From Micro-segmentation to Internal Firewalling

The Evolution of VMware NSX Service-defined Firewall

Today, many people take micro-segmentation for granted. It’s incredible to recall that just a few years ago, VMware introduced micro-segmentation to support the concept of Zero Trust — a security model that does not automatically trust entities within the security perimeter. Fast forward to the present, and many people have embraced that concept and made it their own. Meanwhile, VMware has extended its solution for micro-segmentation into a full-blown internal firewall. Let’s step back in time and see how VMware progressed from the initial micro-segmentation use case to today’s powerful Service-defined Firewall, deployed by thousands of organizations.

Pioneering the Market for Micro-segmentation

Back in 2013, VMware pioneered micro-segmentation with the release of VMware NSX, the VMware network virtualization and security platform, which propelled VMware into the world of software-defined network and security virtualization. This initial release enabled customers to run a complete Layer 2-Layer 4 stack in software. The guiding philosophy was to make world-class security easy to operationalize.

Some customers used NSX for network segmentation: they created virtual security zones in software where they had previously used hardware. Other customers adopted NSX for micro-segmentation: they were now able to provide Continue reading

An Architecture for Artificial Intelligence Storage

As we’ve talked about in the past, the focus on data – how much is being generated, where it’s being created, the tools needed to take advantage of it, the shortage of skilled talent to manage it, and so on – is rapidly changing the way enterprises are operating both in the datacenter and in the cloud and dictating many of the product roadmaps being developed by tech vendors.

An Architecture for Artificial Intelligence Storage was written by Jeffrey Burt at The Next Platform.

The Week in Internet News: Balloon-Based Internet Comes to Kenya

Up, up and away: Google’s Project Loon, focused on providing Internet access with balloons floating in the stratosphere, has begun providing service in Kenya, CNN reports. The project will use about 35 balloons floating 20 kilometers above the ground to provide 4G LTE service covering 50,000 square kilometers in central and western Kenya.

Reach the sky: A broadband cooperative in rural Pennsylvania has built its own wireless network to provider faster Internet service, The Philadelphia Inquirer says. The Rural Broadband Cooperative, made up mostly of retirees, uses a 120-foot, former HAM radio tower that they erected on Stone Mountain. The service, with about 40 paying customers, offers speeds of up to 25 megabits per second.

The great divide: The COVID-19 pandemic has shown the seriousness of the digital divide in Pakistan, The Diplomat says. While the country has moved to online school, many areas lack broadband service, and in some areas, mobile services are shut down by the government because of security concerns. “Students across the country, from the former Federally Administered Tribal Areas to Balochistan, have been protesting against online classes, not only on social media but in front of various press clubs, universities, and on roads. They have Continue reading

Weekend Reads 071020

Better late that never … ?

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that’s a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that’s all profitable. Inefficiency, on the other hand, is waste. Extra inventory is inefficient. Overcapacity is inefficient. Using many small suppliers is inefficient. Inefficiency is unprofitable. —Bruce Schneier

In this post, we describe the challenges associated with measuring anycast services and propose a tool called the Border Gateway Protocol (BGP) Tuner. By using our open-source tool, operators can see in advance how changes in their BGP policies may impact the traffic load distribution over the anycast sites. This post is a short description of our technical report available here. —Joao M. Ceron

There are increasing calls to break up, tax, regulate or [other intervention here] Big Tech. What I’m curious about is what for. —Matt Webb

Hence I made a self-experiment in which I generated two certificates with random names, monitoring the authoritative DNS servers as well as the IPv6 addresses of those names in order to check who is resolving/connecting to otherwise Continue reading

Juniper aligns its security portfolio with the SASE model

The conga line around secure-access service edge (SASE), continues to grow with Juniper this week becoming the latest to join the dance.Just as other big networking players with extensive security portfolios including Cisco and VMware have recently done, Juniper says it will build off its offerings to address the SASE blueprint. Read about edge networking How edge networking and IoT will reshape data centers Edge computing best practices How edge computing can help secure the IoT As defined by Gartner in 2019, SASE features a wide variety of components that Juniper summarized and includes:To read this article in full, please click here

Juniper targets security portfolio at SASE race

The conga line around secure-access service edge (SASE), continues to grow with Juniper this week becoming the latest to join the dance.Just as other big networking players with extensive security portfolios including Cisco and VMware have recently done, Juniper says it will build off its offerings to address the SASE blueprint. Read about edge networking How edge networking and IoT will reshape data centers Edge computing best practices How edge computing can help secure the IoT As defined by Gartner in 2019, SASE features a wide variety of components that Juniper summarized and includes:To read this article in full, please click here

Fast Friday Random Thoughts

It’s Friday and we’re technically halfway into the year now. Which means things should be going smoother soon, right? Here’s hoping, at least.

  • I posted a new episode of Tomversations yesterday. This one is about end-to-end encryption. Here’s hoping the Department of Justice doesn’t find a way to screw this up. And here’s hoping the Senate stops helping.
  • I saw a post that posits VMware may be looking to buy BitGlass. I know VMware’s NSX team pretty well. I also talked to the BitGlass team at RSA this year. I think this is something that VMware needs to pick up to be honest. They need to round out their SASE portfolio with a CASB. BitGlass is the best one out there to make that happen. I think we’re going to see a move here before we know it.
  • There are a lot of other acquisitions going on in the market. VMware bought Datrium. Uber bought Postmates. It’s typical to see these kinds of acquisitions during downturns because it becomes way cheaper to snap up your competition. I expect Q3 is going to be full of consolidation in the networking space. Cisco won’t start doing anything until August at the earliest, Continue reading

Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored)

On today's Heavy Networking episode, sponsored by Cisco, we discuss reasons why automation isn't more pervasive, particularly in networking, and look at complications such as source of truth, getting state information, the need for orchestration, and user trust. Our guests are Omar Sultan, Leader, Product Management at Cisco; and Kevin Corbin, Sr. Solutions Engineer at HashiCorp.

Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored)

On today's Heavy Networking episode, sponsored by Cisco, we discuss reasons why automation isn't more pervasive, particularly in networking, and look at complications such as source of truth, getting state information, the need for orchestration, and user trust. Our guests are Omar Sultan, Leader, Product Management at Cisco; and Kevin Corbin, Sr. Solutions Engineer at HashiCorp.

The post Heavy Networking 528: If Automation Is So Great, Why Aren’t More Networks Automated? (Sponsored) appeared first on Packet Pushers.

Chapter Training Program 2020: The Power of Us!

“Vulnerability is the birthplace of innovation, creativity and change.”
—Brené Brown

Three months ago, the Internet Society decided to face a new challenge. We took ourselves out of our comfort zone to move our community to the next level: empowerment through education. We began the Chapter Training Program, born to satisfy the increasing need of our Chapter leaders to engage their members in an impactful and informed way. The purpose was to identify and help form new leaders to work together to create local awareness, as part of our 2020 Action Plan .

This journey was not easy. However, our community embraced vulnerability and we overcame many obstacles, like change and uncertainty. In the end, we succeeded – because together our strength is bigger than our challenges. It’s part of our community’s DNA: having the conviction to build an Internet that enriches people’s lives and enables opportunities to all.We demonstrated that when we work together, we accomplish great things. Challenge becomes just a word… To be brave, first we need to be vulnerable and once we are brave, the sky is the limit!

I want to share the results of our work – and I hope we can Continue reading

IDC: Covid-19 hits SD-WAN, data center gear; enterprise impact varies

While the previously hot SD-WAN market has slowed and IT budgets overall are under pressure, the COVID-19 pandemic has created demand for other network capabilities such as improved network-management and collaboration tools, according to IDC.The virus has caused recessionary economy that has forced enterprises across the globe to rapidly and dramatically shift their operations, according to Rohit Mehra, vice president, Network Infrastructure at IDC. “The reality of that is we have seen two years of IT digital transformation in two months,” Mehra told the online audience of an IDC webinar about the impact of the pandemic on enterprise networking.To read this article in full, please click here

Now GA: Data-in-Transit Encryption in Calico v3.15

We’re excited to announce that the latest release of Calico includes encryption for data-in-transit. Calico is the open source networking and network security solution for containers, virtual machines, and host-based workloads, offering connectivity and security for container workloads.

One of Calico’s best-known security features is its implementation of Kubernetes Network Policy, providing a way to secure container workloads by restricting traffic to and from trusted sources. This enables the traffic to be controlled, however, the traffic itself had previously remained vulnerable to interception.

A common solution to this problem is to encrypt traffic at the application layer using protocols like Transport Layer Security (TLS). Traffic can also be encrypted at a lower infrastructure level using IPsec. However, these approaches introduce an additional layer of complexity. Calico avoids that complexity by utilizing WireGuard to implement data-in-transit encryption.

WireGuard is run as a module inside the Linux kernel and provides better performance and lower power consumption than IPsec and OpenVPN tunneling protocols. The Linux version of WireGuard reached a stable production release in March and was introduced as a tech preview in the 3.14 release of Project Calico. We are pleased to announce that WireGuard encryption is now generally available with Continue reading

How Does Technology Affect the Generation Gap?

One of the biggest divisions between the generations today is technology. And with a huge disparity in attitudes towards technology as well as competence levels, there is a danger that each generation is becoming even more separated, settling into their own niche areas regarding the way that we all socialize, receive news, and communicate with each other. When asking how technology affects the generation gap, there is a lot more to it than having the ability to download a movie or app or do online shopping.

First up the most digital savvy group of adults are the Millennials. These people born between 1981 and 1996 cannot remember a time without email and the internet. Millennials are technically competent, and this generation tends to want to share their lives online in a way that would appeal to older people. There is an attitude that if it isn’t posted on social media, it just didn’t happen!

By contrast, Generation X , the people born in the early 1960s through to the ’70s are often technically able to use the internet and use online banking , shopping and to occasionally post on social media, but in most cases, technology is not a major Continue reading

Centralize your Automation Logs with Ansible Tower and Splunk Enterprise

For many IT teams, automation is a core component these days. But automation is not something on it’s own - it is a part of a puzzle and needs to interact with the surrounding IT. So one way to grade automation is how well it integrates with other tooling of the IT ecosystem - like the central logging infrastructure. After all, through the central logging the IT team can quickly survey what is happening, where, and what the state of it is.

The Red Hat Ansible Automation Platform is a solution to build and operate automation at scale. As part of the platform, Ansible Tower integrates well with external logging solutions, such as Splunk, and it is easy to set that up. In this blog post we will demonstrate how to perform the necessary configurations in both Splunk and Ansible Tower to let them work well together.

 

Setup of Splunk

The first step is to get Splunk up and running. You can download a Splunk RPM after you register yourself at the Splunk home page.

After the registration, download the rpm and perform the installation:

$ rpm -ivh splunk-8.0.3-a6754d8441bf-linux-2.6-x86_64.rpm
warning: splunk-8.0.3-a6754d8441bf-linux-2.6-x86_64.rpm:  Continue reading

IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston

We discuss the challenges and opportunities of IPv6 with Geoff Huston, APNIC's chief scientist and network analyst nonpareil. Topics include how dual-stack and Happy Eyeballs have papered over v6 deficiencies, why the address space may not be as vast as advertised, and why v6 is still the future.

The post IPv6 Buzz 055: The Good, Bad, And Ugly Of IPv6 With Geoff Huston appeared first on Packet Pushers.

From Docker Straight to AWS

Just about six years ago to the day Docker hit the first milestone for Docker Compose, a simple way to layout your containers and their connections. A talks to B, B talks to C, and C is a database. Fast forward six years and the container ecosystem has become complex.  New managed container services have arrived bringing their own runtime environments, CLIs, and configuration languages. This complexity serves the needs of the operations teams who require fine grained control, but carries a high price for developers.

One thing has remained constant over this time is that developers love the simplicity of Docker and Compose. This led us to ask, why do developers now have to choose between simple and powerful? Today, I am excited to finally be able to talk about the result of what we have been working on for over a year to provide developers power and simplicity from desktop to the cloud using Compose. Docker is expanding our strategic partnership with Amazon and integrating the Docker experience you already know and love with Amazon Elastic Container Service (ECS) with AWS Fargate. Deploying straight from Docker straight to AWS has never been easier.

Today this functionality is Continue reading

HS. Part 6. First impression from Nokia SRLinux.

Hello my friend,

In this HS blog series we have covered so far the automated build of the network topology for hyper scale data centre using Microsoft Azure SONiC. Today Nokia has announced a new product for data centre, which is called SRLinux. In the next couple of articles we’ll review it from the architectural and automation standpoint.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Thanks

We want to thank Nokia team for providing us the details and assisting in creating these materials. It won’t be possible without your help, dear partners.

Network automation training – now as a self-paced course as well

Following your asks we open a new format for the network automation training – self-paced format:

  • It doesn’t matter what your timezone is.
  • It doesn’t matter how much hours weekly do you have to study.
  • It doesn’t matter how solid is your current background in automation, scripting and software development.

Because you decide on your own when, how often and Continue reading

1 938 939 940 941 942 3,856