Explore VMware Tanzu Service Mesh at VMworld 2020

VMworld 2020

 

It’s that time of year again — VMworld! And while this year, due to COVID-19, we’re pivoting to a virtual format, we’ll, we still be delivering a top-notch event with great sessions on cutting edge innovations. And the best part is, it’s FREE!

One of the hottest topics these days is service mesh, which is an abstraction that takes care of service to service communication, security, and observability. At VMware, we’re the “abstraction company” — but we’re not just working on the immediate use cases that the rest of the pack are working on, we’re ahead of the game, extracting a lot more value from our unique position vis a vis abstraction.

Service Mesh Sessions You Won’t Want to Miss:

I’ve compiled a list of our service mesh sessions below so you can easily register for them:

  1. Introduction to Tanzu Service Mesh [MAP1231] – This session, delivered by yours truly and Oren Penso, will take you step by step from understanding what service mesh is at the most basic level to understanding the unique value of VMware’s Tanzu Service Mesh. As we usually do, this session will have plenty of good demos.
  2. Connect and Secure Your Applications Through Continue reading

Don’t Forget Cybersecurity on Your Back-to-School List

This opinion piece was originally published in Dark Reading.

School systems don’t seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.

Schools are starting to reopen around the country – some physically, some virtually, and some a hybrid of the two. As a result, the remote learning requirement that was thrust upon schools when the pandemic forced closures earlier this year has reemerged. Presumably, lessons learned during the chaotic transition in the spring can be applied to make fall run more smoothly. But one item is critical to consider during this back to school season: Cybersecurity.

Before examining cybersecurity needs in school systems, it’s important to understand what’s at stake. On the surface, school systems don’t appear to be an attractive target, but they contain a significant amount of highly sensitive information, such as contact information, grades, health records, counselor interactions, and possibly parents’ financial records. In light of COVID-19 and increased remote connections, there is now even more data – including health status, contact tracing, and recordings of student participation online – housed in systems and therefore more privacy concerns than ever.

In recent years, schools have also seen Continue reading

Automation Architect Channel at AnsibleFest 2020

As we continue to expand all the insightful content that our attendees can expect from AnsibleFest 2020, we are excited to share with you our Automation Architect channel. Here is a sneak peek of exactly what to expect from the Automation Architect channel at AnsibleFest 2020.

 

Automation Architect Channel

Automation has become a key discipline in large IT organizations, but introducing automation to new areas is likely going to invoke technical and non-technical challenges. As organizations focus on building end-to-end automation solutions and increasing the automation footprint, Automation Architects will play a pivotal role as the interface with both technologists and business owners. 

In this track, you will learn more about Ansible best practices for building your organization’s automation architecture, how to best collaborate with the business it serves and how it can help in broader corporate initiatives, such as your cloud journey. Whether you are an Enterprise or  Automation Architect today or are interested in developing the skills for this career path, you will learn the best practices to successfully implement an automation initiative at scale. 

Understand how you can use and share automation assets and how customers automate across hybrid, scalable infrastructures. Learn about integrating Continue reading

Day Two Cloud 064: Bringing Ansible Into A Windows Shop

Today's Day Two Cloud podcast makes the case for bringing Ansible into your Windows automation toolkit with guest Josh Duffney. Josh is an SRE, a Microsoft MVP, and author of a book on Ansible. We discuss key elements of Ansible, how it fits in a Windows shop, using Ansible with the Chocolately package manager, and more.

The post Day Two Cloud 064: Bringing Ansible Into A Windows Shop appeared first on Packet Pushers.

The Hedge Podcast #50: The Challenge of Growing People

Many network engineers complain about their companies not giving them opportunities—but how many think about helping the company grow in a way that allows them to have the opportunities they desire? Scott Morris, aka “evil ccie,” joins Tom and Russ on this episode of the Hedge to talk about the challenges of certifications, growing people, and people learning how to grow in a way what improves the business. Sometimes growing means creating opportunities rather than just waiting for them to knock.

download

The Internet Society Welcomes the Comoros Chapter

We are excited to announce the new Internet Society Comoros Chapter! ISOC Comoros officially launched in July in front of an in-person and online audience at the Retaj Hotel.

Journalists joined several distinguished guests, including:

  • Dawit Bekele, Internet Society’s Regional Vice-President for Africa
  • Mohamed Said Abdallah Mchangama, President of the Federation of Comorian Consumers (FCC)
  • Amina Abdallah, Coordinator of the World Bank’s Phase 4 of the Regional Communications Infrastructure Program for Africa (RCIP-4)
  • Hamidou Mhoma, President of the Comorian ICT Association
  • Chamsoudine Soudjay, Secretary General of the Comorian ICT Association
  • Amroine Mouzaoui, Executive Secretary of the Comorian Movement for Entrepreneurs
  • Raymane Ali Matoir, Director of Human Resources of Telma Comores
  • Youssouf Abdoulmadjid, Chief Operating Officer of Comor’Lab
  • Moussa Abdallah Moumine, Coordinator of the General Inspectorate of National Education

Since the country’s very first connection to the Internet in July 1998, the Internet industry has continued to evolve, along with telecommunications. The country is beginning to benefit from the rise in competition in the ICT sector, and as such the establishment of ISOC Comoros brings an added dimension to the development, promotion, and use of the Internet for the greater good of the entire country.

The Internet is for everyone and Continue reading

Example: Securing AWS Deployment

Nadeem Lughmani created an excellent solution for the securing your cloud deployment hands-on exercise in our public cloud online course. His Terraform-based solution includes:

  • Security groups to restrict access to web server and SSH bastion host;
  • An IAM policy and associated user that has read-only access to EC2 and VPC resources (used for monitoring)
  • An IAM policy that has full access to as single S3 bucket (used to modify static content hosted on S3)
  • An IAM role for AWS CloudWatch logs
  • Logging SSH events from the SSH bastion host into CloudWatch logs.
Explore the solution

Many ad hoc Wi-Fi networks from the outset of COVID-19 still in use

The onset of the pandemic caught most organizations unware, and IT departments were no exception. They had to address that workers could suddenly no longer safely come into the office, doctors needed to stand up telemedicine services, and professional and amateur sports were just generally scrambling.Groups like the Information Technology Disaster Resource Center have been at the forefront of many such efforts, particularly those being undertaken by municipalities and school districts. The group helps provide technological know-how through volunteer workers, and help keep organizations connected in the wake of disasters.[Get regularly scheduled insights by signing up for Network World newsletters.] After COVID, the group has been a lot more active, according to operations director Joe Hillis.To read this article in full, please click here

Many ad hocWi-Fi networks from the outset of COVID-19 still in use

The onset of the pandemic caught most organizations unware, and IT departments were no exception. They had to address that workers could suddenly no longer safely come into the office, doctors needed to stand up telemedicine services, and professional and amateur sports were just generally scrambling.Groups like the Information Technology Disaster Resource Center have been at the forefront of many such efforts, particularly those being undertaken by municipalities and school districts. The group helps provide technological know-how through volunteer workers, and help keep organizations connected in the wake of disasters.[Get regularly scheduled insights by signing up for Network World newsletters.] After COVID, the group has been a lot more active, according to operations director Joe Hillis.To read this article in full, please click here

Mitigating the Risks of Instance Metadata in AWS EKS

Compromising a pod in a Kubernetes cluster can have disastrous consequences on resources in an AWS Elastic Kubernetes Service (EKS) account if access to the Instance Metadata service is not explicitly blocked. The Instance Metadata service is an AWS API listening on a link-local IP address. Only accessible from EC2 instances, it enables the retrieval of metadata that is used to configure or manage an instance. Although you can only access instance metadata and user data from within the instance itself, the data is not protected by authentication or cryptographic methods.

A recent blog described a scenario where an attacker compromised a pod in an EKS cluster by exploiting a vulnerability in the web application it was running, thus enabling the attacker to enumerate resources in the cluster and in the associated AWS account. This scenario was simulated by running a pod and attaching to a shell inside it.

By querying the Instance Metadata service from the compromised pod, the attacker was able to access the service and retrieve temporary credentials for the identity and access management (IAM) role assigned to the EC2 instances acting as Kubernetes worker nodes. At that point, the attacker was able to pursue multiple exploits, Continue reading

Alleged leaks from AMD indicate big performance gains in upcoming Epyc refresh

A German tech site claims to have internal AMD documents that show the next generation of AMD Epyc server processors will boast a significant performance gain. AMD declined to comment on the veracity of the article.Hardwareluxx posted what it said were details from internal AMD slides revealing the performance potential of AMD's next-gen server processors, codenamed “Milan,” otherwise known as Zen 3, due to ship later this year.According to the slides, Zen 3 is in many ways similar to the Zen 2 generation (aka “Rome”) currently on the market. It will be socket-compatible with the first and second generation of Epycs, so current owners can swap out the older chips for newer. It will have a maximum of 64 cores, which is the same as Rome. It will support DDR4 memory and PCI Express 4.0 interconnects, like Rome. One difference is that instead of two 16MB L3 caches, Milan will have one 32MB L3 cache.To read this article in full, please click here

Alleged leaks from AMD indicate big performance gains in upcoming Epyc refresh

A German tech site claims to have internal AMD documents that show the next generation of AMD Epyc server processors will boast a significant performance gain. AMD declined to comment on the veracity of the article.Hardwareluxx posted what it said were details from internal AMD slides revealing the performance potential of AMD's next-gen server processors, codenamed “Milan,” otherwise known as Zen 3, due to ship later this year.According to the slides, Zen 3 is in many ways similar to the Zen 2 generation (aka “Rome”) currently on the market. It will be socket-compatible with the first and second generation of Epycs, so current owners can swap out the older chips for newer. It will have a maximum of 64 cores, which is the same as Rome. It will support DDR4 memory and PCI Express 4.0 interconnects, like Rome. One difference is that instead of two 16MB L3 caches, Milan will have one 32MB L3 cache.To read this article in full, please click here

Docker Support for the New GitHub Container Registry

Docker and GitHub continue to work together to make life easier for developers. GitHub today announced a new container registry: GitHub Container Registry. GitHub and Docker both occupy essential components in the developer workflow for building and deploying cloud native applications so we thought we would provide some insight into how the new tooling benefits developers. 

Found at ghcr.io, the new GitHub registry adds support for anonymous pulls and decouples git repositories permissions from container registry’s permissions. This allows projects to have private git repositories with a public container registry or vice versa. Other features like OCI compliance, Helm charts, and support for GITHUB_TOKEN are expected later. 

The GitHub Container Registry was built with Docker in mind so your Docker Engines and Docker Desktops will seamlessly work with this new registry.  Let’s take a look at this in action over at our upcoming Docker Login GitHub Action:

name: ci
on:
  push:
    branches: master
jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Login to GitHub Package Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHCR_TOKEN }}

That is all you need to do. When Continue reading

History of Networking: Networking at Google with Richard Hay

Google fascinates network engineers because of the sheer scale of their operations, and their obvious influence over the way networks are built and operated. In this episode of the History of Networking, Richard Hay joins Donald Sharp and Russ White to talk about some past designs and stories of failure and success in one of the world’s largest operating networks.

download

MySQL on Azure Performance Benchmark – ScaleGrid vs. Azure Database

Microsoft Azure is one of the most popular cloud providers in the world, and a natural fit for database hosting on applications leveraging Microsoft across their infrastructure. MySQL is the number one open source database that’s commonly hosted through Azure instances. While Microsoft offers their own Azure Database product, there are other alternatives available that may be able to help you improve your MySQL performance. In this blog post, we compare Azure Database for MySQL vs. ScaleGrid MySQL on Azure so you can see which provider offers the best throughput and latency performance. We measure latency in ms 95th percentile latency.

1 906 907 908 909 910 3,849