Connect with us

Networks

Windows Server to require TPM2.0 and Secure boot by default in future release

Avatar

Published

on

Microsoft has announced that the next “major release” of Windows Server will require TPM 2.0 and Secure Boot installed and enabled by default.

“These requirements apply to servers where Windows Server will run, including bare metal, virtual machines (guests) running on Hyper-V or on third party hypervisors approved through the Server Virtualization Validation Program (SVVP),” writes Microsoft’s Windows Server Team.

“Looking ahead, Secure boot and TPM2.0 will serve as the core building blocks for Windows Server security and provide customers with strengthened baseline security for systems available from the ecosystem,” Microsoft’s post adds. “The enforcement of these requirements will be applied to new server platforms introduced to market after January 1, 2021.”

It’s hard to argue against the change because Secure boot is a more-than-useful way of ensuring that servers boot into know and trusted environments. TPM2.0 has been all-but-standard since 2016 for PCs. Making it a requirement for the sensitive jobs Windows Server is asked to undertake ought not to be controversial.

There is, of course, some pain in this announcement because it will limit upgrade paths for some users.

But Microsoft appears to know this as its post says: “Existing server platforms will include Additional Qualification certification to help customers identify systems that meet these requirements, similar to the current Assurance AQ for Windows Server 2019 today.”

However the post doesn’t offer any detail about whether the “major release” of Windows Server 2019 it mentions is the H2 update that users of the semi-annual channel expect in a few months, or something else. ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/06/15/windows_server_hardware_security/

Networks

Oracle aims high-end cloudy database release at existing customers in ‘defensive’ move

Avatar

Published

on

Oracle has brought out a new Exadata Cloud Service based on the Exadata X8M platform, bringing its high-end persistent memory feature to the cloud. Well, Oracle’s cloud at least.

The transactional and analytics database system Exadata X8M was first released last year in a launch Oracle claimed would reduce IO latency by up to 10 times with its use of persistent memory and remote direct memory access (RDMA) over Ethernet.

Bringing the system to the Exadata Cloud Service makes it available on a consumption basis in the Oracle cloud, including 26 global cloud regions and its on-prem service, Cloud@Customer. The omnipresent enterprise computing biz claimed it could help run applications needing multiple workloads and data types in a single converged Oracle Database, avoiding integration of multiple different database services.

Oracle claimed this meant 2.5 times higher transaction processing IOs, and 10 times better IO latency than its previous Exadata Cloud Service release.

The Exadata Database Machine started life in 2008 as an in-memory database appliance that supports OLTP (transactional) and OLAP (analytical) database systems. It was the result of a collaborative project between Big Red and HP (as it was then known), but was later ported to Sun hardware. A version has been available on Oracle Cloud since 2015.

David Floyer, CTO at Wikibon, said that with IO latency of around 20 microseconds and a 25 PB data warehouse available, Wikibon assessed it as the “highest-performance cloud database service available.”

Regardless of its performance, part of the positioning is to boost Oracle in the cloud market, as it was with the Zoom deal earlier this year, said Philip Carnelley, associate vice president of software research at IDC.

It would suit Oracle’s existing customers who want options in the cloud, he added.

“If you’ve already got loads of Oracle everywhere, then it’s becoming more viable to move what you want into the cloud: that’s their big thrust. There is such a huge install base of Oracle, it’s offering them everything in the cloud, on prem, or wherever they want it. From Oracle’s point of view, it could be seen as defensive. This will appeal to very large organisations with a very large investment in Oracle,” he said.

Carnelley said businesses were looking to move to the cloud as soon as possible, while at the same time IT departments would be reluctant to abandon their existing investments. “If it ain’t broke, don’t fix it: you don’t want to change too many things and fewer things you have to change, the better,” he said.

But outside Oracle’s install base, the appeal becomes less certain. In transaction systems Oracle would go up against IBM’s Db2 and SAP’s in-memory HANA database, both of which are available on the public cloud from the usual suspects.

On the analytical systems, Oracle must compete with cloud-native data warehouses such as Snowflake, AWS’s Redshift, Google’s BigQuery and Microsoft’s Synapse. ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/10/16/oracle_cloudy_db/

Continue Reading

Networks

OpenStack’s 10th birthday is next week, but you get the present of a new release today!

Avatar

Published

on

On October 21st, 2010, something new hit the world of enterprise infrastructure software: it was free software called OpenStack “Austin” and comprised the Nova VM-wrangler and the Swift Object store.

Enthusiasm for OpenStack has waxed and waned since. In its early years the project’s openness saw the likes of Cisco, Rackspace and HPE tout it as a better alternative than proprietary clouds from AWS Microsoft.

We know how that turned out: AWS, Azure and Google dominate the cloud and while OpenStack runs plenty of colossal web companies, the project’s own user surveys suggest that the majority of deployments are at organisations with between 100 and 10,000 employees.

China turned out to be a big part of the OpenStack story: its web giants Baidu and Tencent are known users, while the nation’s big three telcos – China Mobile, China Telecom and China Unicom – also adopted the stack. They’ve adopted it because OpenStack now offers over 40 modules that are collectively capable of doing just about anything a cloudy or webscale stack requires.

The Register will properly assess OpenStack’s first decade soon, but for now we need to consider the project’s 22nd major release, dubbed “Victoria”, which landed earlier this week.

The new release includes over 20,000 code changes by 794 developers from 160 different organisations and over 45 countries.

The OpenStack Foundation rates improved Kubernetes support, including support for containerised network functions, as among its most important new additions. More FPGA support has been added, specifically for Intel and Inspur accelerators, just in time for the SmartNIC craze to crest. And because too much security is seldom enough, the Octavia module now supports HTTP/2 over TLS using Application Layer Protocol Negotiation (ALPN).

The Ironic module, dedicated to provisioning bare metal servers, has a new communications flow for agent tokens that should make it safer to communicate with devices on the edge. Ironic had a 66% increase in activity compared to the OpenStack Ussuri cycle, and added more security for edge deployments by combining the communication flow for agent token which was added in Ussuri with the automatic agent TLS feature. Now, malicious attackers are unable to possibly intercept the “token” and through standard communication exchanges with the Ironic services. The Foundation also highlighted the following enhancements for “complex networking issues”:

  • The SDN module Neutron now provides metadata service over IPv6 and has added support for flat networks for Distributed Virtual Routers (DVR), Floating IP port forwarding for the OVN backend, and router availability zones in OVN.
  • Load-balancing module Octavia now support version two of the PROXY protocol.
  • Container networking module Kuryr has added support for autodetection of VM bridging interface in nested setups.

OpenStack has published a full list of enhancements present in Victoria here. The next OpenStack release has been named “Wallaby” and should hop into view in April 2021. The release’s timeline and goals can be found here. ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/10/16/openstack_victoria/

Continue Reading

Networks

Your web browser running remotely in Cloudflare’s cloud. That’s it. That’s the story

Avatar

Published

on

Network services giant Cloudflare wants to host your web browser in the cloud so it can send you only safe content.

On Thursday, the biz invited customers to sign up for the beta release of its Browser Isolation service, a third component in its evolving Cloudflare for Teams offering that came from S2 Systems, a Kirkland, Washington-based startup acquired earlier this year.

Browser isolation generally involves running a headless web browser – the browser foundation without its graphic interface – on a remote server, now commonly referred to as “the cloud,” and then buffering its visual output in some kind of format to send to software on the user’s computer to display. Scrubbing the web content of bad stuff before it’s rendered is a possibility, too, and that’s what Cloudflare’s Browser Isolation appears to do.

There are also client-side variations like Apozy’s Native Browser Isolation, and HP-acquired Bromium (now HP Sure Click), which relies on running browser tasks inside a hardware-isolated micro virtual machine.

Lord_Of_the_Rings_ring

Cloudflare floats cloud grand unification theory based on zero-trust access and security

READ MORE

Browser quarantine regimes have won corporate fans as a way to mitigate web-based security threats, and also to manage how workers interact with the unwholesome web. Think of web content as a package containing a bomb; if it explodes, you’ll wish you opened it in a concrete, reinforced bunker so that adjacent bunkers and buildings aren’t taken out. That’s browser isolation: containing any malicious stuff that spills into and out of the browser on your employees’ PCs.

Companies playing in the browser isolation market like Authentic8, Broadcom (Symantec), Menlo Security, and Webgap, among others, generally point to business-justifying stats compiled by consultancies.

Cloudflare, for instance, cites Gartner’s 2018 claim that web browsers are the source of 70 per cent of endpoint compromises. The IT research firm, declaring the public internet “a cesspool of attacks,” also projected that by 2022, 25 per cent of enterprises will adopt browser isolation technology for high-risk users and specific use-cases, up from one per cent in 2017.

Tim Obezuk, principal solutions engineer at Cloudflare, contends that Cloudflare Browser Isolation has an advantage over other approaches that rely on pixel pushing or DOM reconstruction. The former involves streaming rendered screen pixels to a remote user (slow) or loading pages remotely, checking them, then repacking and relaying them to a remote client (misses threats and prone to errors).

“Instead of streaming pixels to the user, Cloudflare Browser Isolation sends the final output of a browser’s web page rendering,” said Obezuk in a blog post. “The approach means that the only thing ever sent to the device is a package of draw commands to render the webpage, which also makes Cloudflare Browser Isolation compatible with any HTML5 compliant browser.”

Cloudflare Browser Isolation relies on Network Vector Rendering (NVR) technology from its S2 Systems acquisition. This intercepts the draw commands directed at the the remote Chromium browser’s Skia graphics rendering layer, then encodes, compressed, and encrypts them in a highly compact form before sending them to the remote client browser – which can be any HTML5-compliant browser (e.g. Chrome, Edge, Firefox, Safari).

Using an NVR WebAssembly library with an embedded Skia library that has been pushed to the local web browser, the transmitted draw commands can be unpacked, decrypted, and replayed with speed that approaches native device code.

It’s an approach that looks like it could work well given Cloudflare’s edge-centric network – with more than 200 data centers around the globe, latency between the user and the Cloudflare Browser Isolation host is likely to be less than it would be for a service operating under a more centralized network architecture.

We asked Cloudflare if browser add-ons will fit into its isolation approach, and a spokesperson told us:

If hosted browsers of this sort catch on, it may be time to stop referring to them as “user-agents” and call them something more accurate like “admin-agents.” ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/10/15/cloudflare_browser_isolation/

Continue Reading
Energy1 hour ago

BioMicrobics Acclaimed by Frost & Sullivan for Its Continuous Innovation-led Growth in the Water and Wastewater Treatment Market

Energy2 hours ago

SME Education Foundation Seeks Industry Involvement for Unadilla Valley High School Initiative to Create STEM Opportunities for Students

Energy2 hours ago

Verisem Acquires State-of-the-Art Vegetable Seed Processing Facility, Further Enhancing Capabilities

Energy2 hours ago

Global Synthetic and Bio Based Polypropylene Market 2020-2026 Growing Demand in the Automotive Industries

AR/VR3 hours ago

AI-Driven Dynamic Filmmaking is the Future

Energy3 hours ago

Growing Concerns around Global Warming Are Set to Drive Hypercar Market Forward: TMR

AR/VR4 hours ago

Angry Birds VR and Acron: Attack of the Squirrels Gear up for Halloween

Crowdfunding5 hours ago

This Is a $103 Billion Profit Opportunity

Energy5 hours ago

Power Plant Boiler Market by Type, Capacity, Technology, Fuel Type, and Region – Global Forecast to 2025

Energy5 hours ago

Rising Phoenix Royalties Announces Second Yoakum County, Permian Basin, Oil and Natural Gas Royalty Acquisition

Energy5 hours ago

Chem-Dry Grows Amid Pandemic with Signed Agreements to Open 64 New Franchises Across the Nation

Energy5 hours ago

Key Trends and Recent Innovations in Powder Bed Fusion, IDTechEx Identifies

Blockchain News5 hours ago

Bitcoin Breaks $12K Resistance and Aims for $14K as BTC Rallies Higher in the Expense of Altcoins

Energy5 hours ago

Pasternack Now Offers a Broad Selection of Field Replaceable Connectors Available for Same-Day Shipment

AR/VR6 hours ago

Star Wars: Tales from the Galaxy’s Edge Gameplay Trailer Drops With November Date for Oculus Quest

Crunchbase6 hours ago

The Briefing: RVShare raises over $100M, Google disputes charges, and more

Blockchain6 hours ago

Mode Adds Bitcoin to Reserves, Joining Microstrategy and Square

Blockchain7 hours ago

Has Bitcoin met its match with this altcoin?

Crunchbase7 hours ago

Syte Sees $30M Series C For Product Discovery

Blockchain News7 hours ago

What could a Democrat Sweep in US Elections mean for Bitcoin?

Blockchain7 hours ago

Yearn Finance Adds GUSD Vaults and Updated Keep3r Network Details

Blockchain7 hours ago

B2BX Exchange Announces B2BX Token Buyback

Blockchain7 hours ago

Coinend: 1, 2, 3 Take off -New Gamified Crypto Prediction Platform!

Coinpedia7 hours ago

GenTech Proudly Secures Deal with TruLife Distribution to Drive Growth in SINFIT Digital Sales

Blockchain7 hours ago

Coinend: 1, 2, 3, Take off – New gamified crypto prediction platform!

Blockchain7 hours ago

PayPal to allow transactions in Bitcoin, Ethereum etc. from 2021

Blockchain News7 hours ago

Ripple CTO Assesses XRP as a Bridge Cryptocurrency Between CBDCs, Stablecoins, and Fiat

Big Data7 hours ago

Top 10 Big Data trends of 2020

Fintech7 hours ago

5 Things to Know Before Investing in Bitcoin

Crunchbase7 hours ago

Intellimize Closes $12M Round Of New Funding

Crunchbase7 hours ago

Fintech Startups Broke Apart Financial Services. Now The Sector Is Rebundling

CNBC7 hours ago

eBay makes a dedicated portal for officially refurbished gear

Fintech8 hours ago

Headout & Nuclei partner to enable customers to book events & experiences directly from their mobile Banking applications

Blockchain8 hours ago

Community Token Sector Blossoms Alongside Surging NFT Market Caps

Energy8 hours ago

Study Reinforces Sustainability of Ring Container Technologies’ SmartCAN™

Business Insider8 hours ago

AutoNation Board Raises Share Repurchase Authorization – Quick Facts

Business Insider8 hours ago

Conversion Labs Appoints Former White House Physician and U.S. Navy Rear Admiral, Dr. Connie Mariano, to Board of Directors

Business Insider8 hours ago

Mehiläinen Yhtiöt Oy supplements the tender offer document dated 8 January 2020 regarding the public cash tender offer for all shares in Pihlajalinna Plc

Business Insider8 hours ago

AutoNation Inc. Q3 adjusted earnings Beat Estimates

Business Insider8 hours ago

Outlook on the Commercial Aviation Aircraft Tires Global Market to 2025 – by Type, Aircraft Type, Position, End-user & Geography

Trending