Home > Resources > Articles > Primary Data contributes to NFS 4.2

Primary Data contributes to NFS 4.2

Software-defined storage vendor Primary Data’s open standards parallel NFS contributions made it into the NFS 4.2 standard, which could help the startup make inroads with scale-out storage customers.

Spotlight

VBS IT Services

Your Exclusive Single Source for Avaya, Cisco, Nortel, TalkSwitch, IP PBX PHONE SYSTEMS, VoIP, 24X7 monitored NETWORK COMPUTER SERVICES, Virtual / Cloud solutions, Smartphone Integration, Hardware & CRM, Backoffice Software Solutions.

OTHER ARTICLES
Virtual Desktop Strategies

VM Applications for Software Development and Secure Testing

Article | July 26, 2022

Contents 1. Introduction 2. Software Development and Secure Testing 3. Using VMs in Software Development and Secure Testing 4. Conclusion 1. Introduction “Testing is an infinite process of comparing the invisible to the ambiguous in order to avoid the unthinkable happening to the anonymous.” —James Bach. Testing software is crucial for identifying and fixing security vulnerabilities. However, meeting quality standards for functionality and performance does not guarantee security. Thus, software testing nowadays is a must to identify and address application security vulnerabilities to maintain the following: Security of data history, databases, information, and servers Customers’ integrity and trust Web application protection from future attacks VMs provide a flexible and isolated environment for software development and security testing. They offer easy replication of complex configurations and testing scenarios, allowing efficient issue resolution. VMs also provide secure testing by isolating applications from the host system and enabling a reset to a previous state. In addition, they facilitate DevOps practices and streamline the development workflow. 2. Software Development and Secure Testing Software Secure Testing: The Approach The following approaches must be considered while preparing and planning for security tests: Architecture Study and Analysis: Understand whether the software meets the necessary requirements. Threat Classification: List all potential threats and risk factors that must be tested. Test Planning: Run the tests based on the identified threats, vulnerabilities, and security risks. Testing Tool Identification: For software security testing tools for web applications, the developer must identify the relevant security tools to test the software for specific use cases. Test-Case Execution: After performing a security test, the developer should fix it using any suitable open-source code or manually. Reports: Prepare a detailed test report of the security tests performed, containing a list of the vulnerabilities, threats, and issues resolved and the ones that are still pending. Ensuring the security of an application that handles essential functions is paramount. This may involve safeguarding databases against malicious attacks or implementing fraud detection mechanisms for incoming leads before integrating them into the platform. Maintaining security is crucial throughout the software development life cycle (SDLC) and must be at the forefront of developers' minds while executing the software's requirements. With consistent effort, the SDLC pipeline addresses security issues before deployment, reducing the risk of discovering application vulnerabilities while minimizing the damage they could cause. A secure SDLC makes developers responsible for critical security. Developers need to be aware of potential security concerns at each step of the process. This requires integrating security into the SDLC in ways that were not needed before. As anyone can potentially access source code, coding with potential vulnerabilities in mind is essential. As such, having a robust and secure SDLC process is critical to ensuring applications are not subject to attacks by hackers. 3. Using VMs in Software Development and Secure Testing: Snapshotting: Snapshotting allows developers to capture a VM's state at a specific point in time and restore it later. This feature is helpful for debugging and enables developers to roll back to a previous state when an error occurs. A virtual machine provides several operations for creating and managing snapshots and snapshot chains. These operations let users create snapshots, revert to any snapshots in the chain, and remove snapshots. In addition, extensive snapshot trees can be created to streamline the flow. Virtual Networking: It allows virtual machines to be connected to virtual networks that simulate complex network topologies, allowing developers to test their applications in different network environments. This allows expanding data centers to cover multiple physical locations, gaining access to a plethora of more efficient options. This empowers them to effortlessly modify the network as per changing requirements without any additional hardware. Moreover, providing the network for specific applications and needs offers greater flexibility. Additionally, it enables workloads to be moved seamlessly across the network infrastructure without compromising on service, security, or availability. Resource Allocation: VMs can be configured with specific resource allocations such as CPU, RAM, and storage, allowing developers to test their applications under different resource constraints. Maintaining a 1:1 ratio between the virtual machine processor and its host or core is highly recommended. It's crucial to refrain from over-subscribing virtual machine processors to a single core, as this could lead to stalled or delayed events, causing significant frustration and dissatisfaction among users. However, it is essential to acknowledge that IT administrators sometimes overallocate virtual machine processors. In such cases, a practical approach is to start with a 2:1 ratio and gradually move towards 4:1, 8:1, 12:1, and so on while bringing virtual allocation into IT infrastructure. This approach ensures a safe and seamless transition towards optimized virtual resource allocation. Containerization within VMs: Containerization within VMs provides an additional layer of isolation and security for applications. Enterprises are finding new use cases for VMs to utilize their in-house and cloud infrastructure to support heavy-duty application and networking workloads. This will also have a positive impact on the environment. DevOps teams use containerization with virtualization to improve software development flexibility. Containers allow multiple apps to run in one container with the necessary components, such as code, system tools, and libraries. For complex applications, both virtual machines and containers are used together. However, while containers are used for the front-end and middleware, VMs are used for the back-end. VM Templates: VM templates are pre-configured virtual machines that can be used as a base for creating new virtual machines, making it easier to set up development and testing environments. A VM template is an image of a virtual machine that serves as a master copy. It includes VM disks, virtual devices, and settings. By using a VM template, cloning a virtual machine multiple times can be achieved. When you clone a VM from a template, the clones are independent and not linked to the template. VM templates are handy when a large number of similar VMs need to be deployed. They preserve VM consistency. To edit a template, convert it to a VM, make the necessary changes, and then convert the edited VM back into a new template. Remote Access: VMs can be accessed remotely, allowing developers and testers to collaborate more effectively from anywhere worldwide. To manage a virtual machine, follow these steps: enable remote access, connect to the virtual machine, and then access the VNC or serial console. Once connected, full permission to manage the virtual machine is granted with the user's approval. Remote access provides a secure way to access VMs, as connections can be encrypted and authenticated to prevent unauthorized access. Additionally, remote access allows for easier management of VMs, as administrators can monitor and control virtual machines from a central location. DevOps Integration: DevOps is a collection of practices, principles, and tools that allow a team to release software quickly and efficiently. Virtualization is vital in DevOps when developing intricate cloud, API, and SOA systems. Virtual machines enable teams to simulate environments for creating, testing, and launching code, ultimately preserving computing resources. While commencing a bug search at the API layer, teams find that virtual machines are suitable for test-driven development (TDD). Virtualization providers handle updates, freeing up DevOps teams, to focus on other areas and increasing productivity by 50 –60%. In addition, VMs allow for simultaneous testing of multiple release and patch levels, improving product compatibility and interoperability. 4. Conclusion The outlook for virtual machine applications is highly promising in the development and testing fields. With the increasing complexity of development and testing processes, VMs can significantly simplify and streamline these operations. In the future, VMs are expected to become even more versatile and potent, providing developers and testers with a broader range of tools and capabilities to facilitate the development process. One potential future development is integrating machine learning and artificial intelligence into VMs. This would enable VMs to automate various tasks, optimize the allocation of resources, and generate recommendations based on performance data. Moreover, VMs may become more agile and lightweight, allowing developers and testers to spin up and spin down instances with greater efficiency. The future of VM applications for software development and security testing looks bright, with continued innovation and development expected to provide developers and testers with even more powerful and flexible tools to improve the software development process.

Read More
Server Hypervisors

VMware NSX 3.2 Delivers New, Advanced Security Capabilities

Article | September 9, 2022

It’s an impactful release focused on significant NSX Security enhancements Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers. Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers. Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“ Umesh Mahajan, SVP, GM (Networking and Security Business Unit) Distributed Advanced Threat Prevention (ATP) Attackers often use multiple sophisticated techniques to penetrate the network, move laterally within the network in a stealthy manner, and exfiltrate critical data at an appropriate time. Micro-segmentation solutions focused solely on access control can reduce the attack surface — but cannot provide the detection and prevention technologies needed to thwart modern attacks. NSX-T 3.2 introduces several new capabilities focused on detection and prevention of attacks inside the network. Of critical note is that these advanced security solutions do not need network taps, separate monitoring networks, or agents inside each and every workload. Distributed Malware Prevention Lastline’s highly reputed dynamic malware technology is now integrated with NSX Distributed Firewall to deliver an industry-first Distributed Malware Prevention solution. Leveraging the integration with Lastline, a Distributed Firewall embedded within the hypervisor kernel can now identify both “known malicious” as well as “zero day” malware Distributed Behavioral IDS Whereas earlier versions of NSX Distributed IDPS (Intrusion Detection and Prevention System) delivered primarily signature-based detection of intrusions, NSX 3.2 introduces “behavioral” intrusion detection capabilities as well. Even if specific IDS signatures are not triggered, this capability helps customers know whether a workload is seeing any behavioral anomalies, like DNS tunneling or beaconing, for example, that could be a cause for concern. Network Traffic Analysis (NTA) For customers interested in baselining network-wide behavior and identifying anomalous behavior at the aggregated network level, NSX-T 3.2 introduces Distributed Network Traffic Analysis (NTA). Network-wide anomalies like lateral movement, suspicious RDP traffic, and malicious interactions with the Active Directory server, for example, can alert security teams about attacks underway and help them take quick remediation actions. Network Detection and Response (NDR) Alert overload, and resulting fatigue, is a real challenge among security teams. Leveraging advanced AI/ML techniques, the NSX-T 3.2 Network Detection and Response solution consolidates security IOCs from different detection systems like IDS, NTA, malware detection. etc., to provide a ”campaign view” that shows specific attacks in play at that point in time. MITRE ATT&CK visualization helps customers see the specific stage in the kill chain of individual attacks, and the ”time sequence” view helps understand the sequence of events that contributed to the attack on the network. Key Firewall Enhancements While delivering new Advanced Threat Prevention capabilities is one key emphasis for the NSX-T 3.2 release, providing meaningful enhancements for core firewalling capabilities is an equally critical area of innovation. Distributed Firewall for VDS Switchports While NSX-T has thus far supported workloads connected to both overlay-based N-VDS switchports as well as VLAN-based switchports, customers had to move the VLAN switchports from VDS to N-VDS before a Distributed Firewall could be enforced. With NSX-T 3.2, native VLAN DVPGs are supported as-is, without having to move to N-VDS. Effectively, Distributed Security can be achieved in a completely seamless manner without having to modify any networking constructs. Distributed Firewall workflows in vCenter With NSX-T 3.2, we are introducing the ability to create and modify Distributed Firewall rules natively within vCenter. For small- to medium-sized VMware customers, this feature simplifies the user experience by eliminating the need to leverage a separate NSX Manager interface. Advanced User Identification for Distributed and Gateway Firewalls NSX supported user identity-based access control in earlier releases. With NSX-T 3.2, we’re introducing the ability to directly connect to Microsoft Active Directory to support user identity mapping. In addition, for customers who do not use Active Directory for user authentication, NSX also supports VMware vRealize LogInsight as an additional method to carry out user identity mapping. This feature enhancement is applicable for both NSX Distributed Firewall as well as NSX Gateway Firewall. Enhanced L7 Application Identification for Distributed and Gateway Firewalls NSX supported Layer-7 application identification-based access control in earlier releases. With NSX-T 3.2, we are enhancing the signature set to about 750 applications. While several perimeter firewall vendors claim a larger set of Layer-7 application signatures, they focus mostly on internet application identification (like Facebook, for example). Our focus with NSX at this time is on internal applications hosted by enterprises. This feature enhancement is applicable for both NSX Distributed Firewall as well as Gateway Firewalls. NSX Intelligence NSX Intelligence is geared towards delivering unprecedented visibility for all application traffic inside the network and enabling customers to create micro-segmentation policies to reduce the attack surface. It has a processing pipeline that de-dups, aggregates, and correlates East-West traffic to deliver in-depth visibility. Scalability enhancements for NSX Intelligence As application infrastructure grows rapidly, it is vital that one’s security analytics platform can grow with it. With the new release, we have rearchitected the application platform upon which NSX Intelligence runs — moving from a stand-alone appliance to a containerized micro-service architecture powered by Kubernetes. This architectural change future-proofs the Intelligence data lake and allows us to eventually scale out our solution to n-node Kubernetes clusters. Large Enterprise customers that need visibility for application traffic can confidently deploy NSX Intelligence and leverage the enhanced scale it supports. NSX Gateway Firewall While NSX Distributed Firewall focuses on east-west controls within the network, NSX Gateway Firewall is used for securing ingress and egress traffic into and out of a zone. Gateway Firewall Malware Detection NSX Gateway Firewall in the 3.2 release received significant Advanced Threat Detection capabilities. Gateway Firewall can now identify both known as well as zero-day malware ingressing or egressing the network. This new capability is based on the Gateway Firewall integration with Lastline’s highly reputed dynamic network sandbox technology. Gateway Firewall URL Filtering Internal users and applications reaching out to malicious websites is a huge security risk that must be addressed. In addition, enterprises need to limit internet access to comply with corporate internet usage policies. NSX Gateway Firewall in 3.2 introduces the capability to restrict access to internet sites. Access can be limited based on either the category the URL belongs to, or the “reputation” of the URL. The URL to category and reputation mapping is constantly updated by VMware so customer intent is enforced automatically even after many changes in the internet sites themselves.

Read More
Virtual Desktop Tools, Server Hypervisors

Boosting Productivity with Kubernetes and Docker

Article | June 8, 2023

Learn setting up a Docker and Kubernetes environment with the right considerations and choose the best-suited software from ten leading tools, softwares and platforms for your business needs. Contents The blog discusses how Kubernetes and Docker can boost software development and deployment productivity. In addition, it covers the benefits of the role of Kubernetes in orchestrating containerized applications and best practices for implementing these technologies to improve efficiency and streamline workflows. Docker and Kubernetes are both essential containerization ecosystem utilities. Kubernetes, an excellent DevOps solution, manages and automates containers' deployment and scaling, along with operating across clusters of hosts, whereas Docker is used for creating and operating containers. The blog covers tips to consider while choosing tools/platforms. It further enlists ten platforms providing Kubernetes and Docker, featuring their offerings. 1. Considerations While Setting Up a Development Environment with Kubernetes and Docker 1.1 Fluid app delivery A platform for application development must provide development teams with high velocity. Two factors contribute to high velocity: rapid application delivery and brief development cycles. Application platforms must support build processes that start with source code. The platforms must also facilitate the repetitive deployment of applications on any remote staging instance. 1.2 Polyglot support Consistency is the defining characteristic of an application platform. On-demand, repetitive, and reproducible builds must be supported by the platform. Extending a consistent experience across all languages and frameworks elevates the platform experience. The platform must support a native build process and the ability to develop and customize this build process. 1.3 Baked-in security Containerized environments are secured in a significantly different manner than conventional applications. A fundamental best practice is to utilize binaries compiled with all necessary dependencies. The build procedure should also include a directive to eliminate unnecessary components for the application's operation. Setting up a zero-trust architecture between platform components that orchestrate deployments significantly improves the workloads' security posture. 1.4 Adjustable abstractions A platform with paved paths and the flexibility to accommodate the requirements of software engineering teams has a greater chance of success. Open-source platforms score highly in this regard, particularly those with modular architectures that allow the team to swap out parts as they adjust. 2.Top Tips to Consider While Choosing Tools and Platforms for Kubernetes and Docker 2.1 Production-Readiness Configuring Kubernetes or Docker can be complex and resource-intensive. A production-ready platform will ensure having the necessary fully automated features without the need for configuration. Security is an essential aspect of production readiness. Additionally, automation is critical, as production readiness requires that the solution manage all cluster management duties. Automated backup, recovery, and restore capabilities must be considered. Also, ensure the high availability, scalability, and self-healing of the cluster's platform. 2.2 Future-Readiness As the cloud and software evolve, a system's hosting location may affect its efficacy. The current trend is a multi-cloud strategy. Ensure that the platform can support abstracting from cloud or data center providers and building a shared infrastructure across clouds, cloud regions, and data centers, as well as assist in configuring them if required. According to a recent study, nearly one-third of organizations are already collaborating with four or more cloud service providers. (Source: Microsoft and 451 Research) 2.3 Ease of Administration Managing a Docker or Kubernetes cluster is complex and requires various skill sets. Kubernetes generates a lot of unprocessed data, which must be interpreted to comprehend what's happening with the cluster. Early detection and intervention are crucial to disaster prevention. Identifying a platform that eliminates the issue of analyzing raw data is essential. By incorporating automated intelligent monitoring and alerts, such solutions can provide critical status, error, event, and warning data to take appropriate action. 2.4 Assistance and Training As the organization begins to acquire Kubernetesor Docker skills, it is essential to have a vendor that can provide 24/7 support and training to ensure a seamless transition. Incorrect implementation will add a layer of complexity to infrastructure management. Leverage automation tools that offer the support needed to use Kubernetes and Docker without the management burden. 3. 10 Tools and Platforms Providing Kubernetes and Docker 3.1 Aqua Cloud Native Security Platform: Aqua Security provides the Aqua Cloud Native Security Platform, a comprehensive security solution designed to protect cloud-native applications and microservices. Aqua offers end-to-end security for applications operating on Docker Enterprise Edition (Community Edition), protecting the DevOps pipeline and production workloads with complete visibility and control. It provides end-to-end security across the entire application lifecycle, from development to production, for both containerized and serverless workloads. In addition, it automates prevention, detection, and response across the whole application lifecycle to secure the build, cloud infrastructure, and operating workloads, regardless of where they are deployed. 3.2 Weave Gitops Enterprise Weave GitOps Enterprise, a full-stack, developer-centric operating model for Kubernetes, creates and contributes to several open-source projects. Its products and services enable teams to design, build, and operate their Kubernetes platform at scale. Built by the creators of Flux and Flagger, Weave GitOps allows users to deploy and manage Kubernetes clusters and applications in the public or private cloud or their own data center. Weave GitOps Enterprise helps simplify Kubernetes with fully automated continuous delivery pipelines that roll out changes from development to staging and production. Weaveworks has used Kubernetes in production for over eight years and has developed that expertise into Weave GitOps Enterprise. 3.3 Mirantis Kubernetes Engine Mirantis provides the Mirantis Kubernetes Engine, a platform designed to help organizations deploy, manage, and scale their Kubernetes clusters. It includes features such as container orchestration, automated deployment, monitoring, and high availability, all designed to help organizations build and run their applications at scale. Mirantis Kubernetes Engine also includes a set of tools for managing the lifecycle of Kubernetes clusters, including cluster deployment, upgrades, and patching. It also has security scanning and policy enforcement features, as well as integration with other enterprise IT systems such as Active Directory and LDAP. 3.4 Portworx by Pure Storage Portworx's deep integration into Docker gives Portworx container data services benefits directly through the Docker Swarm scheduler. Swarm service creation brings the management capability of Portworx to the Docker persistent storage layer to avoid complex tasks such as increasing the storage pool without container downtime and problems like stuck EBS drives. Portworx is also a multi-cloud-ready Kubernetes storage and administration platform designed to simplify and streamline data management in Kubernetes. The platform abstracts the complexity of data storage in Kubernetes. Additionally, it serves as a software-defined layer that aggregates Kubernetes nodes' data storage into a virtual reservoir. 3.5 Platform9 Platform9 provides a powerful IDE for developers for simplified in-context views of pods, logs, events, and more. Both development and operations teams can access the information they need in an instant, secured through SSO and Kubernetes RBAC. The industry’s first SaaS-managed approach combined with a best-in-class support and customer success organization with a 99.9% consistent CSAT rating delivers production-ready K8s to organizations of any size. It provides services to deploy a cluster instantly, achieve GitOps faster, and take care of every aspect of cluster management, including remote monitoring, self-healing, automatic troubleshooting, and proactive issue resolution, around the clock. 3.6 Kubernetes Network Security Sysdig provides Kubernetes Network Security, a solution that offers cloud security from source to run. The product provides network security for Kubernetes environments by monitoring and blocking suspicious traffic in real time. It helps organizations protect their Kubernetes clusters against advanced threats and attacks. The product and Sysdig Secure offer Kubernetes Network Monitoring to investigate suspicious traffic and connection attempts, Kubernetes-Native Microsegmentation to enable microsegmentation without breaking the application, and Automated Network Policies to save time by automating Kubernetes network policies. 3.7 Kubernetes Operations Platform for Edge Rafay delivers a production-ready Kubernetes Operations Platform for Edge, streamlining ongoing operations for edge applications. It provides centralized multi-cluster management to deploy, manage, and upgrade all Kubernetes clusters from a single console across all edge nodes. In addition, it offers comprehensive lifecycle management, with which users can quickly and easily provision Kubernetes clusters at the edge, where cluster updates and upgrades are seamless with no downtime. Furthermore, the KMC for Edge quickly integrates with enterprise-class SSO solutions such as Okta, Ping One, and Azure AD, among others. Other features include standardized clusters and workflows, integration and automation, and centralized logging and monitoring. 3.8 Opcito Technologies Opcito provides simplified container management with efficient provisioning, deployment, scaling, and networking. Its application containerization expertise helps containerize existing and new applications and dependencies. Opcito is well-versed in leading container orchestration platforms like Docker Swarm and Kubernetes. While it helps choose the container platform that best suits specific application needs, it also helps with the end-to-end management of containers so clients can release applications faster and focus on innovation and business. The container management and orchestration services include: building secured microservices, Enterprise-scale Container Management and Orchestration, Orchestration, and Container Monitoring. 3.9 D2iQ Kubernetes Platform (DKP) D2iQ (DKP) enables enterprises to take advantage of all the benefits of cloud-native Kubernetes while laying the groundwork for intelligent cloud-native innovation by simplifying Kubernetes deployment and maintenance. It simplifies and automates the most difficult parts of an enterprise Kubernetes deployment across all infrastructures. DKP helps enterprises easily overcome operational barriers and set them up in minutes and hours rather than weeks and months. In addition, DKP simplifies Kubernetes management through automation using GitOps workflow, observability, application catalog, real-time cost management, and more. 3.10 Spektra Spektra, by Diamanti, a multi-cluster management solution for DevOps and production teams, provides centralized multi-cluster management, a single control plane to deliver everything needed to provision and manage the lifecycle of multiple clusters. Spektra is built to cater to business needs, from air-gapped on-prem deployments to hybrid and multi-cloud infrastructures. It also enables stretching resources across different clusters within the tenant. Furthermore, it allows you to move workloads and their associated data from one cluster to another directly from its dashboard. Spektra integrates with lightweight directory access protocols (LDAP) and Active Directory (AD) to enable user authentication and streamline resource access. In addition, it offers application migration, data mobility, and reporting. 4. Conclusion It is evident that Kubernetes and Docker can significantly boost software development and deployment productivity. By adopting appropriate containerization platforms and leveraging Kubernetes for orchestration, organizations can streamline workflows, improve efficiency, and enhance the reliability of their applications. Furthermore, following the tips to choose the tools or platform carefully can further improve productivity.

Read More

ProtonVPN iOS app now supports the OpenVPN protocol

Article | May 7, 2020

Your ProtonVPN iOS app is now better equipped to fight censorship and offers more flexible connection options with the launch of OpenVPN for iOS. The OpenVPN protocol is one of the best VPN protocols because of its flexibility, security, and because it is more resistant to blocks. You now have the option to switch between the faster IKEv2 protocol and the more stable and censorship-resistant OpenVPN protocol.

Read More
Virtual Desktop Strategies

Network Virtualization: Gaining a Competitive Edge

Article | July 26, 2022

Contents 1. Introduction 2. Software Development and Secure Testing 3. Using VMs in Software Development and Secure Testing 4. Conclusion 1. Introduction “Testing is an infinite process of comparing the invisible to the ambiguous in order to avoid the unthinkable happening to the anonymous.” —James Bach. Testing software is crucial for identifying and fixing security vulnerabilities. However, meeting quality standards for functionality and performance does not guarantee security. Thus, software testing nowadays is a must to identify and address application security vulnerabilities to maintain the following: Security of data history, databases, information, and servers Customers’ integrity and trust Web application protection from future attacks VMs provide a flexible and isolated environment for software development and security testing. They offer easy replication of complex configurations and testing scenarios, allowing efficient issue resolution. VMs also provide secure testing by isolating applications from the host system and enabling a reset to a previous state. In addition, they facilitate DevOps practices and streamline the development workflow. 2. Software Development and Secure Testing Software Secure Testing: The Approach The following approaches must be considered while preparing and planning for security tests: Architecture Study and Analysis: Understand whether the software meets the necessary requirements. Threat Classification: List all potential threats and risk factors that must be tested. Test Planning: Run the tests based on the identified threats, vulnerabilities, and security risks. Testing Tool Identification: For software security testing tools for web applications, the developer must identify the relevant security tools to test the software for specific use cases. Test-Case Execution: After performing a security test, the developer should fix it using any suitable open-source code or manually. Reports: Prepare a detailed test report of the security tests performed, containing a list of the vulnerabilities, threats, and issues resolved and the ones that are still pending. Ensuring the security of an application that handles essential functions is paramount. This may involve safeguarding databases against malicious attacks or implementing fraud detection mechanisms for incoming leads before integrating them into the platform. Maintaining security is crucial throughout the software development life cycle (SDLC) and must be at the forefront of developers' minds while executing the software's requirements. With consistent effort, the SDLC pipeline addresses security issues before deployment, reducing the risk of discovering application vulnerabilities while minimizing the damage they could cause. A secure SDLC makes developers responsible for critical security. Developers need to be aware of potential security concerns at each step of the process. This requires integrating security into the SDLC in ways that were not needed before. As anyone can potentially access source code, coding with potential vulnerabilities in mind is essential. As such, having a robust and secure SDLC process is critical to ensuring applications are not subject to attacks by hackers. 3. Using VMs in Software Development and Secure Testing: Snapshotting: Snapshotting allows developers to capture a VM's state at a specific point in time and restore it later. This feature is helpful for debugging and enables developers to roll back to a previous state when an error occurs. A virtual machine provides several operations for creating and managing snapshots and snapshot chains. These operations let users create snapshots, revert to any snapshots in the chain, and remove snapshots. In addition, extensive snapshot trees can be created to streamline the flow. Virtual Networking: It allows virtual machines to be connected to virtual networks that simulate complex network topologies, allowing developers to test their applications in different network environments. This allows expanding data centers to cover multiple physical locations, gaining access to a plethora of more efficient options. This empowers them to effortlessly modify the network as per changing requirements without any additional hardware. Moreover, providing the network for specific applications and needs offers greater flexibility. Additionally, it enables workloads to be moved seamlessly across the network infrastructure without compromising on service, security, or availability. Resource Allocation: VMs can be configured with specific resource allocations such as CPU, RAM, and storage, allowing developers to test their applications under different resource constraints. Maintaining a 1:1 ratio between the virtual machine processor and its host or core is highly recommended. It's crucial to refrain from over-subscribing virtual machine processors to a single core, as this could lead to stalled or delayed events, causing significant frustration and dissatisfaction among users. However, it is essential to acknowledge that IT administrators sometimes overallocate virtual machine processors. In such cases, a practical approach is to start with a 2:1 ratio and gradually move towards 4:1, 8:1, 12:1, and so on while bringing virtual allocation into IT infrastructure. This approach ensures a safe and seamless transition towards optimized virtual resource allocation. Containerization within VMs: Containerization within VMs provides an additional layer of isolation and security for applications. Enterprises are finding new use cases for VMs to utilize their in-house and cloud infrastructure to support heavy-duty application and networking workloads. This will also have a positive impact on the environment. DevOps teams use containerization with virtualization to improve software development flexibility. Containers allow multiple apps to run in one container with the necessary components, such as code, system tools, and libraries. For complex applications, both virtual machines and containers are used together. However, while containers are used for the front-end and middleware, VMs are used for the back-end. VM Templates: VM templates are pre-configured virtual machines that can be used as a base for creating new virtual machines, making it easier to set up development and testing environments. A VM template is an image of a virtual machine that serves as a master copy. It includes VM disks, virtual devices, and settings. By using a VM template, cloning a virtual machine multiple times can be achieved. When you clone a VM from a template, the clones are independent and not linked to the template. VM templates are handy when a large number of similar VMs need to be deployed. They preserve VM consistency. To edit a template, convert it to a VM, make the necessary changes, and then convert the edited VM back into a new template. Remote Access: VMs can be accessed remotely, allowing developers and testers to collaborate more effectively from anywhere worldwide. To manage a virtual machine, follow these steps: enable remote access, connect to the virtual machine, and then access the VNC or serial console. Once connected, full permission to manage the virtual machine is granted with the user's approval. Remote access provides a secure way to access VMs, as connections can be encrypted and authenticated to prevent unauthorized access. Additionally, remote access allows for easier management of VMs, as administrators can monitor and control virtual machines from a central location. DevOps Integration: DevOps is a collection of practices, principles, and tools that allow a team to release software quickly and efficiently. Virtualization is vital in DevOps when developing intricate cloud, API, and SOA systems. Virtual machines enable teams to simulate environments for creating, testing, and launching code, ultimately preserving computing resources. While commencing a bug search at the API layer, teams find that virtual machines are suitable for test-driven development (TDD). Virtualization providers handle updates, freeing up DevOps teams, to focus on other areas and increasing productivity by 50 –60%. In addition, VMs allow for simultaneous testing of multiple release and patch levels, improving product compatibility and interoperability. 4. Conclusion The outlook for virtual machine applications is highly promising in the development and testing fields. With the increasing complexity of development and testing processes, VMs can significantly simplify and streamline these operations. In the future, VMs are expected to become even more versatile and potent, providing developers and testers with a broader range of tools and capabilities to facilitate the development process. One potential future development is integrating machine learning and artificial intelligence into VMs. This would enable VMs to automate various tasks, optimize the allocation of resources, and generate recommendations based on performance data. Moreover, VMs may become more agile and lightweight, allowing developers and testers to spin up and spin down instances with greater efficiency. The future of VM applications for software development and security testing looks bright, with continued innovation and development expected to provide developers and testers with even more powerful and flexible tools to improve the software development process.

Read More
Server Hypervisors

Network Virtualization: The Future of Businesses and Networks

Article | September 9, 2022

It’s an impactful release focused on significant NSX Security enhancements Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers. Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers. Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“ Umesh Mahajan, SVP, GM (Networking and Security Business Unit) Distributed Advanced Threat Prevention (ATP) Attackers often use multiple sophisticated techniques to penetrate the network, move laterally within the network in a stealthy manner, and exfiltrate critical data at an appropriate time. Micro-segmentation solutions focused solely on access control can reduce the attack surface — but cannot provide the detection and prevention technologies needed to thwart modern attacks. NSX-T 3.2 introduces several new capabilities focused on detection and prevention of attacks inside the network. Of critical note is that these advanced security solutions do not need network taps, separate monitoring networks, or agents inside each and every workload. Distributed Malware Prevention Lastline’s highly reputed dynamic malware technology is now integrated with NSX Distributed Firewall to deliver an industry-first Distributed Malware Prevention solution. Leveraging the integration with Lastline, a Distributed Firewall embedded within the hypervisor kernel can now identify both “known malicious” as well as “zero day” malware Distributed Behavioral IDS Whereas earlier versions of NSX Distributed IDPS (Intrusion Detection and Prevention System) delivered primarily signature-based detection of intrusions, NSX 3.2 introduces “behavioral” intrusion detection capabilities as well. Even if specific IDS signatures are not triggered, this capability helps customers know whether a workload is seeing any behavioral anomalies, like DNS tunneling or beaconing, for example, that could be a cause for concern. Network Traffic Analysis (NTA) For customers interested in baselining network-wide behavior and identifying anomalous behavior at the aggregated network level, NSX-T 3.2 introduces Distributed Network Traffic Analysis (NTA). Network-wide anomalies like lateral movement, suspicious RDP traffic, and malicious interactions with the Active Directory server, for example, can alert security teams about attacks underway and help them take quick remediation actions. Network Detection and Response (NDR) Alert overload, and resulting fatigue, is a real challenge among security teams. Leveraging advanced AI/ML techniques, the NSX-T 3.2 Network Detection and Response solution consolidates security IOCs from different detection systems like IDS, NTA, malware detection. etc., to provide a ”campaign view” that shows specific attacks in play at that point in time. MITRE ATT&CK visualization helps customers see the specific stage in the kill chain of individual attacks, and the ”time sequence” view helps understand the sequence of events that contributed to the attack on the network. Key Firewall Enhancements While delivering new Advanced Threat Prevention capabilities is one key emphasis for the NSX-T 3.2 release, providing meaningful enhancements for core firewalling capabilities is an equally critical area of innovation. Distributed Firewall for VDS Switchports While NSX-T has thus far supported workloads connected to both overlay-based N-VDS switchports as well as VLAN-based switchports, customers had to move the VLAN switchports from VDS to N-VDS before a Distributed Firewall could be enforced. With NSX-T 3.2, native VLAN DVPGs are supported as-is, without having to move to N-VDS. Effectively, Distributed Security can be achieved in a completely seamless manner without having to modify any networking constructs. Distributed Firewall workflows in vCenter With NSX-T 3.2, we are introducing the ability to create and modify Distributed Firewall rules natively within vCenter. For small- to medium-sized VMware customers, this feature simplifies the user experience by eliminating the need to leverage a separate NSX Manager interface. Advanced User Identification for Distributed and Gateway Firewalls NSX supported user identity-based access control in earlier releases. With NSX-T 3.2, we’re introducing the ability to directly connect to Microsoft Active Directory to support user identity mapping. In addition, for customers who do not use Active Directory for user authentication, NSX also supports VMware vRealize LogInsight as an additional method to carry out user identity mapping. This feature enhancement is applicable for both NSX Distributed Firewall as well as NSX Gateway Firewall. Enhanced L7 Application Identification for Distributed and Gateway Firewalls NSX supported Layer-7 application identification-based access control in earlier releases. With NSX-T 3.2, we are enhancing the signature set to about 750 applications. While several perimeter firewall vendors claim a larger set of Layer-7 application signatures, they focus mostly on internet application identification (like Facebook, for example). Our focus with NSX at this time is on internal applications hosted by enterprises. This feature enhancement is applicable for both NSX Distributed Firewall as well as Gateway Firewalls. NSX Intelligence NSX Intelligence is geared towards delivering unprecedented visibility for all application traffic inside the network and enabling customers to create micro-segmentation policies to reduce the attack surface. It has a processing pipeline that de-dups, aggregates, and correlates East-West traffic to deliver in-depth visibility. Scalability enhancements for NSX Intelligence As application infrastructure grows rapidly, it is vital that one’s security analytics platform can grow with it. With the new release, we have rearchitected the application platform upon which NSX Intelligence runs — moving from a stand-alone appliance to a containerized micro-service architecture powered by Kubernetes. This architectural change future-proofs the Intelligence data lake and allows us to eventually scale out our solution to n-node Kubernetes clusters. Large Enterprise customers that need visibility for application traffic can confidently deploy NSX Intelligence and leverage the enhanced scale it supports. NSX Gateway Firewall While NSX Distributed Firewall focuses on east-west controls within the network, NSX Gateway Firewall is used for securing ingress and egress traffic into and out of a zone. Gateway Firewall Malware Detection NSX Gateway Firewall in the 3.2 release received significant Advanced Threat Detection capabilities. Gateway Firewall can now identify both known as well as zero-day malware ingressing or egressing the network. This new capability is based on the Gateway Firewall integration with Lastline’s highly reputed dynamic network sandbox technology. Gateway Firewall URL Filtering Internal users and applications reaching out to malicious websites is a huge security risk that must be addressed. In addition, enterprises need to limit internet access to comply with corporate internet usage policies. NSX Gateway Firewall in 3.2 introduces the capability to restrict access to internet sites. Access can be limited based on either the category the URL belongs to, or the “reputation” of the URL. The URL to category and reputation mapping is constantly updated by VMware so customer intent is enforced automatically even after many changes in the internet sites themselves.

Read More
Virtual Desktop Tools, Server Hypervisors

Metasploitable: A Platform for Ethical Hacking and Penetration Testing

Article | June 8, 2023

Learn setting up a Docker and Kubernetes environment with the right considerations and choose the best-suited software from ten leading tools, softwares and platforms for your business needs. Contents The blog discusses how Kubernetes and Docker can boost software development and deployment productivity. In addition, it covers the benefits of the role of Kubernetes in orchestrating containerized applications and best practices for implementing these technologies to improve efficiency and streamline workflows. Docker and Kubernetes are both essential containerization ecosystem utilities. Kubernetes, an excellent DevOps solution, manages and automates containers' deployment and scaling, along with operating across clusters of hosts, whereas Docker is used for creating and operating containers. The blog covers tips to consider while choosing tools/platforms. It further enlists ten platforms providing Kubernetes and Docker, featuring their offerings. 1. Considerations While Setting Up a Development Environment with Kubernetes and Docker 1.1 Fluid app delivery A platform for application development must provide development teams with high velocity. Two factors contribute to high velocity: rapid application delivery and brief development cycles. Application platforms must support build processes that start with source code. The platforms must also facilitate the repetitive deployment of applications on any remote staging instance. 1.2 Polyglot support Consistency is the defining characteristic of an application platform. On-demand, repetitive, and reproducible builds must be supported by the platform. Extending a consistent experience across all languages and frameworks elevates the platform experience. The platform must support a native build process and the ability to develop and customize this build process. 1.3 Baked-in security Containerized environments are secured in a significantly different manner than conventional applications. A fundamental best practice is to utilize binaries compiled with all necessary dependencies. The build procedure should also include a directive to eliminate unnecessary components for the application's operation. Setting up a zero-trust architecture between platform components that orchestrate deployments significantly improves the workloads' security posture. 1.4 Adjustable abstractions A platform with paved paths and the flexibility to accommodate the requirements of software engineering teams has a greater chance of success. Open-source platforms score highly in this regard, particularly those with modular architectures that allow the team to swap out parts as they adjust. 2.Top Tips to Consider While Choosing Tools and Platforms for Kubernetes and Docker 2.1 Production-Readiness Configuring Kubernetes or Docker can be complex and resource-intensive. A production-ready platform will ensure having the necessary fully automated features without the need for configuration. Security is an essential aspect of production readiness. Additionally, automation is critical, as production readiness requires that the solution manage all cluster management duties. Automated backup, recovery, and restore capabilities must be considered. Also, ensure the high availability, scalability, and self-healing of the cluster's platform. 2.2 Future-Readiness As the cloud and software evolve, a system's hosting location may affect its efficacy. The current trend is a multi-cloud strategy. Ensure that the platform can support abstracting from cloud or data center providers and building a shared infrastructure across clouds, cloud regions, and data centers, as well as assist in configuring them if required. According to a recent study, nearly one-third of organizations are already collaborating with four or more cloud service providers. (Source: Microsoft and 451 Research) 2.3 Ease of Administration Managing a Docker or Kubernetes cluster is complex and requires various skill sets. Kubernetes generates a lot of unprocessed data, which must be interpreted to comprehend what's happening with the cluster. Early detection and intervention are crucial to disaster prevention. Identifying a platform that eliminates the issue of analyzing raw data is essential. By incorporating automated intelligent monitoring and alerts, such solutions can provide critical status, error, event, and warning data to take appropriate action. 2.4 Assistance and Training As the organization begins to acquire Kubernetesor Docker skills, it is essential to have a vendor that can provide 24/7 support and training to ensure a seamless transition. Incorrect implementation will add a layer of complexity to infrastructure management. Leverage automation tools that offer the support needed to use Kubernetes and Docker without the management burden. 3. 10 Tools and Platforms Providing Kubernetes and Docker 3.1 Aqua Cloud Native Security Platform: Aqua Security provides the Aqua Cloud Native Security Platform, a comprehensive security solution designed to protect cloud-native applications and microservices. Aqua offers end-to-end security for applications operating on Docker Enterprise Edition (Community Edition), protecting the DevOps pipeline and production workloads with complete visibility and control. It provides end-to-end security across the entire application lifecycle, from development to production, for both containerized and serverless workloads. In addition, it automates prevention, detection, and response across the whole application lifecycle to secure the build, cloud infrastructure, and operating workloads, regardless of where they are deployed. 3.2 Weave Gitops Enterprise Weave GitOps Enterprise, a full-stack, developer-centric operating model for Kubernetes, creates and contributes to several open-source projects. Its products and services enable teams to design, build, and operate their Kubernetes platform at scale. Built by the creators of Flux and Flagger, Weave GitOps allows users to deploy and manage Kubernetes clusters and applications in the public or private cloud or their own data center. Weave GitOps Enterprise helps simplify Kubernetes with fully automated continuous delivery pipelines that roll out changes from development to staging and production. Weaveworks has used Kubernetes in production for over eight years and has developed that expertise into Weave GitOps Enterprise. 3.3 Mirantis Kubernetes Engine Mirantis provides the Mirantis Kubernetes Engine, a platform designed to help organizations deploy, manage, and scale their Kubernetes clusters. It includes features such as container orchestration, automated deployment, monitoring, and high availability, all designed to help organizations build and run their applications at scale. Mirantis Kubernetes Engine also includes a set of tools for managing the lifecycle of Kubernetes clusters, including cluster deployment, upgrades, and patching. It also has security scanning and policy enforcement features, as well as integration with other enterprise IT systems such as Active Directory and LDAP. 3.4 Portworx by Pure Storage Portworx's deep integration into Docker gives Portworx container data services benefits directly through the Docker Swarm scheduler. Swarm service creation brings the management capability of Portworx to the Docker persistent storage layer to avoid complex tasks such as increasing the storage pool without container downtime and problems like stuck EBS drives. Portworx is also a multi-cloud-ready Kubernetes storage and administration platform designed to simplify and streamline data management in Kubernetes. The platform abstracts the complexity of data storage in Kubernetes. Additionally, it serves as a software-defined layer that aggregates Kubernetes nodes' data storage into a virtual reservoir. 3.5 Platform9 Platform9 provides a powerful IDE for developers for simplified in-context views of pods, logs, events, and more. Both development and operations teams can access the information they need in an instant, secured through SSO and Kubernetes RBAC. The industry’s first SaaS-managed approach combined with a best-in-class support and customer success organization with a 99.9% consistent CSAT rating delivers production-ready K8s to organizations of any size. It provides services to deploy a cluster instantly, achieve GitOps faster, and take care of every aspect of cluster management, including remote monitoring, self-healing, automatic troubleshooting, and proactive issue resolution, around the clock. 3.6 Kubernetes Network Security Sysdig provides Kubernetes Network Security, a solution that offers cloud security from source to run. The product provides network security for Kubernetes environments by monitoring and blocking suspicious traffic in real time. It helps organizations protect their Kubernetes clusters against advanced threats and attacks. The product and Sysdig Secure offer Kubernetes Network Monitoring to investigate suspicious traffic and connection attempts, Kubernetes-Native Microsegmentation to enable microsegmentation without breaking the application, and Automated Network Policies to save time by automating Kubernetes network policies. 3.7 Kubernetes Operations Platform for Edge Rafay delivers a production-ready Kubernetes Operations Platform for Edge, streamlining ongoing operations for edge applications. It provides centralized multi-cluster management to deploy, manage, and upgrade all Kubernetes clusters from a single console across all edge nodes. In addition, it offers comprehensive lifecycle management, with which users can quickly and easily provision Kubernetes clusters at the edge, where cluster updates and upgrades are seamless with no downtime. Furthermore, the KMC for Edge quickly integrates with enterprise-class SSO solutions such as Okta, Ping One, and Azure AD, among others. Other features include standardized clusters and workflows, integration and automation, and centralized logging and monitoring. 3.8 Opcito Technologies Opcito provides simplified container management with efficient provisioning, deployment, scaling, and networking. Its application containerization expertise helps containerize existing and new applications and dependencies. Opcito is well-versed in leading container orchestration platforms like Docker Swarm and Kubernetes. While it helps choose the container platform that best suits specific application needs, it also helps with the end-to-end management of containers so clients can release applications faster and focus on innovation and business. The container management and orchestration services include: building secured microservices, Enterprise-scale Container Management and Orchestration, Orchestration, and Container Monitoring. 3.9 D2iQ Kubernetes Platform (DKP) D2iQ (DKP) enables enterprises to take advantage of all the benefits of cloud-native Kubernetes while laying the groundwork for intelligent cloud-native innovation by simplifying Kubernetes deployment and maintenance. It simplifies and automates the most difficult parts of an enterprise Kubernetes deployment across all infrastructures. DKP helps enterprises easily overcome operational barriers and set them up in minutes and hours rather than weeks and months. In addition, DKP simplifies Kubernetes management through automation using GitOps workflow, observability, application catalog, real-time cost management, and more. 3.10 Spektra Spektra, by Diamanti, a multi-cluster management solution for DevOps and production teams, provides centralized multi-cluster management, a single control plane to deliver everything needed to provision and manage the lifecycle of multiple clusters. Spektra is built to cater to business needs, from air-gapped on-prem deployments to hybrid and multi-cloud infrastructures. It also enables stretching resources across different clusters within the tenant. Furthermore, it allows you to move workloads and their associated data from one cluster to another directly from its dashboard. Spektra integrates with lightweight directory access protocols (LDAP) and Active Directory (AD) to enable user authentication and streamline resource access. In addition, it offers application migration, data mobility, and reporting. 4. Conclusion It is evident that Kubernetes and Docker can significantly boost software development and deployment productivity. By adopting appropriate containerization platforms and leveraging Kubernetes for orchestration, organizations can streamline workflows, improve efficiency, and enhance the reliability of their applications. Furthermore, following the tips to choose the tools or platform carefully can further improve productivity.

Read More

ProtonVPN iOS app now supports the OpenVPN protocol

Article | May 7, 2020

Your ProtonVPN iOS app is now better equipped to fight censorship and offers more flexible connection options with the launch of OpenVPN for iOS. The OpenVPN protocol is one of the best VPN protocols because of its flexibility, security, and because it is more resistant to blocks. You now have the option to switch between the faster IKEv2 protocol and the more stable and censorship-resistant OpenVPN protocol.

Read More
MORE ARTICLES

Spotlight

VBS IT Services

Your Exclusive Single Source for Avaya, Cisco, Nortel, TalkSwitch, IP PBX PHONE SYSTEMS, VoIP, 24X7 monitored NETWORK COMPUTER SERVICES, Virtual / Cloud solutions, Smartphone Integration, Hardware & CRM, Backoffice Software Solutions.

Related News

Virtual Desktop Tools, Virtual Desktop Strategies, Server Virtualization

Netskope Delivers the Next Evolution in Digital Experience Management for SASE with Proactive DEM

PR Newswire | September 01, 2023

Netskope, a leader in Secure Access Service Edge (SASE), today announced the launch of Proactive Digital Experience Management (DEM) for SASE, elevating best practice from the current reactive monitoring tools to proactive user experience management. Proactive DEM provides experience management capabilities across the entire SASE architecture, including Netskope Intelligent SSE, Netskope Borderless SD-WAN and Netskope NewEdge global infrastructure. Digital Experience Management technology has become increasingly crucial amid digital business transformation, with organizations seeking to enhance customer experiences and improve employee engagement. With hybrid work and cloud infrastructure now the norm globally, organizations have struggled to ensure consistent and optimized experiences alongside stringent security requirements. Gartner predicts that "by 2026, at least 60% of I&O leaders will use DEM to measure application, services and endpoint performance from the user's viewpoint, up from less than 20% in 2021." However, monitoring applications, services, and networks is only part of a modern DEM experience, and so Netskope Proactive DEM goes beyond observation, providing Machine Learning (ML)-driven functionality to anticipate, and automatically remediate, problems. Sanjay Beri, CEO and co-founder of Netskope commented, "Ensuring a constantly optimized experience is essential for organizations looking to support the best productivity returns for hybrid workers and modern cloud infrastructure, but monitoring alone is not enough. Customers have told us of the challenges they face managing a multi-vendor cloud ecosystem and so we have yet again innovated beyond industry standards, providing experience management that can both monitor and proactively remediate." For issue identification, Netskope Proactive DEM uniquely combines Synthetic Monitoring with Real User monitoring, creating SMART monitoring (Synthetic Monitoring Augmentation for Real Traffic). This enables full end-to-end 'hop-by-hop' visibility of data, and the proactive identification of experience-impacting events. SMART monitoring enables organizations to anticipate potential events that might impact upon network and application experience. While most SASE vendors rely on "gray cloud" infrastructure - built on public cloud - which limits their ability to granularly identify and control any issues, Proactive DEM leverages Netskope NewEdge - the industry's largest private cloud infrastructure - to deliver 360 visibility and control of end-to-end user experience while providing mitigation of issues, including using various self-healing mechanisms, before the user recognizes their experience has degraded. About Netskope Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

Virtual Desktop Tools, Server Hypervisors

Meter Partners with Cloudflare to Launch DNS Security

Business Wire | August 31, 2023

Meter, Inc., a leader in Network as a Service (NaaS) for businesses, today announced DNS Security, built in partnership with Cloudflare, the security, performance, and reliability company. Meter DNS Security is now widely available for all Meter Network customers, expanding Meter’s existing NaaS offering and saving teams both time and money, while also improving overall network performance and security, powered by Cloudflare’s Zero Trust platform. “With the number of devices on a network expected to triple by 2030, modern businesses and organizations demand enterprise network controls to ensure safety and peak performance for business critical functions,” said Anil Varanasi, CEO and co-founder of Meter. “Meter DNS Security is the latest example of how we’re continuing to offer our customers enterprise level networks end-to-end. Through our partnership with Cloudflare, we’re enhancing our capabilities to meet the needs of IT professionals at industrial warehouses, educational institutions, security firms, and more.” Meter DNS Security eliminates the hassle of having multiple vendors, by providing content filtering at several layers to all customers within the Meter Dashboard in partnership with one of the best providers in the world. “We’re proud to have Meter leveraging Cloudflare’s Zero Trust platform in a new way, offering our DNS filtering feature natively built into their Meter Dashboard,” said John Graham-Cumming, CTO, Cloudflare. “By building on Cloudflare's platform, Meter enables customers to manage their team’s operations at scale, as well as effectively enforce global corporate policies across diverse corporate spaces, such as offices, schools, and warehouses.” In addition to the ease and scalability of Meter DNS Security, users are ensuring security through enhanced compliance by blocking access to known malicious websites and bad actors. The integration and partnership with Cloudflare provides customers with faster DNS response times, while optimizing network performance by limiting access to high-bandwidth websites and services. Real world examples of this process include, but are not limited to: Ensuring a safe browsing environment at schools by filtering out age inappropriate content Optimizing network performance for warehouses by filtering high bandwidth activities like video streaming Maintaining high security and compliance standards by filtering malicious or illegal content “Tishman Speyer has successfully partnered with Meter to streamline the networking and Wi-Fi experience for our customers,” said Simon Okunev, Managing Director and Chief Information Officer, Tishman Speyer. “The addition of Meter’s DNS Security feature, powered by Cloudflare, will further benefit our customers by providing an additional layer of security.” About Cloudflare Cloudflare, Inc. is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.

Read More

Server Hypervisors, Vsphere

Napatech Leverages Latest Intel Agilex® FPGA to Launch Industry's first 400Gbps SmartNIC Solutions

prnewswire | August 29, 2023

Napatech™ (OSLO: NAPA.OL), a leading provider of programmable Smart Network Interface Cards (SmartNICs) and Infrastructure Processing Units (IPU) used in cloud, enterprise and telecom datacenter networks, today announced the availability of the Napatech's first 400Gbps programmable SmartNIC solutions, leveraging the latest Intel Agilex® 7 FPGAs to deliver best-in-class performance for applications in security, cloud services, network monitoring and recording. Enterprises and OEMs providing high-performance solutions for network monitoring and recording require NICs with a performance level that matches the high PCI Express (PCIe) bandwidth available in the latest servers such as those based on 4th Gen Intel Xeon® Scalable Processors. The new Napatech NT400 SmartNIC platform, based on the Intel® FPGA SmartNIC N6000-PL Platform, addresses this need through a PCIe Gen 4 16-lane host interface which enables full-duplex 2x100Gbps traffic between network ports and host applications. Similarly, for applications like the 5G packet core in telecom infrastructure that require high-bandwidth inline processing of network data, the NT400 platform sustains a total 400G of traffic over tens of millions of flows. The NT400 programmable SmartNIC platform includes two QSFP56 network ports, supporting up to 2x200G traffic with the flexibility to configure 10G, 25G, 40G, 50G, 100G and 200G network links. The SmartNIC hardware is complemented by Napatech's portfolio of production-grade software packages, including Link-Capture™ for use cases such as network monitoring and recording, Link-Virtualization™ that provides a virtualized data plane for cloud services and Link-Inline™ for inline applications such as 5G User Plane Function (UPF). These integrated solutions deliver a true "IT experience" whereby the user just installs the card and the software, immediately achieving seamless acceleration of their application with no requirement to directly program the SmartNIC itself. At the core of the NT400 platform is the Intel Agilex 7 FPGA F-Tile chiplet, which incorporates a configurable, hardened Ethernet protocol stack for supporting rates from 10G to 400G. Napatech chose the Intel Agilex 7 FPGA for a host of reasons, including scalability options that allow support for five different configurations that meet various price, performance, power and feature goals, tailored to specific customer applications and use cases. The F-Tile features are critical in enabling the NT400 to operate within the space and power limitations of standard servers deployed in network appliances, data centers and edge locations. "As the networking landscape continues to evolve, SmartNICs emerge as the predominant growth catalyst in the expansive NIC market, poised to reach $3.3 billion annually by 2025" said Manoj Sukumaran, Principal Analyst for Datacenter Compute and Networking at Omdia. "High bandwidth programmable Ethernet adapters require very fine optimization in hardware and software to ensure deterministic and predictable processing time and making them suitable for real-time networking applications. Napatech is among the very few vendors who could provide highly optimized SmartNICs and software solutions leveraging FPGAs from vendors like Intel, and deliver highly efficient network offload capabilities" he added. "The NT400 platform represents the latest generation within our portfolio of SmartNIC solutions," said Jarrod Siket, Chief Marketing Officer at Napatech. "We will deliver multiple SKUs based on this platform, providing products with memory configurations as well features like time synchronization and management ports that are precisely tuned to the requirements of our customers' applications, all packaged with the applicable production-grade software." "We are delighted to see Napatech choose the Intel Agilex 7 FPGA for their leading-edge SmartNIC solutions," said Mike Fitton, Vice President Programmable Solutions Group and General Manager, Network Business Division at Intel. "The combination of our FPGAs, which deliver high performance, and power efficiency plus a rich feature set for the most demanding applications, together with Napatech's production-grade hardware and software, helps ensure that customers can deliver leading solutions for a wide range of enterprise and telecom applications." About Napatech Napatech is the leading supplier of SmartNIC solutions used in cloud, enterprise, and telecom datacenters. Through commercial-grade software suites integrated with high-performance hardware, Napatech accelerates network infrastructure and security workloads to deliver best-in-class system-level performance while maximizing the availability of server compute resources for applications and services.

Read More

Virtual Desktop Tools, Virtual Desktop Strategies, Server Virtualization

Netskope Delivers the Next Evolution in Digital Experience Management for SASE with Proactive DEM

PR Newswire | September 01, 2023

Netskope, a leader in Secure Access Service Edge (SASE), today announced the launch of Proactive Digital Experience Management (DEM) for SASE, elevating best practice from the current reactive monitoring tools to proactive user experience management. Proactive DEM provides experience management capabilities across the entire SASE architecture, including Netskope Intelligent SSE, Netskope Borderless SD-WAN and Netskope NewEdge global infrastructure. Digital Experience Management technology has become increasingly crucial amid digital business transformation, with organizations seeking to enhance customer experiences and improve employee engagement. With hybrid work and cloud infrastructure now the norm globally, organizations have struggled to ensure consistent and optimized experiences alongside stringent security requirements. Gartner predicts that "by 2026, at least 60% of I&O leaders will use DEM to measure application, services and endpoint performance from the user's viewpoint, up from less than 20% in 2021." However, monitoring applications, services, and networks is only part of a modern DEM experience, and so Netskope Proactive DEM goes beyond observation, providing Machine Learning (ML)-driven functionality to anticipate, and automatically remediate, problems. Sanjay Beri, CEO and co-founder of Netskope commented, "Ensuring a constantly optimized experience is essential for organizations looking to support the best productivity returns for hybrid workers and modern cloud infrastructure, but monitoring alone is not enough. Customers have told us of the challenges they face managing a multi-vendor cloud ecosystem and so we have yet again innovated beyond industry standards, providing experience management that can both monitor and proactively remediate." For issue identification, Netskope Proactive DEM uniquely combines Synthetic Monitoring with Real User monitoring, creating SMART monitoring (Synthetic Monitoring Augmentation for Real Traffic). This enables full end-to-end 'hop-by-hop' visibility of data, and the proactive identification of experience-impacting events. SMART monitoring enables organizations to anticipate potential events that might impact upon network and application experience. While most SASE vendors rely on "gray cloud" infrastructure - built on public cloud - which limits their ability to granularly identify and control any issues, Proactive DEM leverages Netskope NewEdge - the industry's largest private cloud infrastructure - to deliver 360 visibility and control of end-to-end user experience while providing mitigation of issues, including using various self-healing mechanisms, before the user recognizes their experience has degraded. About Netskope Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

Virtual Desktop Tools, Server Hypervisors

Meter Partners with Cloudflare to Launch DNS Security

Business Wire | August 31, 2023

Meter, Inc., a leader in Network as a Service (NaaS) for businesses, today announced DNS Security, built in partnership with Cloudflare, the security, performance, and reliability company. Meter DNS Security is now widely available for all Meter Network customers, expanding Meter’s existing NaaS offering and saving teams both time and money, while also improving overall network performance and security, powered by Cloudflare’s Zero Trust platform. “With the number of devices on a network expected to triple by 2030, modern businesses and organizations demand enterprise network controls to ensure safety and peak performance for business critical functions,” said Anil Varanasi, CEO and co-founder of Meter. “Meter DNS Security is the latest example of how we’re continuing to offer our customers enterprise level networks end-to-end. Through our partnership with Cloudflare, we’re enhancing our capabilities to meet the needs of IT professionals at industrial warehouses, educational institutions, security firms, and more.” Meter DNS Security eliminates the hassle of having multiple vendors, by providing content filtering at several layers to all customers within the Meter Dashboard in partnership with one of the best providers in the world. “We’re proud to have Meter leveraging Cloudflare’s Zero Trust platform in a new way, offering our DNS filtering feature natively built into their Meter Dashboard,” said John Graham-Cumming, CTO, Cloudflare. “By building on Cloudflare's platform, Meter enables customers to manage their team’s operations at scale, as well as effectively enforce global corporate policies across diverse corporate spaces, such as offices, schools, and warehouses.” In addition to the ease and scalability of Meter DNS Security, users are ensuring security through enhanced compliance by blocking access to known malicious websites and bad actors. The integration and partnership with Cloudflare provides customers with faster DNS response times, while optimizing network performance by limiting access to high-bandwidth websites and services. Real world examples of this process include, but are not limited to: Ensuring a safe browsing environment at schools by filtering out age inappropriate content Optimizing network performance for warehouses by filtering high bandwidth activities like video streaming Maintaining high security and compliance standards by filtering malicious or illegal content “Tishman Speyer has successfully partnered with Meter to streamline the networking and Wi-Fi experience for our customers,” said Simon Okunev, Managing Director and Chief Information Officer, Tishman Speyer. “The addition of Meter’s DNS Security feature, powered by Cloudflare, will further benefit our customers by providing an additional layer of security.” About Cloudflare Cloudflare, Inc. is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.

Read More

Server Hypervisors, Vsphere

Napatech Leverages Latest Intel Agilex® FPGA to Launch Industry's first 400Gbps SmartNIC Solutions

prnewswire | August 29, 2023

Napatech™ (OSLO: NAPA.OL), a leading provider of programmable Smart Network Interface Cards (SmartNICs) and Infrastructure Processing Units (IPU) used in cloud, enterprise and telecom datacenter networks, today announced the availability of the Napatech's first 400Gbps programmable SmartNIC solutions, leveraging the latest Intel Agilex® 7 FPGAs to deliver best-in-class performance for applications in security, cloud services, network monitoring and recording. Enterprises and OEMs providing high-performance solutions for network monitoring and recording require NICs with a performance level that matches the high PCI Express (PCIe) bandwidth available in the latest servers such as those based on 4th Gen Intel Xeon® Scalable Processors. The new Napatech NT400 SmartNIC platform, based on the Intel® FPGA SmartNIC N6000-PL Platform, addresses this need through a PCIe Gen 4 16-lane host interface which enables full-duplex 2x100Gbps traffic between network ports and host applications. Similarly, for applications like the 5G packet core in telecom infrastructure that require high-bandwidth inline processing of network data, the NT400 platform sustains a total 400G of traffic over tens of millions of flows. The NT400 programmable SmartNIC platform includes two QSFP56 network ports, supporting up to 2x200G traffic with the flexibility to configure 10G, 25G, 40G, 50G, 100G and 200G network links. The SmartNIC hardware is complemented by Napatech's portfolio of production-grade software packages, including Link-Capture™ for use cases such as network monitoring and recording, Link-Virtualization™ that provides a virtualized data plane for cloud services and Link-Inline™ for inline applications such as 5G User Plane Function (UPF). These integrated solutions deliver a true "IT experience" whereby the user just installs the card and the software, immediately achieving seamless acceleration of their application with no requirement to directly program the SmartNIC itself. At the core of the NT400 platform is the Intel Agilex 7 FPGA F-Tile chiplet, which incorporates a configurable, hardened Ethernet protocol stack for supporting rates from 10G to 400G. Napatech chose the Intel Agilex 7 FPGA for a host of reasons, including scalability options that allow support for five different configurations that meet various price, performance, power and feature goals, tailored to specific customer applications and use cases. The F-Tile features are critical in enabling the NT400 to operate within the space and power limitations of standard servers deployed in network appliances, data centers and edge locations. "As the networking landscape continues to evolve, SmartNICs emerge as the predominant growth catalyst in the expansive NIC market, poised to reach $3.3 billion annually by 2025" said Manoj Sukumaran, Principal Analyst for Datacenter Compute and Networking at Omdia. "High bandwidth programmable Ethernet adapters require very fine optimization in hardware and software to ensure deterministic and predictable processing time and making them suitable for real-time networking applications. Napatech is among the very few vendors who could provide highly optimized SmartNICs and software solutions leveraging FPGAs from vendors like Intel, and deliver highly efficient network offload capabilities" he added. "The NT400 platform represents the latest generation within our portfolio of SmartNIC solutions," said Jarrod Siket, Chief Marketing Officer at Napatech. "We will deliver multiple SKUs based on this platform, providing products with memory configurations as well features like time synchronization and management ports that are precisely tuned to the requirements of our customers' applications, all packaged with the applicable production-grade software." "We are delighted to see Napatech choose the Intel Agilex 7 FPGA for their leading-edge SmartNIC solutions," said Mike Fitton, Vice President Programmable Solutions Group and General Manager, Network Business Division at Intel. "The combination of our FPGAs, which deliver high performance, and power efficiency plus a rich feature set for the most demanding applications, together with Napatech's production-grade hardware and software, helps ensure that customers can deliver leading solutions for a wide range of enterprise and telecom applications." About Napatech Napatech is the leading supplier of SmartNIC solutions used in cloud, enterprise, and telecom datacenters. Through commercial-grade software suites integrated with high-performance hardware, Napatech accelerates network infrastructure and security workloads to deliver best-in-class system-level performance while maximizing the availability of server compute resources for applications and services.

Read More

Events