How VMware IT Achieved Zero Trust in the Data Center: a Step-by-Step Approach

Security keeps getting more complex, and despite a multitude of products, tools and processes, organizations find it challenging to prevent 100 percent of breaches or unwanted access. Zero Trust holds the promise of achieving tighter security by only trusting network traffic that is specifically permitted by a security policy. While the task appears daunting, those organizations that follow a step-by-step approach can achieve success.

The process followed by VMware IT (VMIT) can serve as a blueprint for other organizations, removing some of the mystery and complexity. VMIT embarked on a Zero Trust project for data center security to prevent unwanted lateral movement, restricting communication among workloads to only the minimum needed to complete their jobs. The goal was to make Zero Trust the new normal for all applications in the data center. To do so, the team needed to gain a complete understanding of all applications, down to the workload level. Once understood, effective policies can be crafted to permit only the desired behavior.

Step one: macro-segmentation

Achieving Zero Trust fits neatly into a five-step approach (see A Practical Path to Zero Trust in the Data Center white paper), which starts with macro-segmenting the network and culminates in micro-segmenting all Continue reading

Department of Defense works to integrate battlefield intel networks

If yours is like most enterprises, it is under intense competitive pressure to understand faster, decide faster, and act faster in an increasingly dynamic environment.For businesses, that environment is the economy. But for the U.S. Department of Defense (DoD), the environment in which they must leverage technology and tactics against deadly adversaries is more like a battlefield. And all but the most self-aggrandizing sales directors would agree that the stakes on the battlefield are considerably higher than growing revenue and capturing market share. (Not that they are trivial!) Read more: Cisco tool taps telemetry for network, security analyticsTo read this article in full, please click here

Department of Defense works to integrate battlefield intel networks

If yours is like most enterprises, it is under intense competitive pressure to understand faster, decide faster, and act faster in an increasingly dynamic environment.For businesses, that environment is the economy. But for the U.S. Department of Defense (DoD), the environment in which they must leverage technology and tactics against deadly adversaries is more like a battlefield. And all but the most self-aggrandizing sales directors would agree that the stakes on the battlefield are considerably higher than growing revenue and capturing market share. (Not that they are trivial!) Read more: Cisco tool taps telemetry for network, security analyticsTo read this article in full, please click here

The Department of Defense, networking, and the speed of relevance

If yours is like most enterprises, it is under intense competitive pressure to understand faster, decide faster, and act faster in an increasingly dynamic environment.For businesses, that environment is the economy. But for the U.S. Department of Defense (DoD), the environment in which they must leverage technology and tactics against deadly adversaries is more like a battlefield. And all but the most self-aggrandizing sales directors would agree that the stakes on the battlefield are considerably higher than growing revenue and capturing market share. (Not that they are trivial!) Read more: Cisco tool taps telemetry for network, security analyticsTo read this article in full, please click here

The Department of Defense, networking, and the speed of relevance

If yours is like most enterprises, it is under intense competitive pressure to understand faster, decide faster, and act faster in an increasingly dynamic environment.For businesses, that environment is the economy. But for the U.S. Department of Defense (DoD), the environment in which they must leverage technology and tactics against deadly adversaries is more like a battlefield. And all but the most self-aggrandizing sales directors would agree that the stakes on the battlefield are considerably higher than growing revenue and capturing market share. (Not that they are trivial!) Read more: Cisco tool taps telemetry for network, security analyticsTo read this article in full, please click here

Webinars in the First Half of 2021

It’s time for another this is what we did in the last six months blog post. Instead of writing another wall-of-text, I just updated the one I published in early January. Here are the highlights:

That’s about it for the first half of 2021. I’ll be back in early September.

Webinars in the First Half of 2021

It’s time for another this is what we did in the last six months blog post. Instead of writing another wall-of-text, I just updated the one I published in early January. Here are the highlights:

That’s about it for the first half of 2021. I’ll be back in early September.

Network Analysis 2. Analysing Network Configuration Consistency (Sanity check, BGP, Routes) with Batfish for Cisco, Arista, and Cumulus

Hello my friend,

In the previous blogpost we’ve introduced the Batfish and how to set it up. Today we’ll take a look how to perform the analysis of the configuration to figure out discrepancies, which may lead to broken operation of your network.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Network Analysis as Part of Automation?

In software development we have a concept called CI/CD (Continuous Integration/Continuous Delivery). In a nutshell, it’s a methodology, which incorporates mandatory testing of configuration (code, software version, etc) before bringing it to production. The main idea behind it is that automated testing and validation will make sure that code is stable and fit for purpose. Automated testing? That’s where the automation comes to the stage.

And automation is something what we are experts in. And you can benefit from that expertise as well.

In our network automation training we follow zero to hero approach, where we start with the basics including Linux operation and administration topped with Continue reading

my CKA/CKAD study plan

This is the story of studying Kubernetes basics from the perspective of network engineer. I had basic Linux background, some free time, and willingness to discover this brave new world of containers, pods and microservices.

I think one of the best ways to do this kind of studying is to follow the blueprint of recognized industry certification. This gives you a concrete study plan and bring structure to your knowledge from the very beginning.

There are such certifications in Kubernetes world – CKA and CKAD from CNCF/The Lunix Foundation. It’s quite popular certifications (as k8s in general), and so there a LOT of study material out there in the Internet. Below is the list of sources I’ve used.

  1. KubeAcademy from VMware. Collection of short courses to study the 101 of containers, Docker and Kubernetes. I’ve found it useful to do first quick dive into this area of knowledge.
  2. Kubernetes: Up and Running. The must-read book about Kubernetes architecture and concepts. Explains everything in great details.
  3. Great cources from Mumshad Mannambeth on Udemy – CKA and CKAD. This courses contain almost everything you need to know to pass the exams, and also have a lot of practice labs to consolidate theoretical Continue reading

Weekend Reads 062521


We were increasing HTTP requests for one of our applications, hosted on the Kubernetes cluster, which resulted in a spike of 5xx errors.


A continuous integration/continuous deployment (CI/CD) pipeline is an anchor for every DevOps initiative.


If you are new to the security world, it is fair to ask yourself, “Isn’t access to data and systems always conditional? Isn’t it always granted to someone who has access to the credentials (ID and password)?”


Could artificial intelligence be better at designing chips than human experts? A group of researchers from Google’s Brain Team attempted to answer this question and came back with interesting findings.


The CIS Controls are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.


The VPN industry is booming and prospective users have hundreds of options to pick from. All claim to be the best, but some are more privacy-conscious than others.


In this article, we look at the key differences between the most popular cloud technology delivery models: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and (Infrastructure-as-a-Service).


Daily decisions should be motivated by how they can improve the company, and Continue reading

Putting the FUN Back in Productivity

It’s not a secret that it’s hard to get stuff done. Procrastination is practically a super power for me. I’ve tried so many methods and systems to keep myself on track over the years that I should probably start a review site. Sadly, the battle of my executive function being on constant vacation and the inability to get organized saps a lot of my ability to execute. It’s gotten to the point where I’ve finally realized that I need to start tricking my brain into getting things done.

Any reputable researcher will tell you that dealing with neurodivergent behaviors like ADHD is all about understanding the reasons why you do the things you do. I know what needs to be done. I just don’t want to do it. Worse yet, anything that I can do to avoid working on something is going to capture my attention because I’d rather be doing something unproductive as opposed to something I don’t like. This can manifest itself in strange ways like preferring to do the dishes instead of writing a blog post or mowing the yard instead of practicing a presentation.

Not DisFUNctional

It’s taken me a while but I’ve finally come up Continue reading

Installing Older Versions of Kumactl on an M1 Mac

The Kuma community recently released version 1.2.0 of the open source Kuma service mesh, and along with it a corresponding version of kumactl, the command-line utility for interacting with Kuma. To make it easy for macOS users to get kumactl, the Kuma community maintains a Homebrew formula for the CLI utility. That includes providing M1-native (ARM64) macOS binaries for kumactl. Unfortunately, installing an earlier version of kumactl on an M1-based Mac using Homebrew is somewhat less than ideal. Here’s one way—probably not the only way—to work around some of the challenges.

Note that this post really only applies to users of M1-based Macs; users of Intel-based Macs can extract the kumactl binary from the release archive available linked from the Kuma install docs. (The same goes for users of Linux distributions running on Intel-based hardware.) On the Kuma website, simply select the desired version of Kuma from the drop-down in the upper left, check the page for the direct download link, and off you go. This doesn’t work for M1-based Macs because at the time this post was written, the Kuma community was not providing ARM64 binaries. This leaves Homebrew as the only way (aside Continue reading

1 698 699 700 701 702 3,835