windows features, including server roles, that are installed on a server or workstation running Windows, making it a handy tool for server admins.Learning about it can point up its value and how a broader knowledge of PowerShell commands may lead to more efficient administration of Windows servers.[Get regularly scheduled insights by signing up for Network World newsletters.] Tim Ferrill By default, the output of the Get-WindowsFeature cmdlet provides something of a hierarchical view with individual features having boxes checked or not depending on their installation status. (Click to expand the image at left.) This is great for quickly eyeballing a single server to get an idea of what functions it provides, but as the list contains upwards of 250 roles and features, it starts to lose practicality when you are looking for a specific set of features or want to inventory multiple servers in a single pass.To read this article in full, please click here

0

Juniper service provides AI-based network management

Juniper Networks has rolled out a cloud-based service that uses AI to manage everything from network inventory and configuration details to device status and contract information.Juniper Support Insights securely gathers network information from Juniper’s Junos switching and routing portfolio, including ACX, EX, MX, PTX, QFX, and SRX Series platforms and provides it to the Juniper cloud. Learn more about 5G and WiFi 6 What is 5G? How is it better than 4G? How to determine if WiFi 6 is right for you What is MU-MIMO? Why do you need it in your wireless routers? When to use 5G, when to use WiFi 6 How enterprises can prep for 5G networks The Junos devices can connect directly to the cloud or via Lightweight Collector, an on-premises appliance that can link up to 20,000 devices to the cloud.To read this article in full, please click here

0

Startup Rips The Switch Out Of High-Performance Networks

The rapid movement of data to the cloud, the sharp rise in the amount of east-west traffic and the broadening adoption of modern applications like artificial intelligence (AI) and machine learning are putting stress on traditional networking infrastructures that were designed for a different era and are struggling to meet the demands for better performance, more bandwidth and less latency. …

Startup Rips The Switch Out Of High-Performance Networks was written by Jeffrey Burt at The Next Platform.

0

Label standard and best practices for Kubernetes security

In this blog post, I will be talking about label standard and best practices for Kubernetes security. This is a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchical security design that is capable of achieving your enterprise security and compliance requirements, then define your label standard in alignment with your design. This is not meant to be a comprehensive guide for all your label requirements, but rather a framework that guides you through developing your own label standard to meet your specific security requirements.

Kubernetes labels for network policies

Labels are key/value pairs that are attached to Kubernetes objects to identify attributes that are intuitive for users and that are required for specific purposes, such as inventory reporting or the enforcement of an intent.

Label classification

Kubernetes network policies represent the intent of enforcing security controls to pods using labels to match intended endpoints. Label prefixes can be used to identify label classification. The following short-list is a high-level classification of endpoints required for developing a Kubernetes network policies design:

• Multi-tenancy
• Application microsegmentation
• External endpoints
• Host endpoints

Label scope

Labels Continue reading

0

AnsibleFest 2021 – What it means for Partners

As the weather turns to Fall, the seasons seem to parallel that of the technology cycles. Over the past couple of decades, we have seen various transformations within the high-tech area:

• From mainframe to distributed computing to hybrid cloud and now edge
• From databases to data warehouse to advanced analytics and machine learning
• From the challenges of storing a gigabyte of data, now grown to storing zetabytes+ of data per day.

All of this has moved businesses forward, driving great innovation. When it comes to infrastructure, nothing is more impactful than a core architectural update that fundamentally changes the way enterprises drive their business.  Distributed computing, distributed architectures like cloud, hybrid cloud and edge computing reinforce this  premise in the era of hybrid cloud computing.

The recent announcement of Red Hat Ansible Automation Platform 2 aligns to this blossoming hybrid cloud model, where automation meets the modern hybrid cloud environment.  This represents a great opportunity for our Red Hat Ansible Partner Ecosystem.

 

AnsibleFest Announcements  - Key Partner Takeaways

Red Hat recently held AnsibleFest 2021 which included some fantastic content that is still available on demand. I would like to highlight some of  the exciting AnsibleFest news and Continue reading

0

AnisbleFest 2021 – What it means for Partners

As the weather turns to Fall, the seasons seem to parallel that of the technology cycles. Over the past couple of decades, we have seen various transformations within the high-tech area:

• From mainframe to distributed computing to hybrid cloud and now edge
• From databases to data warehouse to advanced analytics and machine learning
• From the challenges of storing a gigabyte of data, now grown to storing zetabytes+ of data per day.

All of this has moved businesses forward, driving great innovation. When it comes to infrastructure, nothing is more impactful than a core architectural update that fundamentally changes the way enterprises drive their business.  Distributed computing, distributed architectures like cloud, hybrid cloud and edge computing reinforce this  premise in the era of hybrid cloud computing.

The recent announcement of Red Hat Ansible Automation Platform 2 aligns to this blossoming hybrid cloud model, where automation meets the modern hybrid cloud environment.  This represents a great opportunity for our Red Hat Ansible Partner Ecosystem.

 

AnsibleFest Announcements  - Key Partner Takeaways

Red Hat recently held AnsibleFest 2021 which included some fantastic content that is still available on demand. I would like to highlight some of  the exciting AnsibleFest news and Continue reading

0

Best Practices for Managing Your Hardening Project

A successful server hardening project requires the right techniques and tools. A critical factor that impacts ROI is how deep are you going to go with automation.

0

How we build software at Cloudflare

Cloudflare provides a broad range of products — ranging from security, to performance and serverless compute — which are used by millions of Internet properties worldwide. Often, these products are built by multiple teams in close collaboration and delivering them can be a complex task. So ever wondered how we do so consistently and safely at scale?

Software delivery consists of all the activities to get working software into the hands of customers. It’s usual to talk about software delivery with reference to a model, or framework. These provide the scaffolding for most modern software delivery models, although in order to minimise operational friction it’s usual for a company to tailor their approach to suit their business context and culture.

For example, a company that designs the autopilot systems for passenger aircraft will require very strict tolerances, as a failure could cost hundreds of lives. They would want a different process to a cutting edge tech startup, who may value time to market over system uptime or stability.

Before outlining the approach we use at Cloudflare it’s worth quickly running through a couple of commonly used delivery models.

The Waterfall Approach

Waterfall has its foundations (pun intended) in construction and Continue reading