NetworkingNexus.net

The Week in Internet News: No Internet, No Vaccine

Unhealthy access: People lacking Internet access in the U.S., including some racial minorities, may be missing out on COVID-19 vaccines, The Conversation suggests. Signing up for the vaccine in the U.S. has largely happened online, meaning fewer seniors from underserved minority communities have been able to make appointments. In addition, people without Internet access have missed out on other health resources during the pandemic, as the use of telehealth services has skyrocketed during the pandemic.

Permission to be social: Mexican Senator Ricardo Monreal has proposed regulations for social media companies that would require them to “request authorization” from the country’s telecom regulator in order to continue operating in the country, Reuters reports. The Latin American Internet Association is protesting against the proposal, saying it would violate the United States-Mexico-Canada Agreement and create unjustified trade barriers.

No sale: U.S. President Joe Biden has paused the proposed sale of TikTok from Chinese owner ByteDance to Oracle and Walmart after former President Donald Trump raised security concerns about the app, NPR reports. Trump had threated to ban the video sharing app unless it was sold, but the Biden administration will undertake “a wide-ranging probe into how Chinese-owned technology companies could Continue reading

Tech Resume Library: 24 downloadable templates for IT pros

A well-crafted resume will attract recruiters, HR pros and hiring managers, but getting it just right is a daunting task. To jump start the process, Insider Pro has assembled this collection of real resumes revamped by professional resume writers. (Watch this space for new templates.)

Fast vs Easy: Benchmarking Ansible Operators for Kubernetes

With Kubernetes, you get a lot of powerful functionality that makes it relatively easy to manage and scale simple applications and API services right out of the box. These simple apps are generally stateless, so the Kubernetes can deploy, scale and recover from failures without any specific knowledge. But what if Kubernetes native capabilities are not enough?

Operators in Kubernetes and Red Hat OpenShift clusters are a common means for controlling the complete application lifecycle (deployment, updates, and integrations) for complex container-native deployments.

Initially, building and maintaining an Operator required deep knowledge of Kubernetes' internals. They were usually written in Go, the same language as Kubernetes itself.

The Operator SDK, which is a Cloud Native Computing Foundation (CNCF) incubator project, makes managing Operators much easier by providing the tools to build, test, and package Operators. The SDK currently incorporates three options for building an Operator:

Go
Ansible
Helm

Go-based Operators are the most customizable, since you're working close to the underlying Kubernetes APIs with a full programming language. But they are also the most complex, because the plumbing is directly exposed. You have to know the Go language and Kubernetes internals to be able to maintain these operators.

Fast vs Easy: Benchmarking Ansible Operators for Kubernetes

Initially, building and maintaining an Operator required deep knowledge of Kubernetes' internals. They were usually written in Go, the same language as Kubernetes itself.

Go
Ansible
Helm

Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored)

Today's Tech Bytes podcast from the Packet Pushers is a conversation with Node4, a managed security service provider that's deploying and operating Fortinet’s Secure SD-WAN for its customers. Fortinet is our sponsor. Our guest from Node4 is Glenn Akester, Lead Network Services Architect.

Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored)

The post Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored) appeared first on Packet Pushers.

IBM launches AIX-to-cloud app migration program

IBM has launched the Power Private Cloud (PPC) Rack solution, a converged infrastructure product that migrates on-premises apps running on its POWER9/AIX systems to the cloud.The solution consists of three POWER System S922 servers with 20 CPU cores, 256GB of RAM, and 3.2TB of NVMe local storage, plus a new storage enclosure, the FlashSystem 5200, with a minimum of 9.6TB and a pair of SAN24B-6 switches with 24 Fibre Channel ports.To read this article in full, please click here

How to protect backups from ransomware

Ransomware is becoming the number one threat to data, which makes it essential to ensure that bad actors don’t encrypt your backup data along with your primary data when they execute ransomware attacks. If they succeed at that, you will have no choice but to pay the ransom, and that will encourage them to try it again.The key to not having to pay ransom is having the backups to restore systems that ransomware has encrypted. And the key to protecting those backups from ransomware is to put as many barriers as you can between production systems and backup systems. Whatever you do, make sure that the only copy of your backups is not simply sitting in a directory on a Windows server in the same data center you are trying to protect. Let’s take a closer look at a few key elements of that sentence: “Windows”, “same data center”, and “sitting in a directory”.To read this article in full, please click here

Rant: Don’t Ever Compare Enterprise IT Shenanigans with Apollo 13

Here’s a recent tweet by my friend Joe Onisick that triggered this blog post:

My favorite people are the ones that start with “how could we make that work?” Before jumping into all of their preconceived bs on why it won’t work.

I couldn’t agree more with that sentiment. The number of people who would invent all sorts of excuses just to avoid turning on their brains and keep to their cozy old methods is staggering. Unfortunately, someone immediately had the urge to switch into what I understood to be a heroic MacGyver mode (or maybe it was just my lack of caffeine, in which case I apologize for the misquote… but you might still like the rest of the rant):

Rant: Don’t Ever Compare Enterprise IT Shenanigans with Apollo 13

Here’s a recent tweet by my friend Joe Onisick that triggered this blog post:

My favorite people are the ones that start with “how could we make that work?” Before jumping into all of their preconceived bs on why it won’t work.

Networking and Infrastructure News Roundup: February 12 Edition

In the news this week: Solutions and partnerships to help with the transition to cloud and support for Kubernetes.

Install azruntime as a CLI program using pipx

azruntime, the Python program I wrote to manage virtual machines in my Azure subscriptions, is more convenient to use when run as a command from the Linux prompt instead of as a Python program in its virtual environment. You can install Python packages as command-line-programs using pipx.

To make azruntime work after using pipx to install it, I had to organize the project into a proper Python package folder structure, add an entry point in the setup.py file, and change the authentication class used by azruntime.

This post describes what I learned about pipx and Python packaging to enable me to install azruntime as a CLI application.

Changing the package directory structure

I originally structured the azruntime package so all its files were in one folder. I know this is not the standard way that packages are organized but I thought it was simpler and it worked with pip. However, pipx requires the correct package folder structure.

Below, I show the new folder structure I created.

azruntime/
├── LICENSE
├── README.md
├── azruntime
│   ├── __init.py__
│   ├── __main__.py
│   └── azruntime.py
├── requirements.txt
└── setup.py

At the top level, I have Continue reading

Worth Reading: Internet of Trash

I love the recent Internet of Trash article by Geoff Huston, in particular this bit:

“Move fast and break things” is not a tenable paradigm for this industry today, if it ever was. In the light of our experience with the outcomes of an industry that became fixated on pumping out minimally viable product, it’s a paradigm that heads towards what we would conventionally label as criminal negligence.

Of course it’s not just the Internet-of-Trash. Whole IT is filled with examples of startups and “venerable” companies doing the same thing and boasting about their disruptiveness. Now go and read the whole article ;)

Keep reading

Worth Reading: Internet of Trash

I love the recent Internet of Trash article by Geoff Huston, in particular this bit:

“Move fast and break things” is not a tenable paradigm for this industry today, if it ever was. In the light of our experience with the outcomes of an industry that became fixated on pumping out minimally viable product, it’s a paradigm that heads towards what we would conventionally label as criminal negligence.

Keep reading

Controversial Reads 021321

It’s often a clear signal that we’re in deep trouble when politicians believe that they need to lend a hand and help out with regulations.

Governor Ron DeSantis has proposed legislation that, if passed, will severely curtail the ability of Big Tech platforms to capriciously and with malice aforethought punish Florida citizens and politicians.

Hateful speech presents one of the most difficult problems of content moderation. At a global scale, it’s practically impossible.

On February 8, 1996, John Perry Barlow published his “Declaration of Independence in Cyberspace” in Davos. Inspired by the “Digital Revolution” and the “Dot-Com-Boom”, he predicted a new “Home of Mind,” a cyber world without governments. “Governments of the Industrial World”, he wrote, “you weary giants of flesh and steel. I come from cyberspace, the new home of Mind.

Previously, this series tackled the terribly awful Amendment 35 to the NTIA-Verisign cooperative agreement and also made the case that the tainted presumptive renewal currently included in registry agreements is inherently anti-competitive.

The term “Deepfake” was first coined by a Reddit user who created a forum of the same name in 2017. The forum was dedicated to the creation and use of deep learning software for digitally swapping Continue reading

Closing out the Tokyo Assignment

In late 2019, I announced that I would be temporarily relocating to Tokyo for a six-month assignment to build out a team focused on cloud-native services and offerings. A few months later, I was still in Colorado, and I explained what was happening in a status update on the Tokyo assignment. I’ve had a few folks ask me about it, so I thought I’d go ahead and shared that the Tokyo assignment did not happen and will not happen.

So why didn’t it happen? In my March 2020 update, I mentioned that paperwork, approvals, and proper budget allocations had slowed down the assignment, but then the pandemic hit. Many folks, myself included, expected that the pandemic would work itself out, but—as we now clearly know—it did not. And as the pandemic dragged on (and continues to drag on), restrictions on travel and concerns over public health and safety continued to mean that the assignment was not going to happen. As many of you know all too well, travel restrictions still exist even today.

OK, but why won’t it happen in the future, when the pandemic is under control? At the time when the Tokyo assignment was offered to me, there Continue reading

Worth Reading: Advice(s) for Engineering Managers

Just in case you were recently promoted to be a team leader or a manager: read these somewhat-tongue-in-cheek advices:

Need more career advice? How about The Six Year Rule by Bryan Sullins… or you could go and reread my certifications-related blog posts.

Worth Reading: Advice(s) for Engineering Managers

Just in case you were recently promoted to be a team leader or a manager: read these somewhat-tongue-in-cheek advices:

Need more career advice? How about The Six Year Rule by Bryan Sullins… or you could go and reread my certifications-related blog posts.

Automate Leaf and Spine Deployment – Part3

The 3rd post in the ‘Automate Leaf and Spine Deployment’ series goes the through the variables from which the core fabric declaration is made and how this transposes into a dynamic inventory. This uses only the base and fabric roles to create the fabric ready for the service sub-roles (tenant, interface and route) to be deployed on top of the fabric at a later stage.

Building your own SD-WAN with Envoy and Wireguard

When using a personal VPN at home, one of the biggest problems I’ve faced was the inability to access public streaming services. I don’t care about watching Netflix from another country, I just want to be able to use my local internet connection for this kind of traffic while still encrypting everything else. This problem is commonly known in network engineering as “local internet breakout” and is often implemented at remote branch/edge sites to save costs of transporting SaaS traffic (e.g. Office365) over the VPN infrastructure. These “local breakout” solutions often rely on explicit enumeration of all public IP subnets, which is a bit cumbersome, or require “intelligent” (i.e. expensive) DPI functionality. However, it is absolutely possible to build something like this for personal use and this post will demonstrate how to do that.

Solution Overview

The problem scope consists of two relatively independent areas:

Traffic routing - how to forward traffic to different outgoing interfaces based on the target domain.
VPN management - how to connect to the best VPN gateway and make sure that connection stays healthy.

Each of one these problem areas is addressed by a separate set of components.

VPN management is solved Continue reading

« Previous 1 … 790 791 792 793 794 … 3,841 Next »