More and more enterprise organizations are planning and deploying into cloud platforms. This trend is occurring despite organizations historical push-back on cloud services claiming that they are less secure than private on-premises data centers. Even though there is evidence to suggest that cloud application attacks are on the rise, there are best practice methods to secure cloud services. On one hand, internal data center services may be tucked nice and neat behind the corporate perimeter firewall, there is evidence that many enterprises do not secure their systems adequately. On the other hand, even though a cloud serve may be out-of-site and virtualized in a hyperscale multi-tenant data center, patching and solid discipline can make them secure. Now that enterprises have a clearer understanding of cloud services and how to secure them, there are now commonly accepted methods to help make clouds more secure. The appearance of cloud security training and certifications is helping organizations securely consume cloud services.
Stories by Scott Hogg
OpenFlow is a Software-Defined Networking (SDN) protocol used for southbound communications from an SDN controller to and from a network device. OpenFlow is the protocol used to inform the topology of network switches on which flows should be added to their flow tables and advise switches how they should handle traffic flows that are not in the current flow tables. Initially, OpenFlow did not have any definition for handling IPv6 communications. Now, newer OpenFlow versions have IPv6 capabilities and more vendors are deploying products that use the newer OpenFlow versions. This article goes over the IPv6 functions within the OpenFlow protocol and describes how these are being used.
The way we have created IT systems over the years has been very linear with each individual component being statically configured. If a human makes an error in any one of the many configurations, then the whole system breaks down. Over the years, IT systems have become increasingly complex with multiple layers of abstraction and virtualization making it difficult to enforce stability and gain scalability. Promise theory provides a new way to think about how IT systems rely on each other to form an entire system that businesses can depend. This article will cover the foundation concept of promise theory and give examples of how it is used.
We are in an awkward point in the history of the Internet. <a href="http://www.networkworld.com/community/blog/impact-ipv4-address-exhaustion-security-ipv4-">IPv4 address depletion</a> has occurred yet we expect to use IPv4 for the next 15 to 20 years. Organizations see two paths before them. One alternative is to use continue to use IPv4 and expect to use multiple layers of network address translation (NAT) for many years to come. The other alternative is to start to use IPv6, however, the majority of enterprise organizations and content providers have not embraced the protocol.
IT execs know they will have to deploy IPv6 at some point, but where to begin? One approach that establishes some <a href="http://www.networkworld.com/news/2009/073009-ipv6-guide.html">IPv6</a> capability without spending a lot of time or money is to start at the perimeter.
The key difference between Application Delivery Controllers (ADC) is the way they can be integrated into your organization's network topology. Most organizations may deploy a <a href="http://www.networkworld.com/topics/server.html">server</a> load balancer/ADC in-line as a Layer-3 reverse-proxy-server.
Cisco Subnet blogger Scott Hogg names his favorite free open source tools to keep your network humming.
IPv6 was delivered with migration techniques to cover every conceivable IPv4 upgrade case, but many were ultimately rejected by the technology community, and today we are left with a small set of practical approaches.