Introducing Zero-Knowledge Proofs for Private Web Attestation with Cross/Multi-Vendor Hardware

Introducing Zero-Knowledge Proofs for Private Web Attestation with Cross/Multi-Vendor Hardware
Introducing Zero-Knowledge Proofs for Private Web Attestation with Cross/Multi-Vendor Hardware

A few weeks ago we introduced Cryptographic Attestation of Personhood to replace CAPTCHAs with USB security keys, and today we announced additional support for on-device biometric hardware. While doing that work, it occurred to us that hardware attestation, proving identity or other properties of a user with a piece of hardware, could have many wider applications beyond just CAPTCHA alternatives and user authentication via WebAuthn. Really, why should someone have to have an account to prove they exist, when their own trusted device can do so?

Attestation in the WebAuthn standard lets websites know that your security key is authentic. It was designed to have good privacy properties baked into policies that must be followed by device manufacturers. The information your security key sends to websites is indistinguishable from that of myriad other keys.  Even so, we wanted to do better. If we’re taking attestation out of authentication, then we need to learn only that your security key is authentic — and we’ve designed a new Zero-Knowledge Proof for the browser to do that.

This is part of our work to improve privacy across the Internet. We’ve yet to put this proof of personhood in production, but you can see Continue reading

5 steps for modernizing enterprise networks

The business value of the network has never been higher, and this is driven by digital transformation as borne out businesses accelerating their digital initiatives by as much as seven years due to the pandemic. This is had a profound impact on the enterprise network as most of the enabling technologies such as cloud, mobility and IoT are network centric.This intense focus on digital transformation has exposed many flaws with legacy networks. They are rigid, require intensive manual processes, and lack the agility and intelligence to meet the demands of digital business. Organizations need to make network modernization a priority if they are to maximize their investments in other technologies. Here are five steps that all businesses should consider when modernizing the network.To read this article in full, please click here

5 steps for modernizing enterprise networks

The business value of the network has never been higher, and this is driven by digital transformation as borne out businesses accelerating their digital initiatives by as much as seven years due to the pandemic. This is had a profound impact on the enterprise network as most of the enabling technologies such as cloud, mobility and IoT are network centric.This intense focus on digital transformation has exposed many flaws with legacy networks. They are rigid, require intensive manual processes, and lack the agility and intelligence to meet the demands of digital business. Organizations need to make network modernization a priority if they are to maximize their investments in other technologies. Here are five steps that all businesses should consider when modernizing the network.To read this article in full, please click here

Kubernetes observability challenges in cloud-native architecture

Kubernetes is the de-facto platform for orchestrating containerized workloads and microservices, which are the building blocks of cloud-native applications. Kubernetes workloads are highly dynamic, ephemeral, and are deployed on a distributed and agile infrastructure. Although the benefits of cloud-native applications managed by Kubernetes are plenty, Kubernetes presents a new set of observability challenges in cloud-native applications.

Let’s consider some observability challenges:

  • Data silos – Traditional monitoring tools specialize in collecting metrics at the application and infrastructure level. Given the highly dynamic, distributed, and ephemeral nature of cloud-native applications, this style of metrics collection creates data in silos that need to be stitched together in the context of a service in order to enable DevOps and SREs to debug service issues (e.g. slow response time, downtime, etc.). Further, if DevOps or service owners add new metrics for observation, data silos can cause broken cross-references and data misinterpretation, leading to data misalignment, slower communication, and incorrect analysis.
  • Data volume and granular components – Kubernetes deployments have granular components such as pods, containers, and microservices that are running on top of distributed and ephemeral infrastructure. An incredibly high volume of granular data is generated at each layer as alerts, logs, and Continue reading

Docker, Openvswitch & Aruba VXLAN Network Build

Docker, Openvswitch & Aruba VXLAN Network Build

This blog provides details of how to build a static VXLAN network that connects physical hardware to a virtualised network, enabling communication from docker containers to external nodes.
The build is comprised of a hardware ArubaOS-Switch acting as a VTEP and an openvswitch VTEP running on an ubuntu server, which is the host for the docker containers.
This network also serves to prove interoperability between the ArubaOS-Switch VXLAN stack and that running on openvswitch.
The use of docker containers as target nodes enables rapid deploy and tear-down of network components, which is particularly useful in lab environments for testing.

Kit List

2 x ArubaOS-CX 6300 hardware switch (only 1 is required.)
1 x HP EliteDesk PC running Hyper-V hosting an ubuntu 21.04 VM
1 x HP EliteDesk PC running ubuntu 21.04 bare metal.

Notes:
I used a VM for the openvswitch / docker linux server to take advantage of snapshots while documenting this build. This server can be any linux server.

Network Diagram

Docker, Openvswitch & Aruba VXLAN Network Build

Build Steps

Configure the ArubaOS-CX hardware switch

  1. Configure the ArubaOS-CX switch and local server (172.18.1.1) so that they are in the same subnet and can ping each other.
  2. Configure the ArubaOS-CX Continue reading

Hedge 95: Mike Bushong and Agile

We’ve all been told agile is better … but as anyone who’s listened here long enough knows, if you haven’t found the tradeoffs, you haven’t looked hard enough. What is agile better for? Are there time when agile is better, and times when more traditional project management processes are better? Mike Bushong joins Tom Ammon, Eyvonne Sharp, and Russ White on this, the 95th episode of the Hedge, to discuss his experience with implementing agile, where it works, and where it doesn’t.

download

Day Two Cloud 110: Automation’s Unintended Consequences – The Bunny.net Outage Saga

Today's Day Two Cloud podcast walks through a massive outage that hit CDN provider Bunny.net. An automated update triggered cascading failures that essentially took the company offline for two frantic hours. The company shared a detailed postmortem of what happened, and we're joined by company founder Dejan Pelze to walk us through the issues and share lessons learned about infrastructure, automation, and dependencies.

Day Two Cloud 110: Automation’s Unintended Consequences – The Bunny.net Outage Saga

Today's Day Two Cloud podcast walks through a massive outage that hit CDN provider Bunny.net. An automated update triggered cascading failures that essentially took the company offline for two frantic hours. The company shared a detailed postmortem of what happened, and we're joined by company founder Dejan Pelze to walk us through the issues and share lessons learned about infrastructure, automation, and dependencies.

The post Day Two Cloud 110: Automation’s Unintended Consequences – The Bunny.net Outage Saga appeared first on Packet Pushers.

Ingress Controllers: The More the Merrier

Just like everything in the software development space, especially in today’s cloud native world, fragmentation is everywhere. As with any single category of tool — service meshes, orchestrators and observability tools — you will find multiple “brands” and variations of each tool being used in most organizations. We can identify two main causes for such fragmentation: One is deliberate, and the other is not. Let’s talk about the non-deliberate cause first and how that relates to my own service mesh company

LISP – OMP – BGP EVPN Interoperability – Part VIII: LISP, OMP, and BGP EVPN Comparison

 

IP reachability

 

Every Overlay Network solution requires IP reachability between edge devices via Underlay Network. This section explains the basic routing solution in Underlay Network from Campus Fabric, SD-WAN, and Datacenter Fabric perspectives. Figure 7-1 illustrates the IP reachability requirements for Campus Fabric, SD-WAN, and Datacenter Fabric.


Figure 7-1: IP Reachability Requirements.

 

Continue reading

ITRenew and Vapor IO partner for edge infrastructure and connectivity

ITRenew and Vapor IO are teaming up on an enterprise service that's designed to bring performance and affordability to edge computing. ITRenew, which I've written about before, specializes in acquiring used data-center gear from hyperscale vendors, refurbishing it, and selling it to data-center operators for much less than new equipment would cost.Up until now, ITRenew focused on enterprise data-center customers. Now it's eyeing the edge through its partnership with Vapor IO, which specializes in colocation, networking and interconnection services.To read this article in full, please click here

ITRenew and Vapor IO partner for edge infrastructure and connectivity

ITRenew and Vapor IO are teaming up on an enterprise service that's designed to bring performance and affordability to edge computing. ITRenew, which I've written about before, specializes in acquiring used data-center gear from hyperscale vendors, refurbishing it, and selling it to data-center operators for much less than new equipment would cost.Up until now, ITRenew focused on enterprise data-center customers. Now it's eyeing the edge through its partnership with Vapor IO, which specializes in colocation, networking and interconnection services.To read this article in full, please click here

Infrastructure 1. Building Virtualized Environment with Debian Linux and Proxmox on HP and Supermicro

Hello my friend,

Just the last week we finished our Zero-to-Hero Network Automation Training, which was very intensive and very interesting. The one could think: it is time for vacation now!.. Not quite yet. We decided to use the time wisely and upgrade our lab to bring possibilities for customers to use it. Lab upgrade means a major infrastructure project, which involves brining new hardware, changing topology and new software to simplify its management. Sounds interesting? Jump to details!



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

What is Infrastructure Automation?

Each and every element of your entire IT landscape requires two actions. It shall be monitored and it shall be managed. Being managed means that the element shall be configured and this is the first step for all sort of automations. Configuration management is a perfect use case to start automating your infrastructure, which spans servers, network devices, VMs, containers and much more. And we are here to help you to do Continue reading

Working around a memory leak in Cisco Cat 9000 switches

Cisco Catalyst 9000 Series switches have become the switch of choice for many enterprises, including the environment that I work in, where Cisco Catalyst 9300 24- and 48-port switches running Gibraltar-16.12.3 code had become the standard for the access layer when more than 12 ports were needed.That was about two years ago, and a year or so after that we began receiving notifications from an onsite location that there were intermittent network outages and performance degradation at the site. This is an account of how we found workarounds to the problem until Cisco provided a permanent fix.The 10 most powerful companies in enterprise networking 2021 We started troubleshooting the issue and found the following syslog messages that we had never seen before:To read this article in full, please click here

Extreme targets SD-WAN services with Ipanema buy

With an eye toward reinforcing its cloud management business, Extreme Networks said it will acquire Ipanema’s SD-WAN business for about $73 million in cash.Ipanema and its SD-WAN business has been owned by France-based network orchestration firm Infovista since 2015 and has approximately 400 customers, mostly in Europe. Its cloud-managed SD-WAN platform is designed to deliver different workloads and applications securely across conventional wide-area networks and multicloud service providers, according to the company.To read this article in full, please click here

1 675 676 677 678 679 3,835