SASE – THE VALUE OF EDGE SECURITY

Secure Access Service Edge (SASE), a cloud-based security architecture that prioritizes data protection over hardware or even enterprise networks, is fast gaining traction in our business. SASE is a networking and security as a service platform. Secure Access Service Edge is a term that was ordinally coined by analyst firm Gartner. It simplifies wide-area networking and security by delivering both as a cloud service directly to the source of connection rather than the enterprise data center.

Existing network approaches and technology just aren't capable of providing the amounts of security and access control that digital businesses demand. These companies expect that their users have quick, uninterrupted access, no matter where they are. With more distant users and software-as-a-service (SaaS) applications, data moving from the data center to cloud services, and more traffic moving to public cloud services and branch offices than returning to the data center, a new network security approach is needed.

The SASE security paradigm can benefit an enterprise in a variety of ways.

Flexibility:

Threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention, and next-generation firewall policies can all be implemented and delivered using a cloud-based architecture.

Cost-saving:

Using a single platform instead of buying and managing several point products will drastically cut your expenses and IT resources.

Reduced Complexity:

By unifying your security stack into a cloud-based network security service model, you can simplify your IT infrastructure by reducing the number of security products your IT team has to manage, update, and maintain.

Meaningful Risks

• Internal network traffic cannot be automatically trusted as legitimate, nor can we trust employees and partners to always be well-meaning and careful with systems and data.

• Cloud-first approach or Cloud-only policy will create critical risks if the implemented cloud services or solutions aren’t totally secure.

• SASE vendor's limitations to integrate with existing Services and third-party tools.

Best Practices

• A SASE solution must have simple policies and management. A single extensive Policy Engine is mandatory for the SASE solution

• Should be able to apply universal Security controls across cloud, Web, and IaaS

• Designing and delivering Policy-based Security services are mandatory, not just managing “security boxes”

• Network Security Architects should be engaged to plan for SASE

• SASE systems should be designed so that inspection engines follow the user session rather than the other way around.

• SASE solution should integrate with existing SIEM solution strategy

Read More : https://www.taliun.com/Security-Risk-Compliance

https://redd.it/nkkz53
@r_devops

kubeconfig on Gitlab

Hello all,

Can anyone help me guide me on how to generate kubeconfig file from the GitLab ci token? I am deploying applications on to Kubernetes via GitLab pipelines for which I require kubeconfig for authentication with the cluster? Is there an option on Gitlab to generate this file dynamically?

Thanks,

Abd

https://redd.it/nkijp7
@r_devops

Not sure what I want to do or they want

**Background**: I have couple of Certifications in my portfolio such as AWS, GCP and have experience of \~5 years in DevOps and it's related tools (terraform/ansible/aws/gcp/ci/cd/etc) with extensive knowledge of cloud and best practices.

**Foreground:**

* Looking forward to know about how you have incorporated DevSecOps in your organization, or what's the security model implemented in your organization?
* Is your organization security centric or busy printing money?
* Is there a dedicated security team in your org and what are their roles and responsibilities?
* How many of you are waiting for a data breach in your organization ?

**Question:**

* Will the organization only implement security best practices when a breach occurs? **Cause and Effect** scenario.
* Is your organization even considering security implementation or are they just turning a blind eye to it.
* Why doesn't organization understand that they are 1 breach away from ruining their reputation. some insights would be helpful.

**Note:**

* These are not survey questions. I want to know where do I need to focus on my career if the organization is not willing to take the high road of DevSecOps and/or Security.
* These questions' answers will differ from person to person in the hierarchy of org structure and will help looking from their point of view.

https://redd.it/nkk7l9
@r_devops

Certifications for cloud consulting

I'm currently pursuing my MBA at one of the top bschools in my country. I was a devops guy earlier and think that a cloud consultant is something that I would enjoy after getting a business degree.

Now to get into such a role, what kind of cloud certifications would be relevant and helpful? Certainly, a cloud devops certification won't be beneficial to my post MBA career anymore though it would prove my track record.

Are there certifications that cater to this role? Ref job opening: https://jobs2.deloitte.com/ui/en/job/E21BCCONRR-Strt

https://redd.it/nkhvdk
@r_devops

Chef

How to launch EC2 using chef?

https://redd.it/nkkel3
@r_devops

How to reassign a secondary NIC to become the primary and vice versa in azure?

is there a way to swap a primary network interface and a secondary network interface, so that the original primary NIC necomes the secondary, and the secondary becomes the primary?

https://redd.it/nl8y8w
@r_devops

Possible solutions for quickly spinning up servers based on new domains

Just a heads up, this question is more for me to know what to learn and study rather than a active problem I am trying to fix. So I have been applying to jobs recently and encountered a question that I didn't really have a automated solution to.

Lets say my client currently has a server running angular, react, etc. for the frontend and it is hosted on this domain: cali.xyz.com. They want to expand to other states but it requires a lot of time since a user has to manually create a brand new server, install all the dependencies, upload the code, hook up the new domain, etc., so they want to automate or simplify the process as much as they can since they will be creating one for each state within the US. This would be hosted on AWS if that helps.

How would you go about this? I was thinking of using Jenkins/CodePipeline to trigger a Docker container to automate the dependency installation part but I am lost as to how to automate or simplify the rest

Unrelated question but how did you guys get experience with devops? Was it through a course or just using the softwares themselves and playing around with them?

https://redd.it/nlpsn1
@r_devops

Making SQL Queries Faster on DoltHub

Just published a blog on improving the performance of SQL web queries on DoltHub. Web queries are a feature that enable users to execute SQL statements against public DoltHub databases. The database format, Dolt, is a versioned SQL database with Git semantics. You can think of DoltHub as the data equivalent to GitHub, and Dolt, basically a hybrid of Git and MySQL.

Anyway, we discuss how we've adjusted the storage layer of Dolt, to boost reads from S3, which helps more of the queries complete before timing out. Enjoy!
https://www.dolthub.com/blog/2021-05-26-improving-web-query-performance-dolthub

https://redd.it/nluf1n
@r_devops

JJ's Star Wars and the Importance of Creative Frameworks

Recently, I was reading this article where JJ Abrams talked about his regret of not having a plan in the storyline of the new Star Wars trilogy. https://collider.com/jj-abrams-star-wars-sequel-trilogy-plan-comments/


And it just recently occurred to me that the new Star Wars trilogy holds a perfect example of the pitfalls of collaborative creation without proper leadership and frameworks.


Yes, what they built was cool. Yes, it made lots of money. Yes, there were lots of great ideas. But because there was no framework, it ultimately lead to a product that is unstable and a bit of a letdown to the customer.


In many organizations, I see similar pitfalls. Can an enterprise create a viable product? Yes. Can it make lots of money? Yes. Will it stand the test of time and lead the industry? Probably for a little while. Until a competitor that does it better comes on to the scene.


Devops is often adopted by enterprises as a "silver bullet" for the problems that ail their hobbling S&T divisions, but it's often implemented without restructuring the organization as well. They believe if they can just put the most brilliant people in the right places, their product will flourish. However, this is often NOT the case. Rather, the product may come together after hours and hours of midnight work and extended deadlines, but the cycle of issues never dies. Instability will plague the product until they understand these concepts. Resources will also be depleted faster. Turnover will be more rapid and execs will see everything as a huge success but with little longevity to show for it.


In conclusion, Disney had every ingredient right there! But they squandered their opportunity because of a lack of a proper framework. Brilliance only gets you so far. Structure makes things last.

https://redd.it/nlosgd
@r_devops

Can you connect to AWS from CircleCI without AWS creds set as secrets in env variables?

Github provides AWS integration which means you don't have to rotate keys and can deploy though codepipelines, at least this is how I understand it.

Github also allows you to deploy self hosted runners into the AWS account for FREE. Another way of by passing AWS keys and their management.

Does the CircleCI AWS integration do the same? I read the docs but don't get it. Also the fact that CircleCI charges for self hosted runners is a joke.

Am I misunderstanding something? I asked support and they just suggested that I write a lambda to rotate keys and then change the env variables. Surely there is a better way!

https://redd.it/nluz51
@r_devops

DevOPS and change management

Just curious what everyone’s opinion is regarding DevOPS and change management.

I’m from an infrastructure background and used to seeing changes submitted, deployment plans/testing and approvals.

Today I had a conversation with a peer after an individual from another Team almost caused a large service outage - we were able to intervene before things went south. The conversation went basically like…

Me - …dude almost broke x-y-z. He didn’t tell anyone he was making these changes, review them or put in a change request.

Other guy - If DevOPS had to start doing change requests then it would defeat the purpose of DevOPS and being agile.

I didn’t really know what to say in the moment. Curious to hear what everyone else thinks about DevOPS and change management?

https://redd.it/nlyeme
@r_devops

How to run docker in GitHub self hosted runners?

So I can get docker running and I can get the image downloaded but then the workflow fails. Something about no HOME and dockercfg...

Is it even possible to set up a workflow with:

Container: some-image:latest

Like you would do for a GitHub hosted runner?

https://redd.it/nlm5yv
@r_devops

How Culture Impacts Technology Choice: A Review of Netflix’s Use of Microservices

Over the last year or so (ever since founding Komodor), I have read many books about culture, trying to make sure we build a great atmosphere in the company from the foundation. One of the books I liked most is no rules rules. Not only is this a GREAT book (and not techy at all), but It also made me think about the rise of microservices, devops, why I (think) it worked for Netflix, and why most companies need to be more careful: https://thenewstack.io/how-culture-impacts-technology-choice-a-review-of-netflixs-use-of-microservices/


The book itself is super recommended for anyone more interested in devops as a movement to empower other people in the organization, and I think it can also help when making tech decision :)

https://redd.it/nlzzqz
@r_devops

Am I too inexperienced to be a DevOps engineer?

I recently got an offer to join as a DevOps Engineer at a AWS Premier Partner firm. But I'm not exactly sure if I have the right foundations to succeed in it though.


I graduated last year with a bachelors in CS, and Covid took away all my good dev offers, and I ended up as a dev at a tiny place with no testing, no CI/CD, no IAC, etc. I started off as a backend dev, did that for a few months. Then volunteered to research and integrate testing frameworks, and wrote all the initial unit tests. Development was very slow we had to wait for an outside consultant and come and fix things when stuff broke.


Out of necessity, I then learnt a bunch of stuff about AWS, and moved the application to it, and implemented CI/CD using CodePipeline, later wrote all of this stuff to Cloudformation. Containerized the application and threw it on ECS, etc. I also got AWS Associate certs using all this experience.


Now a year later, I was looking to change jobs for better pay and got this offer which doubles my salary. I'm happy about the salary, but I'm incredibly scared of getting not being able to live up to it.


If you take me out of AWS, I know nothing. And everything I've done, I've done it only one way with AWS services. I don't know anything about Ansible, Terraform, etc etc etc. The only best practices I know are the very specific ones I researched to implement the specific things at work.


I looked at all the junior DevOps engineers at the firm I'm joining on LinkedIn and the person with the least amount of experience has like 7 years of dev experience. Some of em were sysadmins for years. I know zero stuff about sysadmin. Maybe bare basics about networking, nothing about hardware, switches or anything.


The only thing I'm skilled at is coding skills: I can pick up languages very fast, and I can read and understand codebases very fast. At my current work, this helped me a lot. Since I knew the codebase and was aware of the features being developed, I could usually just guess what and who broke the system with intuition.


I've read that DevOps is a mid career role for highly experienced developers/sysadmins. Am I shooting myself in the foot by leaving development (something I feel confident at) one year out of college? I kinda feel like a jack of all trades, and master of none who just learned a bunch of buzzwords and tricked a company into hiring me.

https://redd.it/nldci3
@r_devops

SFTP versus SSH - one working, one not

Hi,

I'm able to connect to a remote server using SFTP on port 22 with a username and password.

But when I try to SSH connect to the same remote host, I briefly see the welcome message and then it says the connection was closed.

I'm kind of confused by this since they're both over the same port. And the credentials I'm using are the same.

https://redd.it/nlnoo1
@r_devops

How to run bash commands in Jenkins and not go insane with escaping characters?

I have been trying to run some bash commands on multiple servers through JenkinsFile(s). A sequence of pipes involving awk, grep, find etc.

The problem that I have facing is escaping characters in it. While trying to find solutions I came across

https://gist.github.com/Faheetah/e11bd0315c34ed32e681616e41279ef4

This helped a bit. But the problem is when I have single quotes, double quotes, dollars or slashes I spend an inordinate amount of time trying to find the right escape sequence. And the result is hardly readable and thus hard to maintain.

I tried to create a bash file on the server through Jenkins, running it and doing cleanup. But that also had it's own set of escape character issues.

Is there a guide or some articles which delve into this problem? Something with best practices so that I don't waste time fighting escape characters? If I do so many escape characters then it would be hard to edit or understand for anyone unless they also understand the idiosynchrasies of Jenkins. Looking for some best practices which leads to maintainable code.

https://redd.it/nlglbx
@r_devops

Packer + proxmox + ubuntu 20.04.2 autoinstall woes

I have hit some kind of wall with packer builds on a proxmox system. I'm modifying working code that works on VMware locally, vcenter or directly vsphere, but simply fails on my home proxmox node.

The issue is with the autoinstall. I feed it boot commands but it's almost as if it doesn't ever hit enter at the end, and winds up going to the language selection screen.

The relevant code:

 json
      "boot_command": [
        "<enter><enter><f6><esc><wait>",
        "autoinstall ds=\"nocloud-net;seedfrom=https://{{.HTTPIP}}:{{.HTTPPort}}/\"<enter><wait>",
        "<wait><enter>"
      ],
      "boot_wait": "5s",

I've tried probably a dozen different boot command sections from various google answers, but each ends at the same screen.

I call autoinstall in the user-data as well, and like I said, the exact same user-data works find for VMware builds.

Anyone have any ideas or successful examples?

https://redd.it/nlkat8
@r_devops

#002: Weekly Towards AWS Newsletter 🚀

At Towards AWS, we are working so hard to bring quality articles to AWS builders just like you. Last week, we started a newsletter to send the best articles of the week.

Today we released issue #002. Please have a read.

https://towardsaws.com/002-weekly-towards-aws-newsletter-fdbe55d3c7b1

https://redd.it/nm474x
@r_devops

The Mysterious Gotcha of gRPC Stream Performance

At Ably, we use gRPC to streamline our messaging service. But recently, the performance of a gRPC streaming server was worse than expected, so our realtime engineering team rolled up their sleeves and went sleuthing in-house.

This is the full recap, by Paul Cruikshank, one of our Distributed Systems Engineers:

The Mysterious Gotcha of gRPC Stream Performance

https://redd.it/nlf7ip
@r_devops

Hikaru 0.5b released; now with high-level CRUD-style methods for calling Kubernetes

Hikaru's CRUD methods simplify your code and provide the ability to use top-level objects as context managers that can optionally roll back objects to a previous state upon failure. The release includes a number of other requested enhancements and bug fixes.

https://pypi.org/project/hikaru/

https://redd.it/nm5rn9
@r_devops

SOLID Design Principles: The Guide to Becoming Better Developers

Product owners don’t always understand the implications of bad software design, as the burden falls on engineers to consider the best principles of software design.

Let's dive into the 5 SOLID software development principles that will guide you to write code that’s easy to maintain, read and understand, and make it easier to extend the system with new functionality without breaking the existing ones.

Read the full article here: https://adevait.com/software/solid-design-principles-the-guide-to-becoming-better-developers

Note: This post contains a YouTube video from Laracon's EU conference in Amsterdam that goes fully into detail about this important principle. Hope you'll enjoy it and find it useful. 🙏

https://redd.it/nm73ng
@r_devops