Learn how to set up networking for your applications, including VPCs, DNS, VPN, SSH, service discovery, service mesh, and more.
By James Strong, Vallery Lancey (O'Reilly)
Kubernetes has become an essential part of the daily work for most system, network, and cluster administrators today. But to work effectively together on a production-scale Kubernetes system, they must be able to speak the same language. This book provides a clear guide to the layers of complexity and abstraction that come with running a Kubernetes network. Authors James Strong and Vallery Lancey bring you up to speed on the intricacies that Kubernetes has to offer for large container deployments. If you're to be effective in troubleshooting and maintaining a production cluster, you need to be well versed in the abstraction provided at each layer.
By Dinesh Dutt (O'Reilly)
If you want to study, build, or simply validate your thinking about modern cloud native data center networks, this is your book. Whether you’re pursuing a multitenant private cloud, a network for running machine learning, or an enterprise data center, author Dinesh Dutt takes you through the steps necessary to design a data center that’s affordable, high capacity, easy to manage, agile, and reliable. Ideal for network architects, data center operators, and network and containerized application developers, this book mixes theory with practice to guide you through the architecture and protocols you need to create and operate a robust, scalable network infrastructure. The book offers a vendor-neutral way to look at network design. For those interested in open networking, this book is chock-full of examples using open source software, from FRR to Ansible.
By Ilya Grigorik (O'Reilly)
How prepared are you to build fast and efficient web applications? This eloquent book provides what every web developer should know about the network, from fundamental limitations that affect performance to major innovations for building even more powerful browser applications, including HTTP 2.0 and XHR improvements, Server-Sent Events (SSE), WebSocket, and WebRTC. Author Ilya Grigorik, a web performance engineer at Google, demonstrates performance optimization best practices for TCP, UDP, and TLS protocols, and explains unique wireless and mobile network optimization requirements. You'll then dive into performance characteristics of technologies such as HTTP 2.0, client-side network scripting with XHR, real-time streaming with SSE and WebSocket, and P2P communication with WebRTC.
By James Kurose and Keith Ross (Pearson)
Building on the successful top-down approach of previous editions, the Fourth Edition of Computer Networking continues with an early emphasis on application-layer paradigms and application programming interfaces, encouraging a hands-on experience with protocols and networking concepts. With this edition, Kurose and Ross bring the issues of network security to the forefront, along with integration of the most current and relevant networking technologies.
By Master OccupytheWeb (Independently published)
Following the success of Linux Basics for Hackers, OccupytheWeb does what he did for Linux to Networks. Networks of all types, including TCP/IP, Bluetooth Networks, Car Networks, W-iFi Networks, Radio Frequency Networks, SCADA/ICS Networks, and more. In his inimitable style, Master OTW makes the seemingly complex, simple. This book is designed for beginner to intermediate cybersecurity professionals. It begins with the basics of networks and networking, examines network analysis with Wireshark and tcpdump, offers one of the most complete and in-depth analyses of Wi-Fi and Bluetooth networks, then progresses through the various protocols such as DNS, ARP, SMTP, and others. The reader will be led through the building of those applications in Linux, such as an EXIM server for email or a BIND server for DNS. Then OTW leads the reader through the major vulnerabilities of that protocol/application. In the final chapters, OTW leads the reader through some of the networks on the leading-edge of cybersecurity, such as Car, Radio, and Industrial networks. There has never been book quite like this one!
By Razi Rais, Christina Morillo, Evan Gilman, Doug Barth (O'Reilly)
Perimeter defenses guarding your network aren’t as secure as you might think. Hosts behind the firewall have no defenses of their own, so when a host in the 'trusted' zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile. Authors Evan Gilman and Doug Barth show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You’ll learn the architecture of a zero trust network, including how to build one using currently available technology.
By John Kindervag (Blog post)
There’s an old saying in information security: “We want our network to be like an M&M, with a hard crunchy outside and a soft chewy center.” For a generation of information security professionals, this was the motto we grew up with. It was a motto based on trust and the assumption that malicious individuals wouldn’t get past the “hard crunchy outside.” In today’s new threat landscape, this is no longer an effective way of enforcing security. Once an attacker gets past the shell, he has access to all the resources in our network. We’ve built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To confront these new threats, information security professionals must eliminate the soft chewy center by making security ubiquitous throughout the network, not just at the perimeter. To help security professionals do this effectively, Forrester has developed a new model for information security, called Zero Trust. This report, the first in a series, will introduce the necessity and key concepts of the Zero Trust Model.
By NIST (Article)
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets.
By Rory Ward and Betsy Beyer (Article)
Virtually every company today uses firewalls to enforce perimeter security. However, this security model is problematic because, when that perimeter is breached, an attacker has relatively easy access to a company’s privileged intranet. As companies adopt mobile and cloud technologies, the perimeter is becoming increasingly difficult to enforce. Google is taking a different approach to network security. We are removing the requirement for a privileged intranet and moving our corporate applications to the Internet.
Amazon Route 53 is a highly available and scalable cloud domain name system (DNS) service. Enables to customize DNS routing policies to reduce latency.
Host your Domain Name System (DNS) domain in Azure.
Your all in one solution to grow online. Start a free trial to create a beautiful website, get a domain name, fast hosting, online marketing and award-winning 24/7 support.
Register domain names at Namecheap. Buy cheap domain names and enjoy 24/7 support. With over 18 million domains under management, you know you’re in good hands.
With Cloudflare DNS you have the fastest response time of any DNS provider. Our DNS has unparalleled redundancy and built-in security.
JumpCloud makes it simple to manage Windows, Apple, Linux, and Android devices and to deliver secure access with SSO, MFA, Zero Trust, RADIUS, and more.
The Okta and Auth0 Platforms enable secure access, authentication, and automation—putting Identity at the heart of business security and growth.
Secure your workforce, customers, and partner data with our modern IAM platform at a price that works with your budget.
Protect your workforce with Cisco Duo’s industry leading suite of identity security solutions, Single Sign-On (SSO), and Multi-Factor Authentication (MFA).
Microsoft Entra ID (formerly Azure Active Directory) is a cloud identity and access management solution that safeguards your data.
Ping Identity helps you protect your users and every digital interaction they have while making experiences frictionless.
JumpCloud makes it simple to manage Windows, Apple, Linux, and Android devices and to deliver secure access with SSO, MFA, Zero Trust, RADIUS, and more.
Rippling eliminates the friction from running a business, combining HR, IT, and Finance apps on a unified data platform.
The easiest IT management platform. No contracts or platform fees. Free onboarding and local support. An all-in-one RMM MSPs & IT departments love for growing their business.
Microsoft Intune manages users and devices, simplifies app management and automated policy deployment, and integrates with mobile threat defense. It connects to Managed Google Play, Apple tokens and certificates, and Teamviewer for remote assistance. Can use MDM or MAM to protect data, configure devices, and simplify access to company resources.
Scalefusion offers the next era of advanced endpoint management, zero trust access, and endpoint security to safeguard your business with unmatched protection.
Teleport delivers least privileged access on a foundation of cryptographic identity and zero trust, making infrastructure resilient to identity-based attacks, improving engineer productivity, and streamlining compliance.
Securely connect to anything on the internet with Tailscale. Deploy a WireGuard-based VPN to achieve point-to-point connectivity that enforces least privilege.
Boundary automates secure identity-based user access to hosts and services across environments.
We make sure that the right people get access to the resources they need, exactly when they need them — no more, no less.
Connect to your Linux instances using EC2 Instance Connect.
Learn how to connect to your EC2 instance using Session Manager, a capability of AWS Systems Manager.
Compute Engine uses key-based SSH authentication to establish connections to all Linux virtual machine (VM) instances.
Cisco VPN solutions help organizations provide highly secure remote access and increase flexibility and cost savings.
GlobalProtect is more than a VPN. It provides flexible, secure remote access for all users everywhere.
Juniper’s AI-Native Networking Platform delivers the most comprehensive AIOps across the entire network to elevate operator and user experiences, making every connection count.
Remote VPN Access. Optimize productivity for off-network users.
SonicWall provides cybersecurity products, services and support for business.
Fortinet delivers cybersecurity everywhere you need it. We secure the entire digital attack surface from devices, data, and apps and from data center to home office.
OpenVPN is a network security company serving the secure remote access needs of small businesses to the enterprise. Our on-prem and cloud-based products offer the essentials of zero trust network access and are built on the leading OpenVPN tunneling protocol.
WireGuard: fast, modern, secure VPN tunnel.
Securely connect to anything on the internet with Tailscale. Deploy a WireGuard-based VPN to achieve point-to-point connectivity that enforces least privilege.
Securely connect your remote workforce to resources within both AWS and your on-premises network using AWS Client VPN.
Cloud VPN securely extends your peer network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection. The VPN connection encrypts traffic traveling between the networks, with one VPN gateway handling encryption and the other handling decryption. This process protects your data during transmission. You can also connect two VPC networks together by connecting two Cloud VPN instances.
Virtual private gateway is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection. You create a virtual private gateway and attach it to a virtual private cloud (VPC) with resources that must access the Site-to-Site VPN connection.
Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime.
Curator is a keeper or custodian of a museum or other collection - A ZooKeeper Keeper. Apache Curator is a Java/JVM client library for Apache ZooKeeper, a distributed coordination service. It includes a high level API framework and utilities to make using Apache ZooKeeper much easier and more reliable. It also includes recipes for common use cases and extensions such as service discovery and a Java 8 asynchronous DSL.
ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. All of these kinds of services are used in some form or another by distributed applications. Each time they are implemented there is a lot of work that goes into fixing the bugs and race conditions that are inevitable. Because of the difficulty of implementing these kinds of services, applications initially usually skimp on them, which make them brittle in the presence of change and difficult to manage. Even when done correctly, different implementations of these services lead to management complexity when the applications are deployed.
AWS Service registry for resilient mid-tier load balancing and failover.
etcd provides a gRPC resolver to support an alternative name system that fetches endpoints from etcd for discovering gRPC services. The underlying mechanism is based on watching updates to keys prefixed with the service name.
Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures. Built on the learnings of solutions such as NGINX, HAProxy, hardware load balancers, and cloud load balancers, Envoy runs alongside every application and abstracts the network by providing common features in a platform-agnostic manner. When all service traffic in an infrastructure flows via an Envoy mesh, it becomes easy to visualize problem areas via consistent observability, tune overall performance, and add substrate features in a single place.
Expose an application running in your cluster behind a single outward-facing endpoint, even when the workload is split across multiple backends.
Nomad service discovery helps you automatically connects workloads. Compare Nomad's built-in service discovery feature to Consul service discovery, which adds a DSN interface and service mesh. Learn about health checks, configuring tags in job specification service blocks, and how to specify tags for canary and blue/green allocations.
Protocol Buffers are language-neutral, platform-neutral extensible mechanisms for serializing structured data.
Cap’n Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap’n Proto is INFINITY TIMES faster than Protocol Buffers.
FlatBuffers is an efficient cross platform serialization library for C++, C#, C, Go, Java, Kotlin, JavaScript, Lobster, Lua, TypeScript, PHP, Python, Rust and Swift. It was originally created at Google for game development and other performance-critical applications.
The Apache Thrift software framework, for scalable cross-language services development, combines a software stack with a code generation engine to build services that work efficiently and seamlessly between C++, Java, Python, PHP, Ruby, Erlang, Perl, Haskell, C#, Cocoa, JavaScript, Node.js, Smalltalk, OCaml and Delphi and other languages.
A high-performance, open source universal RPC framework.
Simple, reliable, interoperable: Protobuf RPC that works.
drpc is a lightweight, drop-in replacement for gRPC.
Simple RPC framework powered by protobuf.
The OpenAPI Specifications provide a formal standard for describing HTTP APIs. This allows people to understand how an API works, how a sequence of APIs work together, generate client code, create tests, apply design standards, and much, much more.
Linkerd adds critical security, observability, and reliability to your Kubernetes stack, without any code changes.
A service mesh for observability, security in depth, and management that speeds deployment cycles.
Cloud Native, eBPF-based Networking, Observability, and Security.
Traefik Mesh is an open source service mesh, easy to configure that allows visibility and management of the traffic flows inside any Kubernetes cluster.
AWS App Mesh is an application networking service mesh that lets you more easily monitor and control communications across services.
A fully managed service mesh solution from Google Cloud for simplifying, managing, and securing complex microservices architectures.
Consul’s service mesh makes application and microservice networking secure and observable with identity-based authentication, mutual TLS (mTLS) encryption, and explicit service-to-service authorization enforced by sidecar proxies.
Build, Secure and Observe your modern Service Mesh.
Kong Mesh is an enterprise-ready service mesh that provides security, reliability and observability for Kubernetes environments. Accelerate deployments today!
