NetworkingNexus.net

Cisco software upgrades to simplify hybrid-cloud management, operations

Cisco has upgraded some of its core software packages to help customers manage, control and automate functions in hybrid and multicloud data-center environments.With the needs of the pandemic-driven, highly distributed workforce as a backdrop, Cisco is looking to provide visibility and insights into what’s happening across customers’ cloud infrastructure. At the same time it's busting the siloed IT operations many customers have that hold back agile digital-application development, said Prashanth Shenoy, Cisco vice president of marketing. “Businesses are rethinking their IT platforms for multicloud operations, and we are providing the tools to help them transform faster with insights and automation,” Shenoy said.To read this article in full, please click here

Cisco software upgrades to simplify hybrid-cloud management, operations

The Hedge Podcast #58: Michael Kehoe and eBPF

Most packet processing in Linux “wants” to be in the kernel. The problem is that adding code to the kernel is a painstaking process because a single line of bad code can cause havoc for millions of Linux hosts. How, then, can new functionality be pushed into the kernel, particularly for packet processing, with reduced risk? Enter eBPF, which allows functions to be inserted into the kernel through a sort of “lightweight container.”

Michael Kehoe joins Tom Ammon and Russ White to discuss eBPF technology and its importance.

download

Messaging Connectivity in a Hybrid Kubernetes Cloud Environment

KubeCon + CloudNativeCon North America 2020 – Virtual, Nov. 17-20. Lior Nabat Lior is KubeMQ’s technology leader and product architect. As a serial technology entrepreneur with over 20 years of experience in software ventures and product development, he brings cloud native expertise and hands-on experience. Lior founded Tradency (financial trading technology) 14 years ago and led as the CEO since inception. Previously he held key management positions at DSPG, Alpha Cell and TdSoft. Lior holds a B.A. in Mathematics and Computer Science from the Open University in Tel-Aviv Israel and AMP from the University of Pennsylvania-The Wharton School. @lior_nabat Hybrid cloud is a powerful IT architecture — backed by market leaders and used by many enterprise organizations — that connects a company’s on-premises, private cloud services and third-party, public cloud services into a single, flexible infrastructure for running the organization’s applications and workload. The principle behind hybrid cloud is a mix of public and private cloud resources — with a level of orchestration between them. This gives an organization the flexibility to choose the optimal cloud for each application or workload (and to move workloads freely Continue reading

Like Other OEM Incumbents, Cisco Steals The Cloud Playbook

If you can’t beat the cloud, you had better steal all of its best ideas. …

Like Other OEM Incumbents, Cisco Steals The Cloud Playbook was written by Jeffrey Burt at The Next Platform.

Tech Bytes: How VMware Uses Machine Learning To Optimize vSAN (Sponsored)

Today's Tech Bytes welcomes sponsor VMware to talk about how artificial intelligence and machine learning are being put to use to optimize vSAN clusters as part of the vRealize AI Cloud service. Our guest is Mike Wookey, CTO and VP or Cloud Management.

Tech Bytes: How VMware Uses Machine Learning To Optimize vSAN (Sponsored)

The post Tech Bytes: How VMware Uses Machine Learning To Optimize vSAN (Sponsored) appeared first on Packet Pushers.

Take part in the 2021 IT Salary Survey

Whether you’re scouting out a new job or looking to fill a key IT role, access to salary data is an important tool. Help us help you by taking our 10-minute IT Salary Survey.

Day Two Cloud 072: VMworld 2020 Analysis And Roundup – Project Monterey And More

Today's Day Two Cloud covers the most interesting announcements and presentations from VMworld 2020, including Project Monterey and partnerships with nVidia and Pensando, an an announcement from analysis tool vendor Runecast, and highlights from Pure Storage.

Day Two Cloud 072: VMworld 2020 Analysis And Roundup – Project Monterey And More

The post Day Two Cloud 072: VMworld 2020 Analysis And Roundup – Project Monterey And More appeared first on Packet Pushers.

NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative

Earlier this month, NGINX NGINX Service Mesh (NSM), a free and open source service mesh that uses NGINX proxy, to power its data plane. While many service meshes are built from entirely open source components, NGINX Vice President of Marketing Aspen Mesh, the more advanced, Istio-based service mesh built by its now-parent company Service Mesh Interface (SMI) is not supported, but it is on the roadmap, and the NGINX Unit to “introduce something that’s a little bit different and more novel to advance the industry dialogue.” “We think there’s an option in the future to have a sidecar-less service mesh, where you’re not injecting sidecars in each service,” said Whitely. “Instead, you load your code, and you execute it, and the default runtime environment that’s executing your code has all the built-in proxying capabilities needed to handle east-west. It would take things down from a two container to one container kind of model.” Feature image by Unsplash. The post NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative appeared first on The New Stack.

What Is A Zero Trust Network Architecture

Every few years the industry takes a significant step towards a more holistic and capable security model. At the beginning, everything and everyone was trusted, and for good reason. You knew every operator and every machine that was connected to the network. But as networks have become ubiquitous, that level of trust is simply unreasonable. So we’ve built firewalls, and differing levels of inspection, but all of these tools still allow for some implicit level of trust between a machine and those machines closest to them. That is changing and that is what we’re here to talk about today. The newest trend in security is the concept of zero trust, and while it’s suffering the common plight of any new trend with multiple vendors trying to shape the definition, removing implicit trust in our networks is the next logical step towards a truly secure infrastructure.

Additional Resources
- NIST special publication 800-207
  - Takes a pragmatic approach
  - Probably the best doc on zero trust arch today
  - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft2.pdf
- Gilman, E., Barth, D. (2017). Zero Trust Networks : building secure systems in untrusted networks. Sebastopol, CA: O’Reilly Media.
  - This is a great book on implementing zero trust in Continue reading

Announcing NFA v 20.10 with support for Custom IP Groups

We’re excited to announce the release of NFA v 20.10 today. This version comes with support for the IPFIX variable length information

The post Announcing NFA v 20.10 with support for Custom IP Groups appeared first on Noction.

Goldman Sachs to invest $500 million in data center development platform

The data center industry continues to grow. Amazon, Google, Equinix, Digital Reality Trust, and numerous other providers can't build their data centers fast enough, spurring investments in startups and a hefty amount of M&A activity. The sector was hot before the COVID-19 pandemic, and the crisis has only increased interest as companies accelerate their migrations to the cloud.Goldman Sachs is the latest to make a big play in the data center market. The firm's Merchant Banking Division is partnering with a management team led by Digital Reality co-founder and former chief investment officer Scott Peterson to form a new company, Global Compute Infrastructure LP.To read this article in full, please click here

Goldman Sachs to invest $500 million in data center development platform

IoT and AI boost Volvo Trucks vehicle connectivity

The vehicles manufactured by Volvo Trucks keep getting smarter.More than 350,000 Volvo rigs crossing North American highways each day are outfitted with IoT sensors that monitor conditions and send data for troubleshooting and analysis. Embedded telematics allow for over-the-air updates to engine software. The on-board technology, combined with a back-end analytics platform, enables Volvo Trucks to process millions of data records instantaneously. Using IoT and artificial intelligence, Volvo Trucks has been able to reduce diagnostic time by 70% and truck repair time by 25%. To read this article in full, please click here

Introducing NFA Custom Groups

The post Introducing NFA Custom Groups appeared first on Noction.

Announcing NFA v 20.10 with support for the Custom IP Groups

The post Announcing NFA v 20.10 with support for the Custom IP Groups appeared first on Noction.

Building Secure Layer-2 Data Center Fabric with Cisco Nexus Switches

One of my readers is designing a layer-2-only data center fabric (no SVI interfaces on switches) with stringent security requirements using Cisco Nexus switches, and he wondered whether a host connected to such a fabric could attack a switch, and whether it would be possible to reach the management network in that way.

Do you think it’s possible to reach the MANAGEMENT PLANE from the DATA PLANE? Is it valid to think that there is a potential attack vector that someone can compromise to source traffic from the front of the device (ASIC) through the PCI bus across the CPU to the across the PCI bus to the Platform Controller Hub through the I/O card to spew out the Management Port onto that out-of-band network?

My initial answer was “of course there’s always a conduit from the switching ASIC to the CPU, how would you handle STP/CDP/LLDP otherwise”. I also asked Lukas Krattiger for more details; here’s what he sent me:

Building Secure Layer-2 Data Center Fabric with Cisco Nexus Switches

Do you think it’s possible to reach the MANAGEMENT PLANE from the DATA PLANE? Is it valid to think that there is a potential attack vector that someone can compromise to source traffic from the front of the device (ASIC) through the PCI bus across the CPU to the across the PCI bus to the Platform Controller Hub through the I/O card to spew out the Management Port onto that out-of-band network?