HashiCorp | October 10, 2022
HashiCorp, Inc. a leading provider of multi-cloud infrastructure automation software, today announced the general availability of HashiCorp Cloud Platform (HCP) Boundary, a secure remote access product. With this release, Boundary joins HCP Vault and HCP Consul to provide the industry’s first zero trust security solution to secure applications, networks, and people built for the cloud.
As organizations move to the cloud and adopt cloud operating models, they require a different approach to security — commonly referred to as zero trust security — where the default security posture is to trust nothing, authenticate and authorize everything. But the gap between legacy security postures and the accelerated move to the cloud is contributing to a significant increase in security breaches. According to the HashiCorp State of Cloud Strategy Survey, 89% of respondents believe security is the number one determining factor for cloud success, which is driving organizations to adopt zero trust security postures.
HashiCorp’s approach to zero trust security focuses on using identity to secure applications, networks, and people across multiple clouds, on-premises, and hybrid environments, which reduces the attack surface and automates complex security workflows. This ensures people, machines, and services are authenticated, every action is authorized, and data is protected.
“As organizations continue to expand their cloud estates, they must shift their security strategies to keep up with the growth and complexity of applications, network components, and cloud-based systems, At HashiCorp, we have always believed that identity is the foundation for zero trust security for applications, networks, and users. With HCP Boundary, companies now have a modern solution for privileged access management, securing access in dynamic, ephemeral environments for their workforce. We think we’ve reached an important milestone for our customers by delivering a security solution built for today’s threat and infrastructure landscape.”
Armon Dadgar, co-founder and CTO, HashiCorp
As organizations move out of traditional datacenters and into multiple clouds, hybrid, and edge environments, securing their infrastructure becomes more complex at scale. The HashiCorp zero trust solution covers all three of these aspects:
Applications: HashiCorp Vault provides a consistent way to manage application identity by integrating many platforms and identity providers. Vault enables fine-grained access control and authorization between applications and databases, including dynamically rotating credentials, PKI certificates, and API tokens, while also ensuring application data is always secure in transit and at rest.
Networks: HashiCorp Consul secures network traffic between applications and services, enabling fine-grained access control policies, observability, and traffic shaping. Consul integrates with Vault’s identity platform to leverage application identity for the policies and to allow dynamic PKI.
People: HashiCorp Boundary ensures the right people have access to the right systems and cloud services while removing the need to distribute and issue credentials, expose private networks, or manage static credentials. Boundary integrates with Vault to issue just-in-time credentials and ensure ephemeral access to critical systems.
General Availability of HCP Boundary
HCP Boundary provides a secure remote access solution for a cloud operating model, offering improvements over existing software-defined perimeter (SDP) solutions, like VPNs, and privileged access management (PAM) solutions that are IP-driven and highly manual. With HCP Boundary, teams gain fine-grained authentication and authorization controls, rapid user onboarding, and automated workflows for target discovery and credential management for ephemeral resources. As a cloud-based service, HCP Boundary benefits organizations struggling with security as they transition to the cloud, driven by people and skills shortages.
HCP Boundary allows teams and users to access the critical systems they need while abstracting the session connection, establishment, credential issuance, and revocation. Boundary provides operations and security teams the ability to dynamically pull in cloud service catalogs and on-premises resources and map out policies to which systems, users, and groups should have access. To do this Boundary leverages Vault to provide passwordless connections, and after each use revokes the credentials. This helps ensure critical information like credentials, networks, and resources are never exposed to the user or outside actors.
In addition to core secure remote access capabilities, Boundary also offers:
Identity platform integration with Microsoft Azure Active Directory and Okta, along with many other identity platforms that support OpenID Connect to onboard trusted identities and delegate authentication
Role-based access control (RBAC) to provide broad or fine-grained access to people throughout your organization
Passwordless authentication for seamless integration with dynamic secrets and Vault
Automated service discovery for streamlined discovery and configuration of targets. Dynamic host catalogs are currently available with Microsoft Azure and AWS, as well as direct HashiCorp Terraform integration to pull in resources under management
Session visibility and logging to get insights into session metrics, events, logs, and traces with the ability to export data to business intelligence and event monitoring tools
HashiCorp is a leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows and create a system of record for automating the cloud: infrastructure provisioning, security, networking, and application deployment. HashiCorp’s portfolio of products includes Vagrant™, Packer™, Terraform®, Vault™, Consul®, Nomad™, Boundary™, and Waypoint™. HashiCorp offers products as open source, enterprise, and as managed cloud services. The company is headquartered in San Francisco, though most of HashiCorp employees work remotely, strategically distributed around the globe.
Verizon | December 09, 2022
Verizon, the leader in Virtualized Radio Access Network (VRAN) innovation, announced today it has extended its network virtualization efforts with the addition of the first Ericsson virtualized cell site (also referred to as Ericsson Cloud RAN), with support from Intel and RedHat providing the processing and cloud-native orchestration functions.
The advancements in Radio Access Network virtualization allows Verizon to rapidly respond to customers’ varied latency and computing needs, and provides greater flexibility and agility in the introduction of new products and services. The move to a cloud-native, virtualized architecture with standardized interfaces in every part of the network leads to greater flexibility, faster delivery of services, greater scalability, and improved cost efficiency in networks. Verizon has been a global leader in virtualizing its network, announcing recently it already has 8,000 cell sites already virtualized in its network with an eye towards virtualizing 20,000 sites.
Virtualizing the far edge of the RAN – the cell sites closest to the customer - is a function of decoupling the hardware and software associated with a cell tower and transitioning the software so that it’s not just stored in the cloud, but is designed for a cloud-native architecture and operation.
Just this week, Verizon and Ericsson published a position paper outlining the optimal technology path for VRAN in order to maximize the performance and efficiency of the network, disaggregate hardware from software, and simplify deployment wherever possible. This technology is built into the first Ericsson virtualized cell site deployed in the Verizon network.
Components of VRAN
Verizon coordinated with many ecosystem partners to welcome Ericsson’s first virtualized cell site.
Ericsson provided its commercial 5G Cloud RAN solution, consisting of a virtualized Central Unit (vCU), a virtualized Distributed Unit (vDU), and radio units. This software-based 5G Cloud RAN solution spans across all of Verizon’s frequency bands, utilizing both FDD and TDD 5G spectrum assets, including Massive MIMO support for C-band and interconnecting previously deployed equipment to enable Ericsson Spectrum Sharing between LTE and NR carriers. The Ericsson Cloud RAN solution offers Verizon efficiency and in network deployment and operational management transformation.
Intel provided its 3rd Gen Intel Xeon Scalable processor, Intel vRAN Dedicated Accelerator ACC100 and Intel Ethernet Network Adapter E810 to deliver the processing, acceleration and connectivity requirements.
Red Hat provided Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to manage their fleet at scale in collaboration with Red Hat Consulting. As part of the solution, Red Hat Advanced Cluster Management delivers cloud-scale manageability by configuring the 5G RAN using a Distributed Unit (DU) profile, which deploys real-time OS kernel optimizations to run vRAN and other cloud-native application workloads from a single console. Red Hat OpenShift also incorporates zero-touch provisioning to enable distributed deployment at scale required to operate a large scale RAN.
Virtualization paves the way for exciting innovation
Verizon has been leading the way in virtualization with its vendor partners for years. Verizon began the journey by virtualizing the core of its network. In the years since, Verizon has been working with partners in lab trials and field tests and has been deploying cloud-based cell sites, building programmability into the network to meet the needs of today’s 5G customers and 5G solutions of tomorrow.
Key 5G use cases focused on providing the best, most efficient network for customers, will heavily rely on the programmability of virtualized networks. Networks must serve IoT devices that do very little networking and stay in place, smartphones with infinite opportunities to use data in a highly mobile environment, and complex solutions like Augmented Reality that require massive computing capabilities on the edge of the network. These various network solutions rely on a correlated variety of resources from the network, which until recently have been defined rigidly and manually. Using orchestration and automation capabilities at scale on virtual infrastructure, Verizon automates network configuration changes and resource scaling dynamically based on demand. This is one of the greatest benefits of virtualizing a network - essentially building programmability into the network.
Verizon Communications Inc. (NYSE, Nasdaq: VZ) was formed on June 30, 2000 and is one of the world’s leading providers of technology and communications services. Headquartered in New York City and with a presence around the world, Verizon generated revenues of $133.6 billion in 2021. The company offers data, video and voice services and solutions on its award-winning networks and platforms, delivering on customers’ demand for mobility, reliable network connectivity, security and control.
VIRTUAL DESKTOP STRATEGIES
MacStadium | September 28, 2022
MacStadium, the industry-leading Mac private cloud and software-as-a-service provider enabling all macOS workloads, today announced the debut of Orka Workspace to enable high-performance, secure desktop access to cloud-hosted macOS environments — anytime, anywhere and by any device. The unveiling occurs during the 2022 Jamf Nation User Conference (JNUC) occurring from Sept. 27 through Sept. 29 at the Hilton San Diego Bayfront hotel.
Companies need to find secure and flexible ways for their employees to access secure work computing environments from anywhere, especially now that 58 percent of American workers work remotely at least one day a week. Orka Workspace represents a revolution in secure desktop virtualization. Until now, no such option existed in the Mac ecosystem.
“We are excited to reveal the full advantages of MacStadium’s Orka Workspace platform at JNUC 2022 the largest gathering of Apple enthusiasts in the world, Orka Workspace’s introduction is nothing short of a paradigm shift for professionals who work in Mac environments, giving organizations the ability to easily and securely manage user workspaces wherever they may be, and on any device.”
Chris Chapman, MacStadium’s senior vice president and chief technology officer
Orka Workspace is designed to connect and manage your macOS computing environment. It uniquely solves Mac virtualization complexities and IT teams’ Mac-virtual secure desktop needs. It leverages MacStadium’s Orka Platform to provide unmatched macOS virtual-machine provisioning and scalability.
For more than a decade, MacStadium has supplied reliable private clouds and dedicated resources for macOS workloads, combining patented technology, proprietary configurations and unparalleled expertise in Apple infrastructure. MacStadium has the capability to meet the needs of all customers from individual developers to Fortune 100 companies. DevOps engineers, SaaS professionals, iOS developers, mobile-testing teams and enterprise users rely on MacStadium for its guaranteed uptime with expert support and data centers located worldwide.
MacStadium to Present and Demo Orka Workspace at JNUC 2022
JNUC has hosted Apple administrators for more than 10 years. Attendees may look forward to expert product insights, demos, deep-dive education sessions, community camaraderie and presentations. Apple IT professionals, users and InfoSec leaders, in particular, will have the chance to learn new, improved ways to manage and secure Apple devices, simplifying workflows and augmenting worker productivity.
Founded in 2011 and headquartered in Atlanta, MacStadium is a private cloud and software-as-a-service leader delivering scalable and secure enterprise cloud solutions exclusively for macOS. The company’s suite of advanced software-enabled infrastructure, combined with its innovative technology, delivers the security, performance, reliability and flexibility its customers require for successful app development on Apple devices. Powered by MacStadium, Orka (Orchestration with Kubernetes on Apple) is the only virtualization layer available for Mac build infrastructure based on Docker and Kubernetes technology. MacStadium is a Summit Partners portfolio company with growing operations in Las Vegas, Silicon Valley and Dublin, Ireland. Additional operations are scheduled to come online in Mumbai, India in early 2023.