A fractured cloud strategy causes headaches such as duplicated services, unnecessary costs, poor security controls, and other problems. A cloud center of excellence can reduce the pain by developing and championing best practices, socializing adoption, and addressing inevitable exceptions. Fred Chagnon visits the Day Two Cloud podcast to advocate for building a cloud center of excellence in your org.
The inaugural Kubernetes Security and Observability Summit will be a free, live, online experience full of Kubernetes-related security and observability content. On June 3, 2021, industry experts will gather under one virtual roof to discuss trends, strategies, and technologies for Kubernetes security and observability, to help you understand and navigate today’s pressing issues in the world of cloud-native applications.
Why attend?
The Summit is a great opportunity to:
Network with the industry’s best security, DevOps, and site reliability engineer (SRE) teams for cloud-native platforms
Learn how to secure, observe, and troubleshoot Kubernetes environments
Explore real-world Kubernetes security and observability use cases presented by experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera
Who should attend?
SREs, platform architects, and DevOps and security teams will all find value in attending the Summit.
DevOps teams and SREs – Learn how to include security and observability in your CI/CD to enable security, observability, and troubleshooting
Platform architects – Learn architecture patterns and best practices to secure and troubleshoot cloud-native applications
Security teams – Learn how to holistically secure your cloud-native applications following today’s best practices
Many engineers just assume that secure hardware boot is, in fact, secure. How does this security work, and just how secure is it, though? David Brown joins Tom Ammon, Eyvonne Sharp, and Russ White on this episode of the Hedge to discuss the secure boot loader in some detail. For more information on the secure boot loader and IoT, see David’s presentation at the Open Source Summit.
Palo Alto Networks bolstered its security portfolio with products that target enterprise network users looking to make the move to a zero-trust environment.The new capabilities focus on a number of zero trust mechanisms—including SaaS, cloud and DNS that will be available in June—and will make it significantly easier for organizations to adopt zero-trust security across the enterprise, according to Anand Oswal, senior vice president and general manager with Palo Alto.
More about DNS:
DNS in the cloud: Why and why not
DNS over HTTPS seeks to make internet use more private
How to protect your infrastructure from DNS cache poisoning
ICANN housecleaning revokes old DNS security key
As more people are working from anywhere, they require fast and always-on access to data and applications in the distributed cloud, regardless of location, Oswal said. “An all-encompassing zero-trust approach to network security is critical for safeguarding productivity in the new reality of remote, mobile, and hybrid work,” he said.To read this article in full, please click here
Palo Alto Networks bolstered its security portfolio with products that target enterprise network users looking to make the move to a zero-trust environment.The new capabilities focus on a number of zero trust mechanisms—including SaaS, cloud and DNS that will be available in June—and will make it significantly easier for organizations to adopt zero-trust security across the enterprise, according to Anand Oswal, senior vice president and general manager with Palo Alto.
More about DNS:
DNS in the cloud: Why and why not
DNS over HTTPS seeks to make internet use more private
How to protect your infrastructure from DNS cache poisoning
ICANN housecleaning revokes old DNS security key
As more people are working from anywhere, they require fast and always-on access to data and applications in the distributed cloud, regardless of location, Oswal said. “An all-encompassing zero-trust approach to network security is critical for safeguarding productivity in the new reality of remote, mobile, and hybrid work,” he said.To read this article in full, please click here
Outside of the HPC market where there are a number of companies that have delivered or are working on Arm-based server processors, Ampere Computing is the main independent supplier of Arm-based server chips with its current 80-core Altra chips and its impending 128-core Altra Max chips, which are sampling now and will start shipping in the third quarter. …
With the introduction of Ansible Automation Platform 1.2 at AnsibleFest 2020, Ansible released private Automation Hub. This enables a means to deliver, manage and curate Ansible Automation Platform Certified Content via a central on-premises, self-hosted solution for use by internal automation communities.
This sparked my interest in digging deeper into what private Automation Hub is and how I could leverage it. My initial perception went from a mysterious black box to viewing it as the perfect Ansible Automation Platform sidecar.
I learned quite a bit on how I could optimize it for my environments and wanted to share my findings. Before we start, a brief history of Ansible content and Ansible Content Collections may be helpful.
"Following the light of the sun, we left the Old World." - Christopher Columbus on Ansible Collections
During 2017, the number of modules, roles and content under Ansible's GitHub repository surged. The backlog of issues started to increase as the inflow of new content for different platforms and network appliances/devices outpaced the growth of the Ansible Core team. Various YouTube videos and blog posts provided commentary and insights from the Ansible community. The rapid growth of Ansible content led to the birth Continue reading
In the previous blog post in this series, we explored some of the reasons IP uses per-interface (and not per-node) IP addresses. That model worked well when routers had few interfaces and mostly routed between a few LAN segments (often large subnets of a Class A network assigned to an academic institution) and a few WAN uplinks. In those days, the WAN networks were frequently implemented with non-IP technologies like Frame Relay or ATM (with an occasional pinch of X.25).
The first sign of troubles in paradise probably occurred when someone wanted to use a dial-up modem to connect to a LAN segment. What subnet (and IP address) do you assign to the dial-up connection, and how do you tell the other end what to use? Also, what do you do when you want to have a bank of modems and dozens of people dialing in?
In the previous blog post in this series, we explored some of the reasons IP uses per-interface (and not per-node) IP addresses. That model worked well when routers had few interfaces and mostly routed between a few LAN segments (often large subnets of a Class A network assigned to an academic institution) and a few WAN uplinks. In those days, the WAN networks were often implemented with non-IP technologies like Frame Relay or ATM (with an occasional pinch of X.25).
The first sign of troubles in paradise probably occurred when someone wanted to use a dial-up modem to connect to a LAN segment. What subnet (and IP address) do you assign to the dial-up connection, and how do you tell the other end what to use? Also, what do you do when you want to have a bank of modems and dozens of people dialing in?
By preventing the enemy from gaining a foothold in your organization from which they can move laterally within your network, RBI lets you take the high ground and gain control of the cyber battlefield.
Erosion of the traditional network perimeter and the transition to work-from-anywhere have conspired to bring an unprecedented threat level to endpoint devices, users, and applications, Cisco CEO Chuck Robbins told the online audience at the virtual RSA Conference 2021.Such threats are exacerbated by the fact that over 3,500 vendors offer security products and services that many customers patchwork together, creating complexity that makes it hard for many to build an effective security position, Robbins said.Backup lessons from a cloud-storage disaster
Against that backdrop, Cisco announced a number of security moves to further integrate and upgrade its own overarching offerings with new features and services.To read this article in full, please click here
Erosion of the traditional network perimeter and the transition to work-from-anywhere have conspired to bring an unprecedented threat level to endpoint devices, users, and applications, Cisco CEO Chuck Robbins told the online audience at the virtual RSA Conference 2021.Such threats are exacerbated by the fact that over 3,500 vendors offer security products and services that many customers patchwork together, creating complexity that makes it hard for many to build an effective security position, Robbins said.Backup lessons from a cloud-storage disaster
Against that backdrop, Cisco announced a number of security moves to further integrate and upgrade its own overarching offerings with new features and services.To read this article in full, please click here
Erosion of the traditional network perimeter and the transition to work-from-anywhere have conspired to bring an unprecedented threat level to endpoint devices, users, and applications, Cisco CEO Chuck Robbins told the online audience at the virtual RSA Conference 2021.Such threats are exacerbated by the fact that over 3,500 vendors offer security products and services that many customers patchwork together, creating complexity that makes it hard for many to build an effective security position, Robbins said.Backup lessons from a cloud-storage disaster
Against that backdrop, Cisco announced a number of security moves to further integrate and upgrade its own overarching offerings with new features and services.To read this article in full, please click here
Erosion of the traditional network perimeter and the transition to work-from-anywhere have conspired to bring an unprecedented threat level to endpoint devices, users, and applications, Cisco CEO Chuck Robbins told the online audience at the virtual RSA Conference 2021.Such threats are exacerbated by the fact that over 3,500 vendors offer security products and services that many customers patchwork together, creating complexity that makes it hard for many to build an effective security position, Robbins said.Backup lessons from a cloud-storage disaster
Against that backdrop, Cisco announced a number of security moves to further integrate and upgrade its own overarching offerings with new features and services.To read this article in full, please click here
Since we’re all feeling the fatigue of staring at screens all year, we’re switching things up at this year’s Failover Conf! This one-day conference will be featuring LIVE fireside chats and keynotes where you’ll be able to get your questions answered in real time. You’ll also hear from a variety of industry experts in our two panel discussions. And when you need a break, take a load off and watch some cartoons or listen to music in the breakout rooms where you can jump in and chat with other attendees or just sit back and relax. Join your peers for this virtual experience on April 27 from 9am - 3:30pm PDT. Register now!
Who's Hiring?
DevOps Engineer: At Kinsta, we set out to create the best managed hosting platform in the world. If you are an experienced DevOps Engineer who is constantly looking for ways to innovate and improve, we might just be the place for you! As Kinsta’s DevOps Engineer, you will be instrumental in making sure that our infrastructure is always on the bleeding edge of technology, remaining stable and high-performing at all times. If you love working with Linux, have Continue reading
The Greek philosopher Heraclitus is typically attributed as the creator of the well-known phrase “Change is the only constant.” Since I left VMware in 2018 to join Heptio, change has been my companion. First, there was the change of focus, moving to a focus on Kubernetes and related technologies. Then there was the acquisition of Heptio by VMware, and all the change that comes with an acquisition. Just when things were starting to settle down, along came the acquisition of Pivotal by VMware and several more rounds of changes as a result. Today, I mark the start of another change, as I begin a new role and take the next step in my career journey.
Last week, I announced via Twitter that I was leaving VMware to explore a new opportunity. Today, I start at Kong, Inc., as a Principal Field Engineer. Kong, if you aren’t already familiar, is a company focused on service connectivity for modern architectures, with products like their eponymous API gateway and the Envoy-powered Kuma service mesh. I’m really looking forward to getting much more familiar with Envoy, the Kong API gateway, Kuma, and related projects and technologies. I still get to be Continue reading
Over a decade ago, we entered the high speed switching market with our low latency switches. Our fastest switch then, the 7124, could forward L2/L3 traffic in 500ns, a big improvement over store and forward switches that had 10x higher latency. Combined with Arista EOS®, our products were well received by financial trading and HPC customers.
Over a decade ago, we entered the high speed switching market with our low latency switches. Our fastest switch then, the 7124, could forward L2/L3 traffic in 500ns, a big improvement over store and forward switches that had 10x higher latency. Combined with Arista EOS®, our products were well received by financial trading and HPC customers.
There are halls and corridors in Cloudflare engineering, dangerous places for innocent wanderers, filled with wild project ideas, experiments that we should do, and extremely convincing proponents. A couple of months ago, John Graham-Cumming, our CTO, bumped into me in one of those places and asked: "What if we ported Doom multiplayer to work with our edge network?". He fatally nerd-sniped me.
Aside by John: I nerd-sniped him because I wanted to show how Cloudflare Workers and Durable Objects are a new architectural paradigm where, rather than choosing between two places to write code (the client, the browser or app, and the server, perhaps in a cloud provider availability zone), there’s a third way: put code on the edge.
Writing code that runs on a client (such as JavaScript that runs in a browser or a native app on a phone) has advantages. Because the code runs close to the end-user it can be highly interactive, there’s almost no latency since it’s literally running on the device. But client-side code has security problems: it’s literally in the hands of the end-user and thus can be reverse engineered or modified. And client-side code can be slow to update as it Continue reading
