The 6th post in the ‘Automate Leaf and Spine Deployment’ series goes through the validation of the fabric once deployment has been completed. A desired state validation file is built from the contents of the variable files and compared against the devices actual state to determine whether the fabric and all the services that run on top of it comply.
This article was originally posted on the Amazon Web Services Security Blog.
AWS CloudFormation is a service that lets you create a collection of related Amazon Web Services and third-party resources and provision them in an orderly and predictable fashion. A typical access control pattern is to delegate permissions for users to interact with CloudFormation and remove or limit their permissions to provision resources directly. You can grant the AWS CloudFormation service permission to create resources by creating a role that the user passes to CloudFormation when a stack or stack set is created. This can be used to ensure that only pre-authorized services and resources are provisioned in your AWS account. In this post, I show you how to conform to the principle of least privilege while still allowing users to use CloudFormation to create the resources they need.
This week's Network Break podcast discusses VMware's purchase of API security startup Mesh7, looks at a new security option for third-party Web components from Tala Security, and analyzes why Gartner is so bullish on the SONiC network OS. We also speculate on motivations behind Google's real estate spending spree, and hand out a nice selection of virtual donuts.
The post Network Break 325: VMware Buys API Security Startup; Gartner Bullish On SONiC Network OS appeared first on Packet Pushers.
For two decades now, Google has demonstrated perhaps more than any other company that the datacenter is the new computer, what the search engine giant called a “warehouse-scale machine” way back in 2009 with a paper written by Urs Hölzle, who was and still is senior vice president for Technical Infrastructure at Google, and Luiz André Barroso, who is vice president of engineering for the core products at Google and who was a researcher at Digital Equipment and Compaq before that. …
Google Says The SOC Is The New Motherboard was written by Timothy Prickett Morgan at The Next Platform.
How long does it take to learn a new skill? It’s like…a really long time, right? You never have that much time to learn whatever it is. Most people who learn new skills are dedicated super humans who put in 25 hour days doing labs and reading books and taking courses and sniffing markers. Those folks sacrifice everything to stay ahead and command the respect of their peers. Right? Isn’t that how it’s supposed to work?
New skills come from one thing. Focus. That’s it. That’s the secret. Focus to learn a skill comes in blocks of a few undistracted hours at a time. Not dramatic sacrifice. Not bragging to social media about how you’re crushing it on your studies because you’ve given up your personal life.
Let the public drama queen masochists do what they feel they must to impress…whomever. They are not your role model. You don’t need to be them. You just need to find a few consecutive hours on your calendar. Block them off. Use them to focus on a single thing you want to learn. During the blocked off time, learn the thing. Do not do any of the other things that Continue reading
Jack of all trades, master of none.
This singular saying—a misquote of Benjamin Franklin (more on this in a moment)—is the defining statement of our time. An alternative form might be the fox knows many small things, but the hedgehog knows one big thing.
The rules for success in the modern marketplace, particularly in the technical world, are simple: start early, focus on a single thing, and practice hard.
But when I look around, I find these rules rarely define actual success. Consider my life. I started out with three different interests, starting jazz piano lessons when I was twelve, continuing music through high school, college, and for many years after. At the same time, I was learning electronics—just about everyone in my family is in electronic engineering (or computers, when those came along) in one way or another.
I worked as on airfield electronics for a few years in the US Air Force (one of the reasons I tend to be calm is I’ve faced death up close and personal multiple times, an experience that tends to center your mind), including RADAR, radio, and instrument landing systems. Besides these two, I was highly interested in art and illustration, getting Continue reading
Today on the Tech Bytes podcast, sponsored by Gluware, we discuss automating cloud networks. Our guest is Mike Haugh, VP of Product Marketing. Mike takes us through how Gluware worked with a customer to integrate with Terraform to automate standing up AWS resources.
The post Tech Bytes: Automating Cloud Networks With Gluware (Sponsored) appeared first on Packet Pushers.
This chapter explains how we can provision vEdge devices manually. It starts by explaining how to build an initial system and tunnel interface configurations. Then it goes through the various certificate installation steps (CA root certificate, Certificate Signing Request (CSR), and granted certificate). After the initial configuration and certificate process section, this chapter shows how we can verify the Control Plane operation. Figure 2-1 illustrates our example topology. For simplicity, there are only two vEdge devices used in this chapter.
 |
Figure 2-1: SD-WAN Topology. |
After toiling away in relative obscurity for over a decade, open source Julia is right on time for the big enterprise AI/ML code modernization party.
Why Julia is Turning Heads in 2021 was written by Nicole Hemsoth at The Next Platform.
When chip makers launch the latest additions of their datacenter processors, server OEMs have historically immediately or soon after followed with a rollout of the latest new or enhanced systems based on those offerings. …
Designing Servers In Rapidly Changing Times was written by Jeffrey Burt at The Next Platform.
The recent addition of in-band streaming telemetry (INT) measurements to the sFlow industry standard simplifies deployment by addressing the operational challenges of in-band monitoring.
The diagram shows the basic elements of In-band Network Telemetry (INT) in which the ingress switch is programmed to insert a header containing measurements to packets entering the network. Each switch in the path is programmed to append additional measurements to the packet header. The egress switch is programmed to remove the header so that the packet can be delivered to its destination. The egress switch is responsible for processing the measurements or sending them on to analytics software.
There are currently two competing specifications for in-band telemetry:
Common telemetry attributes from both standards include:
Visibility into network forwarding performance is very useful, however, there are practical issues that should be considered with the in-band telemetry approach for collecting the measurements:
Blazing speeds: The U.K. government has announced the areas that will first get gigabit broadband service as part of an ambitious plan to roll out super high-speed Internet service to 85 percent of the nation by 2025, the BBC reports. First on the list are homes and businesses in Cambridgeshire, Cornwall, Cumbria, Dorset, Durham, Essex, Northumberland, South Tyneside, and Tees Valley.
Protect the DNS: The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency are pushing for a new security service, called Protective DNS, for the Internet’s Domain Name System, Nextgov says. Protective DNS “is different from earlier security-related changes to DNS in that it is envisioned as a security service – not a protocol – that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture,” says a guide from the NSA and CISA. The goal is to foil more than 90 percent of all malware attacks.
Tracking all the phones: Apple is warning that Chinese app makers are creating workarounds for the company’s upcoming limits on ad tracking on its iPhones, the South China Morning Post writes. An upcoming software update from Apple requires users to give permission Continue reading