D2C220: KubeConversations Part 1 – Platform Engineering
Welcome to a special edition of Day Two Cloud. Host Ned Bellavance traveled to KubeCon Chicago 2023 and spoke to vendors and open source maintainers about what’s going on in the cloud-native ecosystem. This episode features conversations on platform engineering. Part 2 will focus on security. Episode Guests: Cole Morrison, Developer Advocate at HashiCorp LinkedIn... Read more »D2C219: KubeConversations Part 1 – Platform Engineering
Welcome to a special edition of Day Two Cloud. Host Ned Bellavance traveled to KubeCon NA 2023 and spoke to vendors and open source maintainers about what's going on in the cloud-native ecosystem. This episode features conversations on platform engineering.
The post D2C219: KubeConversations Part 1 – Platform Engineering appeared first on Packet Pushers.
Introducing hostname and ASN lists to simplify WAF rules creation
If you’re responsible for creating a Web Application Firewall (WAF) rule, you’ll almost certainly need to reference a large list of potential values that each field can have. And having to manually manage and enter all those fields, for numerous WAF rules, would be a guaranteed headache.
That’s why we introduced IP lists. Having a separate list of values that can be referenced, reused, and managed independently of the actual rule makes for a better WAF user experience. You can create a new list, such as $organization_ips, and then use it in a rule like “allow requests where source IP is in $organization_ips”. If you need to add or remove IPs, you do that in the list, without touching each of the rules that reference the list. You can even add a descriptive name to help track its content. It’s easy, clean, and organized.
Which led us, and our customers, to ask the next natural question: why stop at IPs?
Cloudflare’s WAF is highly configurable and allows you to write rules evaluating a set of hostnames, Autonomous System Numbers (ASNs), countries, header values, or values of JSON fields. But to do so, you’ve to input a list of Continue reading
Agentless configuration drift detection and remediation
Over time, application owners find themselves compelled to continuously refine their applications and the underlying infrastructure to enhance the products they deliver, whether to internal or external customers. These modifications inevitably lead to changes in the configuration of both applications and infrastructure. While some of these changes may be benign, others can unintentionally steer the systems away from their securely configured state, a phenomenon commonly referred to as "configuration drift." Left unaddressed, the extent of this drift can introduce substantial risks to the organization.
Traditionally, agent-based automation configuration management tools have been favored as the primary solution for tackling configuration drift.
However, is this approach genuinely the most effective strategy?
According to AWS's well-architected framework, the concept of a Fault Isolation Zone (FIZ) is crucial, characterized by isolation boundaries like Availability Zones (AZ), Regions, control planes, and data planes. While this concept is centered in a cloud context, the principles behind FIZ remain relevant in traditional data centers and at the network edge. The core idea is to minimize the impact of errors, particularly human misconfigurations, that can propagate beyond a defined Fault Isolation Zone.
Are misconfigurations resulting from human error still a matter of concern?
BGP Labs: Using Multi-Exit Discriminator (MED)
In the previous labs we used BGP weights and Local Preference to select the best link out of an autonomous system and thus change the outgoing traffic flow.
Most edge (end-customer) networks face a different problem – they want to influence the incoming traffic flow, and one of the tools they can use is BGP Multi-Exit Discriminator (MED).
White House Unveils National Spectrum Strategy
The plan targets five bands for greater use, calls for a dynamic spectrum-sharing testbed, and incentives for advanced management products.HW015: What Every Wi-Fi Pro Needs To Know About Private LTE
Private LTE and Wi-Fi use a lot of overlapping skills but there are also some key differences that Wi-Fi pros need to be aware of. Dr. Avril Salter joins host Keith Parsons to highlight important distinctions between Wi-Fi and private LTE or 5G networks, including spectrum use and application suitability. They also discuss the complexity... Read more »HW015: What Every Wi-Fi Pro Needs To Know About Private LTE
Private LTE and Wi-Fi use a lot of overlapping skills but there are also some key differences that Wi-Fi pros need to be aware of.
The post HW015: What Every Wi-Fi Pro Needs To Know About Private LTE appeared first on Packet Pushers.
Will Isambard 4 Be The UK’s First True Exascale Machine?
Here is a story you don’t hear very often: A supercomputing center was just given a blank check up to the peak power consumption of its facility to build a world-class AI/HPC supercomputer instead of a sidecar partition with some GPUs to play around with and wish its researchers had a lot more capacity. …
The post Will Isambard 4 Be The UK’s First True Exascale Machine? first appeared on The Next Platform.
Will Isambard 4 Be The UK’s First True Exascale Machine? was written by Timothy Prickett Morgan at The Next Platform.