Connect with us

Networks

Xen and the art of hypervisor introspection: Bitdefender donates meditative tech to open-source virty outfit

Avatar

Published

on

Security vendor Bitdefender has open-sourced its hypervisor introspection technology, which the Xen Project will adopt as a sub-project.

Hypervisor introspection (HVI) makes it possible to inspect the memory of a guest VM, a desirable thing to do if you are hunting for malware infections in the guest.

Xen and Bitdefender have collaborated around this sort of thing since at least 2015 when the open-source hypervisor added a feature, libbdvmi, that Bitdefender helped to develop. Citrix and Bitdefender later commercialised the technology in Citrix’s version of Xen.

Now Bitdefender and Xen have decided the best way to advance the tech is as an open-source project. The security vendor has also donated its Napoca “thin hypervisor” to the Xen Project. Napoca virtualizes CPU and memory, not hardware, and can therefore allow hypervisor introspection to happen on machines that don’t run a full hypervisor.

“We are excited to see the range of uses the community will come up with for the technology, and fully expect to see HVI and Napoca technology used in areas beyond the scope of Bitdefender’s security-focused purposes,” said Bitdefender director of strategic alliances Shaun Donaldson.

Citrix’s chief security strategist, Kurt Roemer, also welcomed the decision.

“Now that the technology is open source, the use cases to which HVI can be applied will result in direct value realised by both security teams and their businesses – especially for emergent threats,” Roemer said.

The Xen Project already operates seven teams that work on what the operation calls “sub-projects”. As that term has been used to describe HVI, it appears the Project will now have an additional team.

The project has put more effort into embedded applications in recent years and the computers likely to run Xen in such situations could often benefit from enhanced security, or the lighter approach to virtualization offered by Napoca. ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/07/30/bitdefender_open_sources_to_xen_project/

Networks

Oracle aims high-end cloudy database release at existing customers in ‘defensive’ move

Avatar

Published

on

Oracle has brought out a new Exadata Cloud Service based on the Exadata X8M platform, bringing its high-end persistent memory feature to the cloud. Well, Oracle’s cloud at least.

The transactional and analytics database system Exadata X8M was first released last year in a launch Oracle claimed would reduce IO latency by up to 10 times with its use of persistent memory and remote direct memory access (RDMA) over Ethernet.

Bringing the system to the Exadata Cloud Service makes it available on a consumption basis in the Oracle cloud, including 26 global cloud regions and its on-prem service, Cloud@Customer. The omnipresent enterprise computing biz claimed it could help run applications needing multiple workloads and data types in a single converged Oracle Database, avoiding integration of multiple different database services.

Oracle claimed this meant 2.5 times higher transaction processing IOs, and 10 times better IO latency than its previous Exadata Cloud Service release.

The Exadata Database Machine started life in 2008 as an in-memory database appliance that supports OLTP (transactional) and OLAP (analytical) database systems. It was the result of a collaborative project between Big Red and HP (as it was then known), but was later ported to Sun hardware. A version has been available on Oracle Cloud since 2015.

David Floyer, CTO at Wikibon, said that with IO latency of around 20 microseconds and a 25 PB data warehouse available, Wikibon assessed it as the “highest-performance cloud database service available.”

Regardless of its performance, part of the positioning is to boost Oracle in the cloud market, as it was with the Zoom deal earlier this year, said Philip Carnelley, associate vice president of software research at IDC.

It would suit Oracle’s existing customers who want options in the cloud, he added.

“If you’ve already got loads of Oracle everywhere, then it’s becoming more viable to move what you want into the cloud: that’s their big thrust. There is such a huge install base of Oracle, it’s offering them everything in the cloud, on prem, or wherever they want it. From Oracle’s point of view, it could be seen as defensive. This will appeal to very large organisations with a very large investment in Oracle,” he said.

Carnelley said businesses were looking to move to the cloud as soon as possible, while at the same time IT departments would be reluctant to abandon their existing investments. “If it ain’t broke, don’t fix it: you don’t want to change too many things and fewer things you have to change, the better,” he said.

But outside Oracle’s install base, the appeal becomes less certain. In transaction systems Oracle would go up against IBM’s Db2 and SAP’s in-memory HANA database, both of which are available on the public cloud from the usual suspects.

On the analytical systems, Oracle must compete with cloud-native data warehouses such as Snowflake, AWS’s Redshift, Google’s BigQuery and Microsoft’s Synapse. ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/10/16/oracle_cloudy_db/

Continue Reading

Networks

OpenStack’s 10th birthday is next week, but you get the present of a new release today!

Avatar

Published

on

On October 21st, 2010, something new hit the world of enterprise infrastructure software: it was free software called OpenStack “Austin” and comprised the Nova VM-wrangler and the Swift Object store.

Enthusiasm for OpenStack has waxed and waned since. In its early years the project’s openness saw the likes of Cisco, Rackspace and HPE tout it as a better alternative than proprietary clouds from AWS Microsoft.

We know how that turned out: AWS, Azure and Google dominate the cloud and while OpenStack runs plenty of colossal web companies, the project’s own user surveys suggest that the majority of deployments are at organisations with between 100 and 10,000 employees.

China turned out to be a big part of the OpenStack story: its web giants Baidu and Tencent are known users, while the nation’s big three telcos – China Mobile, China Telecom and China Unicom – also adopted the stack. They’ve adopted it because OpenStack now offers over 40 modules that are collectively capable of doing just about anything a cloudy or webscale stack requires.

The Register will properly assess OpenStack’s first decade soon, but for now we need to consider the project’s 22nd major release, dubbed “Victoria”, which landed earlier this week.

The new release includes over 20,000 code changes by 794 developers from 160 different organisations and over 45 countries.

The OpenStack Foundation rates improved Kubernetes support, including support for containerised network functions, as among its most important new additions. More FPGA support has been added, specifically for Intel and Inspur accelerators, just in time for the SmartNIC craze to crest. And because too much security is seldom enough, the Octavia module now supports HTTP/2 over TLS using Application Layer Protocol Negotiation (ALPN).

The Ironic module, dedicated to provisioning bare metal servers, has a new communications flow for agent tokens that should make it safer to communicate with devices on the edge. Ironic had a 66% increase in activity compared to the OpenStack Ussuri cycle, and added more security for edge deployments by combining the communication flow for agent token which was added in Ussuri with the automatic agent TLS feature. Now, malicious attackers are unable to possibly intercept the “token” and through standard communication exchanges with the Ironic services. The Foundation also highlighted the following enhancements for “complex networking issues”:

  • The SDN module Neutron now provides metadata service over IPv6 and has added support for flat networks for Distributed Virtual Routers (DVR), Floating IP port forwarding for the OVN backend, and router availability zones in OVN.
  • Load-balancing module Octavia now support version two of the PROXY protocol.
  • Container networking module Kuryr has added support for autodetection of VM bridging interface in nested setups.

OpenStack has published a full list of enhancements present in Victoria here. The next OpenStack release has been named “Wallaby” and should hop into view in April 2021. The release’s timeline and goals can be found here. ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/10/16/openstack_victoria/

Continue Reading

Networks

Your web browser running remotely in Cloudflare’s cloud. That’s it. That’s the story

Avatar

Published

on

Network services giant Cloudflare wants to host your web browser in the cloud so it can send you only safe content.

On Thursday, the biz invited customers to sign up for the beta release of its Browser Isolation service, a third component in its evolving Cloudflare for Teams offering that came from S2 Systems, a Kirkland, Washington-based startup acquired earlier this year.

Browser isolation generally involves running a headless web browser – the browser foundation without its graphic interface – on a remote server, now commonly referred to as “the cloud,” and then buffering its visual output in some kind of format to send to software on the user’s computer to display. Scrubbing the web content of bad stuff before it’s rendered is a possibility, too, and that’s what Cloudflare’s Browser Isolation appears to do.

There are also client-side variations like Apozy’s Native Browser Isolation, and HP-acquired Bromium (now HP Sure Click), which relies on running browser tasks inside a hardware-isolated micro virtual machine.

Lord_Of_the_Rings_ring

Cloudflare floats cloud grand unification theory based on zero-trust access and security

READ MORE

Browser quarantine regimes have won corporate fans as a way to mitigate web-based security threats, and also to manage how workers interact with the unwholesome web. Think of web content as a package containing a bomb; if it explodes, you’ll wish you opened it in a concrete, reinforced bunker so that adjacent bunkers and buildings aren’t taken out. That’s browser isolation: containing any malicious stuff that spills into and out of the browser on your employees’ PCs.

Companies playing in the browser isolation market like Authentic8, Broadcom (Symantec), Menlo Security, and Webgap, among others, generally point to business-justifying stats compiled by consultancies.

Cloudflare, for instance, cites Gartner’s 2018 claim that web browsers are the source of 70 per cent of endpoint compromises. The IT research firm, declaring the public internet “a cesspool of attacks,” also projected that by 2022, 25 per cent of enterprises will adopt browser isolation technology for high-risk users and specific use-cases, up from one per cent in 2017.

Tim Obezuk, principal solutions engineer at Cloudflare, contends that Cloudflare Browser Isolation has an advantage over other approaches that rely on pixel pushing or DOM reconstruction. The former involves streaming rendered screen pixels to a remote user (slow) or loading pages remotely, checking them, then repacking and relaying them to a remote client (misses threats and prone to errors).

“Instead of streaming pixels to the user, Cloudflare Browser Isolation sends the final output of a browser’s web page rendering,” said Obezuk in a blog post. “The approach means that the only thing ever sent to the device is a package of draw commands to render the webpage, which also makes Cloudflare Browser Isolation compatible with any HTML5 compliant browser.”

Cloudflare Browser Isolation relies on Network Vector Rendering (NVR) technology from its S2 Systems acquisition. This intercepts the draw commands directed at the the remote Chromium browser’s Skia graphics rendering layer, then encodes, compressed, and encrypts them in a highly compact form before sending them to the remote client browser – which can be any HTML5-compliant browser (e.g. Chrome, Edge, Firefox, Safari).

Using an NVR WebAssembly library with an embedded Skia library that has been pushed to the local web browser, the transmitted draw commands can be unpacked, decrypted, and replayed with speed that approaches native device code.

It’s an approach that looks like it could work well given Cloudflare’s edge-centric network – with more than 200 data centers around the globe, latency between the user and the Cloudflare Browser Isolation host is likely to be less than it would be for a service operating under a more centralized network architecture.

We asked Cloudflare if browser add-ons will fit into its isolation approach, and a spokesperson told us:

If hosted browsers of this sort catch on, it may be time to stop referring to them as “user-agents” and call them something more accurate like “admin-agents.” ®

Source: https://go.theregister.com/feed/www.theregister.com/2020/10/15/cloudflare_browser_isolation/

Continue Reading
Esports2 hours ago

Haksal retires from professional Overwatch

Energy2 hours ago

CO.R.D.A.R Valsesia adopt innovative Israeli wastewater data solution to reduce water degradation in the Italian Alps

Energy3 hours ago

Commencement of Cash Tender Offer for Ascent Resources Utica Holdings, LLC’s and ARU Finance Corporation’s 9.00% Senior Notes due 2027

Energy3 hours ago

Entrada de Pedidos da Indústrias Romi atinge R$313,4 milhões, crescimento de 65,5% em relação ao 3T19

Energy3 hours ago

Berkeley Lab Building Efficiency Campaign Drives $95M in Annual Energy Savings

Esports5 hours ago

AZR open to European offers

Finland
Esports6 hours ago

FunPlus Phoenix in talks to sign GODSENT roster

Energy6 hours ago

Hycroft Appoints Stanton Rideout As Executive Vice President & Chief Financial Officer

Energy7 hours ago

GWS Tool Group Announces Acquisition of STF Precision (STF)

Energy7 hours ago

Global Print and Apply Labeling and Labeling Equipment Market Outlook to 2027

Energy7 hours ago

Algonquin Power & Utilities Corp. Announces Dates for Third Quarter 2020 Financial Results and Conference Call

Energy7 hours ago

Lida Resources Unaware of Any Material Change

Energy7 hours ago

$32.1 Billion Worldwide Liquid-Immersed Transformers Industry to 2027 – Impact of COVID-19 on the Market

Energy9 hours ago

American Electric Power Receives First NAPPC Pollinator Electric Power Award

Denmark
Esports9 hours ago

Official: MAD Lions complete lineup with refrezh and HooXi

Energy10 hours ago

Garrett Announces Acquisition

Russia
Esports10 hours ago

forZe take down NAVI in IEM New York CIS

Energy10 hours ago

NASA, Department of Energy Expand on More Than 50 Years of Collaboration

Energy10 hours ago

GivePower Foundation Receives $1 Million Donation from Silicon Valley Technology Veteran Chris Larsen

Energy10 hours ago

AEP Increases Quarterly Dividend To 74 Cents A Share

AR/VR11 hours ago

From Environmental to Social: XR Tackles Global Issues

AR/VR12 hours ago

New Japanese PlayStation VR Bundles to Include Camera Adaptor for PlayStation 5

Energy12 hours ago

McKim & Creed Acquires­ Water Loss Recovery and Control Firm

Energy12 hours ago

Global Cable Management Market (2020 to 2027) – by Type, and End-user

AR/VR13 hours ago

Qualcomm’s XR Enterprise Program Doubles Membership, Includes Holoride, OssoVR & Talespin

Energy13 hours ago

Worldwide Industry for Cables and Connectors to 2027 – Growing Number of Data Centers Presents Opportunities

Energy13 hours ago

Xinhua Silk Road: La transformación verde es vital para el desarrollo del carbón de coque y la cooperación energética de la B&R

Automotive13 hours ago

ALYI Highlights Next Steps

Energy13 hours ago

Field Squared Selected by TRC to Embolden Digital Transformation of Its Utility Service Operations

Crowdfunding13 hours ago

The Worst Way to Respond to Any Market Crash

Blockchain13 hours ago

Billionaire Mike Novogratz Builds Bitcoin Position on Prescience

Entrepreneur13 hours ago

It’s Time for You to Rise Up!

Entrepreneur13 hours ago

If You’re Not Using a CRM System for Your Small Business, You’re Wasting Time and Money

Patents13 hours ago

New electroactive bacterium for wastewater treatment

Blockchain14 hours ago

Latvian Financial Watchdog Issues Crypto Fraud Warnings

Cannabis14 hours ago

PURA Concludes Farmersville Meetings – Deal Imminent

EdTech14 hours ago

Blended Learning Best Practices (with Catlin Tucker) – SULS085

Entrepreneur14 hours ago

This CEO Doesn’t Look at Resumes When Hiring

Entrepreneur14 hours ago

Virtual Meeting Etiquette Guide for Hosts and Attendees

Entrepreneur14 hours ago

9 Ways to Add Revenue to Your Marketing Agency Before 2021

Trending