Encryption: The Digital PPE We All Need

In the midst of a global pandemic, Internet security can be a matter of life and death.

Think of how critical the Internet has been to address the COVID-19 public health crisis. It has allowed half the world fortunate enough to have access to stay on top of critical public health updates and stay in touch with loved ones at a safe distance. Some can even continue activities like distance education, work from home, and access vital telehealth services.

But what if it weren’t safe to do these things?  Would the world be as willing to follow social isolation measures?

Encryption keeps billions of people and countries secure online every day. It protects the integrity of news online, keeps your banking information out of the hands of criminals, and allows communications over messaging and videoconference platforms to stay confidential.

That’s a good thing. With people spending more time online than ever, cyber criminals are targeting the increasing amount of private data and commercially or government sensitive information traveling across the Internet. We’ve already seen proof in the corresponding rise in criminal activity over the last few months. The United States Federal Bureau of investigation, for instance, said cybercrime reports Continue reading

May Customer Newsletter

Welcome to the May 2020 edition of Calicomm! – our monthly newsletter for customers and partners. In the April edition, we discussed audit logs. This edition covers egress access control, which is an important aspect of micro-segmentation.

What problems are we solving?

Consider an enterprise datacenter deployment with hundreds of nodes and thousands of pods. These systems are running business applications with different levels of security requirements. A first-order security and compliance requirement in such a scenario is to ensure that a pod or host is only allowed to talk to authorized destinations. Now consider the real life scenario where there’s a churn rate (pods/hosts being added/removed) of hundreds of pods/minute. The challenge is to continue enforcing the microsegmentation in near real time despite a high churn rate.

An efficient mechanism for micro-segmentation has a direct impact on productivity. Ideally, you do not want to wait days for an access policy to be granted through a ticketing process, nor do you want to wait precious minutes for a policy change to take effect.

Micro-segmentation has two broad categories, East-West (E-W) and North-South (N-S). The following are typical use cases of egress access control within the N-S category:

Security Field Day #XFD3 with the VMware NSX Security Team

#SFD

The Gestalt IT team is back with another exciting set of  Field Day presentations. Multiple IT product vendors, including VMware, and independent thought leaders will share information and opinions in a presentation and discussion format. The complete VMware agenda and speaker lineup for the morning of the 14th is listed in detail below.

In summary, VMware’s focus for #XFD3 is why a new approach to security is required in the modern era. This security vision is present across all of the solutions, technologies, and bundles that we are bringing to the market. The VMware speakers, Dhruv, Stijn, Ray, and Ashish are planning to cover diverse topics ranging across Service-defined Firewall (SDFW), IDS/IPS, NSX Intelligence, DDoS, and WAF.

We will live-stream the virtual event this Thursday, May 14th from 8-10am PST. Don’t worry if you are unable to make it live, all videos will be posted here,  for On-Demand viewing post-event.
Live streaming now complete. The OnDemand videos follow.  Please see the full agenda with the detailed description of each presentation below. 
Video 1: Dhruv and Stijn discuss the  VMware Service-defined Firewall is an innovative approach to internal firewalling

 

Video 2: Dhruv Continue reading

Real-time network and system metrics as a service

The sFlow-RT real-time analytics engine receives industry standard sFlow telemetry as a continuous stream from network and host devices and coverts the raw data into useful measurements that can be be queried through a REST API. A single sFlow-RT instance can monitor the entire data center, providing a comprehensive view of performance, not just of the individual components, but of the data center as a whole.

This article is an interactive tutorial intended to familiarize the reader with the REST API. The examples can be run on a laptop using recorded data so that access to a live network is not required.

The data was captured from the leaf and spine test network shown above (described in Fabric View).
curl -O https://raw.githubusercontent.com/sflow-rt/fabric-view/master/demo/ecmp.pcap
First, download the captured sFlow data.

You will need to have a system with Java or Docker to run the sFlow-RT software.
curl -O https://inmon.com/products/sFlow-RT/sflow-rt.tar.gz
tar -xzf sflow-rt.tar.gz
./sflow-rt/get-app.sh sflow-rt browse-metrics
./sflow-rt/get-app.sh sflow-rt browse-flows
./sflow-rt/get-app.sh sflow-rt prometheus
./sflow-rt/start.sh -Dsflow.file=$PWD/ecmp.pcap
The above commands download and run sFlow-RT, with browse-metrics, browse-flows, and prometheus applications on a system with Java 1.8+ installed.
docker  Continue reading

How Docker is Partnering with the Ecosystem to Help Dev Teams Build Apps

Back in March, Justin Graham, our VP of Product, wrote about how partnering with the ecosystem is a key part of Docker’s strategy to help developers and development teams get from source code to public cloud runtimes in the easiest, most efficient and cloud-agnostic way. This post will take a brief look at some of the ways that Docker’s approach to partnering has evolved to support this broader refocused company strategy. 

First, to deliver the best experience for developers Docker needs much more seamless integration with Cloud Service Providers (CSPs). Developers are increasingly looking to cloud runtimes for their applications as evidenced by the tremendous growth that the cloud container services have seen. We want to deliver the best developer experience moving forward from local desktop to cloud, and doing that includes tight integration with any and all clouds for cloud-native development. As a first step, we’ve already announced that we are working with AWS, Microsoft and others in the open source community to extend the Compose Specification to more flexibly support cloud-native platforms. You will see us continue to progress our activity in this direction. 

The second piece of Docker’s partnership strategy is offering best in class Continue reading

Sponsored Post: InterviewCamp.io, Scrapinghub, Fauna, Sisu, Educative, PA File Sight, Etleap, Triplebyte, Stream

Who's Hiring? 

  • InterviewCamp.io has hours of system design content. They also do live system design discussions every week. They break down interview prep into fundamental building blocks. Try out their platform.

  • Scrapinghub is hiring a Senior Software Engineer (Big Data/AI). You will be designing and implementing distributed systems: large-scale web crawling platform, integrating Deep Learning based web data extraction components, working on queue algorithms, large datasets, creating a development platform for other company departments, etc. - this is going to be a challenging journey for any backend engineer! Please apply here

  • Sisu Data is looking for machine learning engineers who are eager to deliver their features end-to-end, from Jupyter notebook to production, and provide actionable insights to businesses based on their first-party, streaming, and structured relational data. Apply here.

  • Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

  • Need excellent people? Advertise your job here! 

Cool Products and Services

  • Learn the stuff they don't teach you in the AWS docs. Filter out the distracting hype, and focus on the parts Continue reading

SONiC and White Box switches in the Enterprise DC! – Part 2

As discussed during our part 1, we are trying to configure a VXLAN-EVPN fabric using SONiC on white box switches in order to determine if Open Networking is ready to be deployed in most enterprise DCs.

As a small Recap, below is the topology we are trying to bring online:

Familiarise with the OS

The most interesting thing of SONiC is its architecture!
I’ll write a blog just about it because it’s a fascinating topic, but in short, every single process is living inside a dedicated container.

Linux SONIC-Leaf301 4.9.0-11-2-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64
You are on
  ____   ___  _   _ _  ____
 / ___| / _ \| \ | (_)/ ___|
 \___ \| | | |  \| | | |
  ___) | |_| | |\  | | |___
 |____/ \___/|_| \_|_|\____|

-- Software for Open Networking in the Cloud --

Unauthorized access and/or use are prohibited.
All access and/or use are subject to monitoring.

Help:    http://azure.github.io/SONiC/

Last login: Thu Apr 20 12:52:21 2017 from 192.168.0.31
admin@SONIC-Leaf301:~$ show version 

SONiC Software Version: SONiC-OS-3.0.1-Enterprise_Advanced
Product: Enterprise Advanced SONiC OS - Powered by Broadcom
Distribution: Debian 9.12
Kernel:  Continue reading

Making Video Intuitive: An Explainer

Making Video Intuitive: An Explainer

On the Stream team at Cloudflare, we work to provide a great viewing experience while keeping our service affordable. That involves a lot of small tweaks to our video pipeline that can be difficult to discern by most people. And that makes the results of those tweaks less intuitive.

In this post, let's have some fun. Instead of fine-grained optimization work, we’ll do the opposite. Today we’ll make it easy to see changes between different versions of a video: we’ll start with a high-quality video and ruin it. Instead of aiming for perfection, let’s see the impact of various video coding settings. We’ll go on a deep dive on how to make some victim video look gloriously bad and learn on the way.

Everyone agrees that video on the Internet should look good, start playing fast, and never rebuffer regardless of the device they’re on. People can prefer one version of a video over another and say it looks better. Most people, though, would have difficulty elaborating on what ‘better’ means. That’s not an issue when you’re just consuming video. However, when you’re storing, encoding, and distributing it, how that video looks determines how happy your viewers are.

To determine Continue reading

Feedback: How Networks Really Work

In early April 2020 I ran another live session in my How Networks Really Work webinar. It was supposed to be an easy one, explaining the concepts of packet forwarding and routing protocols… but of course I decided to cover most solutions we’ve encountered in the last 50 years, ranging from Virtual Circuits and Source Route Bridging to Segment Routing (which, when you think about it, is just slightly better SRB over IPv6), so I never got to routing protocols.

That webinar was supposed to be an introductory one, but of course I got pulled down all sorts of rabbit trails, and even as I was explaining interesting stuff I realized a beginner would have a really hard time following along… but then I silently gave up. Obviously I’m not meant to create introduction-to-something material.

Read more …

Reducing Your Database Hosting Costs: DigitalOcean vs. AWS vs. Azure

Reducing Your Database Hosting Costs: DigitalOcean vs. AWS vs. Azure

If you’re hosting your databases in the cloud, choosing the right cloud service provider is a significant decision to make for your long-term hosting costs. This is especially apparent in today's world where organizations are doing whatever they can to optimize and reduce their costs. Over the last few weeks, we have been inundated with requests from SMB customers looking to improve the ROI on their database hosting. In this article, we are going to compare three of the most popular cloud providers, AWS vs. Azure vs. DigitalOcean for their database hosting costs for MongoDB® database to help you decide which cloud is best for your business.

Comparing Cloud Instance Costs

Kernel of Truth season 3 episode 6: Building modern campus networks

Subscribe to Kernel of Truth on iTunesGoogle PlaySpotifyCast Box and Sticher!

Click here for our previous episode.

In this episode we talk about trends, architectures and technologies for building modern Campus networks. Joining Kernel of Truth podcast hosts Brian O’Sullivan and Roopa Prabhu are two of our senior consultants, Eric Pulvino and David Marshall, who know what they’re talking about because they are in the field working with customers building these networks. They share their first hand knowledge here so be sure to take a listen!

Guest Bios

Brian O’Sullivan: Brian currently heads Product Management for Cumulus Linux. For 15 or so years he’s held software Product Management positions at Juniper Networks as well as other smaller companies. Once he saw the change that was happening in the networking space, he decided to join Cumulus Networks to be a part of the open networking innovation. When not working, Brian is a voracious reader and has held a variety of jobs, including bartending in three countries and working as an extra in a German soap opera. You can find him on Twitter at @bosullivan00.

Roopa Prabhu: Roopa Prabhu is Chief Linux Architect at Cumulus Networks. Continue reading

Tech Bytes: Accelerating Cloud Connectivity With Megaport (Sponsored)

Megaport provides global cloud connectivity, data center interconnect, and Internet exchange peering. On today's sponsored Tech Bytes podcast, we talk about the services Megaport offers, and how the company can support your remote-work needs. Our guest is Misha Cetrone, Sr. Global Director, Cloud Solutions.

The post Tech Bytes: Accelerating Cloud Connectivity With Megaport (Sponsored) appeared first on Packet Pushers.

Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC

Today's Network Break analyzes NVIDIA's purchase of Cumulus Networks, boggles at Innovium's announced 25.6Tbps ASIC, and parses why Arista will support the SONiC network OS on its switches. We also cover a new 5G lobbying organization, Zoom's Keybase acquisition, financial results, and more tech news.

The post Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC appeared first on Packet Pushers.

Daily Roundup: Ericsson Says Pandemic to Drive 5G

Ericsson anticipates the pandemic to drive 5G; McAfee, CrowdStrike, Palo Alto Networks tracked...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

AnsibleFest 2020 is now a virtual experience

email_ansiblefest-2020

Each year, AnsibleFest is one of our favorite events because it brings together our customers, partners, community members and Red Hatters to talk about the open source innovations and best practices that are enabling the future of enterprise technology and automation.

Because the safety of our attendees is our first priority, we have decided to make AnsibleFest 2020 a virtual experience. We are excited to connect with everyone virtually, and look forward to expanding our conversation across the globe. By changing our event platform, we hope to use this opportunity to collaborate, connect, and chat with more automation fans than ever before. It is exciting to think about how many more people will be able to join in on the automation conversation.

The AnsibleFest Virtual Experience will be a free, immersive multi-day event the week of October 12th, 2020, that will deliver timely and useful customer keynotes, breakout sessions, direct access to Ansible experts, and more. You will want to sign up to stay connected and up-to-date on all things AnsibleFest on the AnsibleFest page

 

Call for proposals is open

We are still working through the details for the virtual event, but are very excited to announce that Continue reading

Simplicity and Security: What Commercial Providers Offer for the Service Mesh

“Open source is free like a puppy,” said Aspen Mesh, provider of an enterprise version of the open source Linkerd, that is the only reason to turn to William Morgan, CEO of Buoyant. “This is more of a philosophical stance. However, if you want to have a commercial relationship with us, we will make sure the service mesh works for you, with services and integration and all that stuff.”  Taming Complexity Service meshes are designed for very complex architectures. They only make sense for companies Continue reading

1 974 975 976 977 978 3,856