Tag Archives: that’s

Linux kernel utility could solve Kubernetes networking woes

As production Kubernetes clusters grow, a standard Linux kernel utility that’s been reinvented for the cloud era may offer a fix for container networking scalability challenges.

The utility, extended Berkeley Packet Filter (eBPF), traces its origins back to a paper published by computer scientists in 1992. It’s a widely adopted tool that uses a mini-VM inside the Linux kernel to perform network routing functions. Over the last four years, as Kubernetes became popular, open source projects such as Cilium began to use eBPF data to route and filter Kubernetes network traffic without requiring Linux kernel changes. 

In the last two years, demand for such tools rose among enterprises as their Kubernetes production environments grew, and they encountered new kinds of thorny bottlenecks and difficult tradeoffs between complexity and efficiency.

IT monitoring vendor Datadog saw eBPF-based tooling as the answer to its Kubernetes scaling issues after a series of experiments with other approaches.

“Right now, there are a lot more people running Kubernetes at smaller scale,” said Ara Pulido, a developer relations specialist at Datadog, in an online presentation last month. “When you start running Kubernetes at bigger scale, you run into issues that just a handful of people have found before, or maybe you are the first one.”

As Datadog’s environment expanded to dozens of Kubernetes clusters and hundreds of nodes, it quickly outgrew the default Kubernetes networking architecture, Pulido said.

Among the scalability issues Datadog encountered was the way the native Kubernetes load balancer component called kube-proxy handles service networking data. In microservices environments, application services comprised of Kubernetes Pods communicate through load balancers; by default, kube-proxy performs this role and is deployed to every Kubernetes cluster node. Kube-proxy then monitors the Kubernetes API for any changes. When changes are made, by default, kube-proxy updates Iptables to keep track of service routing information.

“One of the issues is that with every change, you have to resync the whole table, and as you scale the number of pods and services, that’s going to have a cost,” Pulido added.

Since Kubernetes 1.11, kube-proxy can also use the Linux IP Virtual Server instead of Iptables, which doesn’t require a full resync when changes are made to the cluster, among other improvements. However, this required Datadog engineers to become upstream contributors to IPVS to ensure it worked well in their environment, Pulido said.

As we moved to Cilium in our newer clusters, we realized we could also remove kube-proxy, as Cilium already implements a replacement.
Ara PulidoDeveloper relations, Datadog

Datadog then began to explore eBPF tools from Cilium for granular container security features and found it could serve as wholesale replacement for kube-proxy.

Cilium provides identity-based connections via Kubernetes labels, rather than connections based on IP addresses, which may not be fine-grained enough to accommodate individual workload permissions in security-sensitive environments, Pulido said in an interview following her presentation. “As we moved to Cilium in our newer clusters, we realized we could also remove kube-proxy, as Cilium already implements a replacement.”

Cilium updates eBPF for Kubernetes networking

Cilium, launched four years ago, and its commercial backer, Isovalent, have developed Kubernetes networking and security tools based on eBPF, as have other vendors such as Weaveworks, whose Weave Scope network monitoring tool uses eBPF data  to perform granular tracking of Kubernetes TCP connections. Another company, Kinvolk, created the cgnet open source utility to collect detailed pod and node statistics via eBPF and export them to Prometheus.

Cilium Kubernetes networking architecture
Cilium eBPF-based tools replace native Kubernetes networking functions.

Cilium’s eBPF-based tools replace Kubernetes networking elements including kube-proxy to provide network and load balancing services and to secure connections within them. Users say the Cilium tools perform better than kube-proxy, especially the IPtables version, and offer a more straightforward approach to Kubernetes service network routing than overlay tools such as Flannel.

“The IPtables approach [with kube-proxy] was always kind of kludgy,” said Dale Ragan, principal software design engineer at SAP’s Concur Technologies Inc., an expense management SaaS provider based in Bellevue, Wash.

Ragan also encountered some known issues between Flannel and Kubernetes NodePort connections as of late 2018, which he discovered that Cilium could potentially avoid. Concur has since swapped out Flannel Container Network Interface (CNI) plugins for Cilium in its production clusters, and is also testing Isovalent’s proprietary SecOps add-ons, such as intrusion detection and forensic incident investigation.

“The other [appeal of eBPF] was from a security perspective, that we could apply policies both cluster-wide and to individual services,” Ragan said.

eBPF vs service mesh

Cilium contributors also contribute to Envoy, the sidecar proxy used with Istio and other service meshes, and eBPF isn’t a complete replacement for service mesh features such as advanced layer 7 application routing. Cilium can be used with a service mesh to accelerate its performance, said Isovalent’s CEO, Dan Wendlandt.

“CNIs are at a lower layer of Kubernetes networking — service mesh still depends on that core networking and security layer within Kubernetes,” Wendlandt said. “Cilium is a good networking foundation for service mesh that can get data in and out of any service mesh proxy efficiently.”

However, at lower layers of the network stack, there’s significant overlap between the two technologies, and Concur’s engineers will consider whether eBPF might support multi-cluster connectivity and mutual TLS authentication more simply than a service mesh.

“We want to get the networking layer correct, and from there add service mesh,” Ragan said. “From a TLS perspective, it could be very transparent for the user, where Cilium is inspecting traffic at the system level — there are all kinds of opportunities around intrusion detection without a lot of overhead and work for [IT ops] teams to do to allow visibility for SecOps.”

Still, Cilium and other eBPF-based tools represent just one approach that may gain traction as more users encounter problems with Kubernetes networking at scale. For some truly bleeding-edge Linux experts, eBPF may be eclipsed in network performance enhancement by the io_uring subsystem introduced in the Linux kernel a year ago, for example.

“eBPF is going through a bit of a hype cycle right now,” said John Mitchell, an independent digital transformation consultant in San Francisco. “From the VC perspective, it’s a super-techy ‘special sauce’, and the eBPF ecosystem has gotten some good push from influential uber-geeks.”

However, eBPF has real potential to add advanced Kubernetes network security features without requiring changes to application code, Mitchell said.

Go to Original Article
Author:

For Sale – core i5 7th gen gaming pc.

hi

selling my 2nd system along with my first system – thats later on, and buying a new one. its not a flashy RGB system, a lovely quality black case from fractal!

lovely system, not had much use, was for the missus generally but she’s barely used it so its a waste. replacing with a new laptop for her. fully boxed, even put the front plastic wrap back on!

cracking motherboard in this too.

Collection preferred but can ship. cm9 4ua is collection postcode in essex

The specification is as follows:

Processor: core i5 7400 quad core cpu @ 3.0ghz
Memory: 8 gb of ddr4 3000 mhz corsair vengeance
Motherboard: Asus ROG maximus IX code Z270 motherboard
Hard Drive: 2 x 1 TB 2.5″ for storage
Solid state drive: 256 GB for windows
M.2 NVME/PCIE Solid state drive: No
WiFi: Yes
Power supply: 500 watt bronze rated
Dedicated graphics card: RX 580 8GB card
DVD-RW: No
Case: Fractal design define R6 windowed case
Operating system: windows 10
Software:
anti virus
anti spyware
office suites
handbrake
bittorent software
vlc player
media player and codecs
firefox and chrome
steam
thunderbird email client
various others

Go to Original Article
Author:

Everbridge Critical Event Management tailored for COVID-19

47 million. That’s the number of coronavirus-related messages Everbridge sent on behalf of its users in the past week.

Everbridge Critical Event Management software is on the front lines of coronavirus IT response, aided by a specially targeted line of products and recent acquisitions.

Everbridge CTO Imad Mouline said the usage pattern for his company’s software is typically spiky. The system was built for large fluctuations in usage and can add capacity quickly.

“This is something we’re really, really good at,” Mouline said.

Other incidents have put Everbridge software to the test. For example, during Hurricane Dorian in 2019, Everbridge users sent out 14 million messages in just a few days, Mouline said, and that was in a smaller geographical area.

Everbridge takes on coronavirus with ‘Shield’

To aid employee protection and business continuity during the coronavirus pandemic, Everbridge launched COVID-19 Shield. The software as a service includes targeted pandemic data feeds and rapid deployment templates.

COVID-19 Shield uses the Everbridge Critical Event Management platform to help organizations identify risks, protect the workforce and manage disruptions to operations and supply chain.

Screenshot of Everbridge dashboard
An Everbridge dashboard shows assets that are potentially impacted by COVID-19 in the Washington D.C. area.

Everbridge has three COVID-19 service levels, which build on each other.

The entry-level “Know Your Risks” provides COVID-19 alerts featuring real-time intelligence such as case statistics, travel advisories, closures and supply chain impacts. The next level up, “Protect Your People,” manages critical response plans, automates communications and includes a potential threat feed and coronavirus-specific messaging templates.

“Protect Your Operations and Supply Chains,” which includes the other two offerings’ capabilities, automatically correlates alerts to physical assets, including buildings and people. It also initiates standard operating procedures to resolve issues and generates real-time status reports on remediation and recovery tasks.

COVID-19 Shield provides access to the Everbridge Data Sharing Private Network, where users can share information publicly and privately to facilitate enhanced local intelligence and response coordination.

Everbridge offers a “Rapid Deployment” package for governments, businesses and healthcare organizations that gets the COVID-19 Shield running in less than two days, according to the vendor. 

Mouline said the coronavirus-tailored products can help streamline communication, provide situational awareness and offer a quick form of protection.

Pricing is based on the size of the organization, for example, the number of people or assets in need of protection. Assets may include the number of office locations or supply chain elements.

The Everbridge Critical Event Management platform in total reaches more than 550 million people globally, according to the vendor, which is based in Burlington, Mass. Everbridge claims about 5,000 customers.

Learn best practices for pandemic response

Paul Kirvan, a business resilience and disaster recovery consultant, said it’s important for employees to heed messages from their businesses and government.

Emergency notification software such as Everbridge’s is most appropriate for notifying employees of any new company policies, government notifications, reminders about social distancing and hand washing, and other messages for broad distribution,” Kirvan wrote in an email. “The same can be true for notifying remote domestic offices, overseas offices, regulatory authorities, government agencies and other important stakeholders.”

Information sharing between companies and within industry groups is invaluable, not just for status reports but also to help share insights into effective crisis and continuity strategies, said Jackie Day, a partner at consulting firm Control Risks, on a webinar last week hosted by her company and Everbridge.

Companies should also take advantage of lessons learned from others who have gone through the pandemic crisis, such as Asian organizations, said Matt Hinton, a partner at Control Risks.

While talk of a business impact analysis is often greeted with eye rolls, Hinton said, companies with one are better prepared to deal with tricky scenarios.

There is no one-size-fits-all approach.

“Your actions have to be targeted,” Everbridge’s Mouline said.

Mouline advised organizations to clearly separate informational messaging from emergency messaging, as employees are bombarded with information.

You want to communicate on a regular basis, but you want to avoid over-alerting.
Imad MoulineCTO, Everbridge

“Use the alerting capabilities sparingly,” Mouline said. “You want to communicate on a regular basis, but you want to avoid over-alerting.”

And the crisis will end at some point, Hinton noted. So organizations need to be thinking about recovery and the transition back to the office environment.

“Recovery is often that forgotten son when it comes to crisis management,” Hinton said.

Everbridge acquires three companies

Everbridge has been busy with acquisitions lately, purchasing technology that is helping coronavirus response.

The Everbridge Critical Event Management platform’s new IoT extension module uses intellectual property from technology acquisitions of Connexient and CNL Software. Critical Event Management for IoT increases the number of uses for the Everbridge platform. For example, it improves the ability to coordinate first responders and other healthcare resources based on real-time data on the broader impact of COVID-19.

Specifically, Connexient provides information on indoor positioning and wayfinding, with a focus on healthcare organizations. CNL offers integrations with a variety of other types of devices, including access control systems, building management systems, intrusion detection systems and fire panels, Mouline said. The Critical Event Management platform will send out information on needed next steps, for example sounding an alarm or locking doors.

Everbridge also acquired cell broadcast provider One2many. The resulting unified Public Warning System provides a countrywide population alerting capability. The platform enables countries to share updates on viral hotspots and pandemic best practices; coordinate first responders and healthcare resources; establish two-way communications with at-risk populations; and manage disruptions to transportation, education and other services, according to Everbridge.

The three acquired companies have each become an “Everbridge company.” Everbridge did not release terms of the acquisitions.

Go to Original Article
Author:

International Women’s Day 2020: Creating opportunity for all – Microsoft Partner Network

Sunday, March 8th will mark a day that’s close to my heart, International Women’s Day.

The day shines a light on the progress we’ve made in recognizing the potential of a diverse and inclusive economy and the power that comes from developing strong, female role models. Yet while we can reflect on that progress, we must also acknowledge the work that still must be done. It is critical for me that we address the challenges that still exist for women in today’s business landscape—there are many women around the world who are locked out of opportunities many take for granted, for a variety of reasons.

I’m proud of the work we’ve done at Microsoft so far to increase access and opportunities for women through our workplace culture, policies and technologies. I believe we have a responsibility to highlight other organizations that have also prioritized diversity and inclusion and encourage others to do the same.

Building opportunity and access for all through technology

Technology helps organizations empower their employees, optimize their operations, connect with their customers and transform their products. It’s also a key factor in building an inclusive economy; an economy that harnesses the power of diversity to create opportunities and positive business outcomes for all. At Microsoft, we understand that a diverse work force inspires diverse solutions, which ultimately helps drive innovations that benefit everyone.

That’s why I am excited to share that Microsoft is supporting the United Nation’s Sustainable Development Goals through our #BuildFor2030 campaign. Through October, we will be highlighting Microsoft partners with solutions that align to the UN’s goals. And in celebration of Women’s History Month and International Women’s Day on March 8th, we will be focusing on solutions by women-led organizations within our Microsoft partner community. I encourage you to read more about these incredible innovations here.

These solutions showcase the entrepreneurial spirit of women in technology—a community that is grossly underrepresented in the marketplace today. Recent studies suggest, if women and men participated equally as entrepreneurs, global GDP could rise by approximately 3% to 6%, boosting the global economy by as much as $5 trillion. If we work together, we can start that shift, and create more opportunities for everyone.


Did you know?

According to the McKinsey Global Institute:

  • Companies in the top quartile for gender diversity are 21 percent more profitable than companies in the bottom quartile
  • Companies in the top quartile for ethnic and cultural diversity are 33 percent more likely to outperform companies in the bottom quartile
  • Closing the gender gap in the workforce could add $28 trillion to the global GDP
  • Closing the gender gap in the workforce could add $28 trillion to the global GDP

Women in Cloud

In January, Microsoft hosted the Women in Cloud Summit in Redmond, and I had the privilege of discussing how we can all work to create more opportunities for women in technology. Women in Cloud is a community-led organization that brings together female entrepreneurs, global leaders, corporations, and policy makers to support economic development for women in tech. They have vowed to help create $1 billion in economic access and opportunity by 2030.

As an executive sponsor of this initiative, I have sat down with many female business owners and have heard their struggles, triumphs and breakthroughs. Everyone I’ve met has emphasized the importance of access to technology, customers, partners, and investments. My team and I are focused on creating access for their growth through co-marketing and co-selling opportunities as we strive to create an inclusive marketplace for all partners to deploy cloud solutions and services.

Building for the future

While we are focused on creating equal access and opportunity for women business owners today, we must also prepare the next generation of entrepreneurs and female tech leaders. To participate in the global economy and businesses of the future, understanding and innovating with technology will be a core skill of any job. Young women need to embrace technology and develop skills and passions that will be key success factors in a world where technology is part of every business in every industry.

I’d like to invite all Microsoft partners to join other impact-oriented technology solution leaders in the #BuildFor2030 campaign to highlight their innovative solutions. And in honor of International Women’s Day, I encourage you to take action and drive momentum towards creating a gender-equal society by supporting this campaign.

Go to Original Article
Author: Steve Clarke

For Sale – ***Poss Part Ex*** HP Pavilion Gaming Laptop GTX 1660Ti + Core i7

That’s fair enough bud, I’m not local to you anyways and it would cost me a bit in fuel.
It’s a good spec laptop but without any warranty it’s a £700 punt and I could buy a decent desktop with new components for that money. I’ll leave my offer on the table for now in case you have a change of mind.
Regards

Go to Original Article
Author:

Wanted – Cheap MacBook Pro

£100? No chance. Any MacBook that’s working and has the specs you’re after is £300 minimum, and the 8gb ram is always on the step up model up until newer generations.

I should add that I’m not looking to troll – I have a 15inch I’m looking to part with but it’s way out of your price range – hence me having a look at wht you were after.

Go to Original Article
Author:

Hustle Up! Discover Microsoft Store resources for a better side hustle

While many are interested in starting a side gig, there is one group in particular that’s looking for ways to make extra money and improve business skills this time of year—higher education students.

With the arrival of a new academic year comes a diverse crop of achievement-minded students looking for innovative ways to gain invaluable on-the-go experience while earning much-needed income.

Considering student loans, single parenthood, increased costs of living, and more, the reality for today’s higher education students is that they need to earn money now, while expanding their professional know-how. They understand employers are looking for nontraditional employees with uniquely diversified expertise and specialties, and they don’t have the luxury of depending solely on internships anymore.

These students have found they can leverage their passions to start side hustles to turn a profit and gain hands-on knowledge that aligns with the theories they are learning in class.

In order to pinpoint the most advantageous resources and tips needed for a side hustle, Microsoft Store collaborated with Chris Guillebeau, a New York Times bestselling author and host of the Side Hustle School podcast.

“Side hustles are a great way to create options, which are important in today’s world. They’re a fast track to freedom and job security. Consider the purpose of an internship—experience. Why not get paid for your experience by learning to start an income-generating project?”
—Chris Guillebeau

The challenge for some people who build a side hustle is that they have amazing ideas to generate extra income, but need help managing their business operations. That’s where solutions like Microsoft 365 and other Microsoft Store resources can help.

Start to Hustle Up!

Hustle Up!, a mobile experience, was developed by Microsoft Store to help identify the right resources needed to amplify different kinds of side hustles. By answering a series of questions, Hustle Up! explores your side hustle aptitude, identifies your strengths and interests, and connects you with the best resources to help you on your way.

Each of the four Hustle Up! outcomes—Freelancer, Maker, Reseller, and Expert—were carefully crafted to match you with your top side hustle type and each highlight your professional skills along with top actionable tips from Chris Guillebeau. Tips include prime resources that help you maintain work, school, and life balance, such as:

  • For Freelancers, having the ability to get reviews ASAP is critical. Reviews matter a lot in business, especially when you are trying to stand out in an overly saturated market. Chris recommends that Freelancers gather real-time client feedback by creating surveys and polls using Microsoft 365 offerings.
  • Side hustlers who fall into the Expert category know how to adapt their knowledge to a product or service but can struggle trying to stay on top of all their clients’ various needs. To manage multiple asks and schedules, Chris advises Experts to keep track of their daily, weekly, and monthly tasks while on the go with OneNote.

Eager to learn and achieve more with your side hustle? Even more expert tips await! Try Hustle Up! to discover how to better your side hustle and visit Microsoft Store in person or online to uncover additional resources, fun and free workshops, and solutions that will amplify your entrepreneurial skills.

Go to Original Article
Author: Microsoft News Center

Are SD-WAN security concerns warranted?

Are software-defined WAN security features sufficient to handle the demands of most enterprises? That’s the question addressed by author and engineer Christoph Jaggi, whose SD-WAN security concerns were cited in a recent blog post on IPSpace. The short answer? No — primarily because of the various connections that can take place over an SD-WAN deployment.

“The only common elements between the different SD-WAN offerings on the market are the separation of the data plane and the control plane and the takeover of the control plane by an SD-WAN controller,” Jaggi said. “When looking at an SD-WAN solution, it is part of the due diligence to look at the key management and the security architecture in detail. There are different approaches to implement network security, each having its own benefits and challenges.”

Organizations contemplating SD-WAN rollouts should determine whether prospective products meet important security thresholds. For example, products should support cryptographic protocols and algorithms and meet current key management criteria, Jaggi said.

Read what Jaggi had to say about the justification for SD-WAN security concerns.

Wireless ain’t nothing without the wire

You can have the fanciest access points and the flashiest management software, but without good and reliable wiring underpinning your wireless LAN, you’re not going to get very far. So said network engineer Lee Badman as he recounted a situation where a switch upgrade caused formerly reliable APs to lurch to a halt.

“I’ve long been a proponent of recognizing [unshielded twisted pair] as a vital component in the networking ecosystem,” Badman said. Flaky cable might still be sufficient in a Fast Ethernet world, but with multigig wireless now taking root, old cable can be the source of many problems, he said.

For Badman, the culprit was PoE-related and once the cable was re-terminated and tested anew, the APs again worked like a charm. A good lesson.

See what else Badman had to say about the issues that can plague a WLAN.

The long tail and DDoS attacks

Now there’s something new to worry about with distributed denial of service, or DDoS, attacks. Network engineer Russ White has examined another tactic, dubbed tail attacks, which can just as easily clog networking resources.

Unlike traditional DDoS or DoS attacks that overwhelm bandwidth or TCP sessions, tail attacks concentrate on resource pools, such as storage nodes. In this scenario, a targeted node might be struggling because of full queues, White said, and that can cause dependent nodes to shut down as well. These tail attacks don’t require a lot of traffic and, what’s more, are difficult to detect.

For now, tail attacks aren’t common; they require attackers to know a great deal about a particular network before they can be launched. That said, they are something network managers should be aware of, White added.

Read more about tail attacks.

For Sale – Corsair HX1200 PSU

Selling a Corsair HX1200 that’s been sitting on the shelf for too long now. Bought in Nov 2017 from Scan so still has warranty remaining.

As new condition and only used for a month or so, with full box and papers etc.

Looking for £140 inc special delivery

Price and currency: 140
Delivery: Delivery cost is included within my country
Payment method: Cash or Bank Transfer
Location: Ingatestone, Essex
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Good spec Laptop for £200 tops Essex area

Looking for a Laptop for the family so i can retire my old Win Xp Toshiba.

Would like something thats able to run games like Roblox and Fortnite for my son and run all the obvious Microsoft applications with ease.

Would rather cash on collection in and around the Herts essex area

£200 is my budget

Thanks

Location: Harlow essex

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.