da Agency

Configuring secure remote access for Compute Engine VMs?

System administrators are frequently asked to assess risk when moving their applications to the cloud. One common concern is the platform’s inherent presence on the internet, and how to properly secure cloud-based virtual machines and services that are now exposed. In Google Cloud, you can configure VMs and APIs so they’re not connected to the public internet but still accessible to system administrators. Here’s how.   Use Compute Engine’s No External IP Org policy The first thing you can do to protect VMs it to configure a policy that disallows VMs from obtaining an external IP. From the admin console, click Security and select Organization Policies.Note that this policy is not retroactive, so if you already have machines with external IP addresses, this policy does not remove them. Also be aware that while the default VPC has firewall rules to allow SSH / RDP, without an external IP, these are only accessible from the internal network.  Use Cloud Identity-Aware Proxy Next, you need to allow developers to access these machines. Traditionally, you configure a VPN client to connect to the VPC. In Google Cloud, there’s a better way: you can use Cloud Identity-Aware Proxy (IAP) to connect to the machines. To show you how, we’ll follow this guide. From the admin console, click Security then select Identity-Aware Proxy.If you haven’t used Cloud IAP before, you’ll need to configure the oAuth screen:Configure the consent screen to only allow internal users in your domain, and click Save.  Next, you need to define users who are allowed to use Cloud IAP to connect remotely. Add a user to the “IAP-secured Tunnel User” role on the resource you’d like to connect to.Then, connect to the machine via the ssh button in the web UI or gcloud.When using the web UI, notice the URL parameter useAdminProxy=true.Tip: If you don’t have gcloud installed locally, you can also use Cloud Shell:You should now be connected! You can verify that you don’t have internet connectivity by attempting to ping out. 8.8.8.8 (Google’s Honest DNS) is a good address to try this with.  Controlling access with VPC Service ControlsMost GCP developers will still want access to Google Cloud APIs. You can give them access to Google Cloud APIs while restricting them to resources that are present in the project by using VPC Service Controls.  First, enable private Google API access on the VPC network where your VM is located (in this example, US-West1.) Select the VPC network in the region where your virtual machines are located. Select the subnet, and click Edit. Enable Private Google access by selecting “Private Google Access” and click Save.Once you’ve enabled private access, gcloud commands from the VM will work.  Now use VPC Service Controls to define where you’d like those API requests to be allowed. Navigate to the ORG node for your domain and select VPC Service Controls from the Security tab. Select New Perimeter. Add your project and the APIs you’d like to protect to the “New VPC Service Perimeter” and click Save.Now that you’ve gone through all these steps, your VMs should be configured so they are only accessible via Identity-Aware Proxy, and only have access to the local network and Google APIs that are part of the project to which they belong.  As you can see, using Google Cloud tools like Cloud IAP and VPC Service Controls can help you insulate projects from the public internet, reducing risk and fears about moving apps and infrastructure to the cloud. To learn about more security capabilities and features, visit cloud.google.com/security.
Quelle: Google Cloud Platform

da Agency

How Google Cloud helps RecruitMilitary connect more veterans to jobs

Editor’s note: Today’s post is by Mike Francomb, Senior Vice President of Technology, RecruitMiliary and a U.S. Army Veteran. RecruitMilitary is a wholly owned subsidiary of Bradley-Morris, Inc. (BMI), the largest military-focused recruiting company in the United States. RecruitMilitary uses Google Cloud Talent Solution to power its job search experience and connect more organizations with veteran talent.For seven years, I served in the U.S. Army as a Field Artillery Officer, Military Occupation Code 13A. My time in service included a deployment to Operation Desert Shield / Desert Storm with the 24th Infantry Division out of Fort Stewart, GA, and a variety of front line artillery leadership roles, serving as a logistics officer for my unit and as an instructor teaching new officers how to be professional artillerymen. My day-to-day entailed leading teams of highly trained soldiers and managing logistics and materials to help those soldiers perform at a high level in stressful, fast-paced environments. It was my job to ensure we were ready to handle any circumstance. The hardest part about transitioning out of the Army in May 1996 as a highly trained artillery veteran was the fact that, though I felt prepared for any challenge ahead, I wasn’t sure I was making the right choice. I made a common mistake of transitioning veterans, I jumped right into an entrepreneurial venture. Looking back, I wish I’d had access to resources that displayed career options that would help translate my skills for the corporate world, it would have helped me be better prepared and know what my options were. I wasn’t ready to jump from the Army into running a business, and it was a long two years. Though my first job out of the Army was challenging, it taught me that I loved the start-up environment, and I joined RecruitMilitary in October 1998 when it was five months old. For the past 21 years, I have been fortunate enough to play an important role in helping RecruitMilitary grow to what it is today, the industry leader in connecting military veterans with organizations.  RecruitMilitary connects organizations with veteran talent through over 30 products and services, all of which are fueled by our job board. Our job board, with over 1,400,000 members, is core to our business. In fact, if we don’t have an active and growing job board population, we don’t have the supply of veteran talent we need to deliver to our clients across our suite of services. With veteran unemployment at a 50-year low, it became increasingly challenging for RecruitMilitary to grow our veteran job seeker database and keep those veterans actively applying to client jobs. Being a data-driven company, we saw our existing search functionality was no longer producing the desired results for clients and began to receive client feedback about decreased candidate activity.It was clear to us that we needed to begin adopting machine learning and more advanced search capabilities into our products and operations. The HR Tech space is shifting that way fast, and we want to be at the forefront. As we researched paths to take and learned of Google’s operating philosophy leading with AI, and that they were developing a tool for veteran job search, it made a lot of sense to go with a leader.When Grow with Google announced its commitment to support veterans, we learned that we could add their military occupation code (MOS) translation feature to our job board through Cloud Talent Solution. This feature lets transitioning service members enter their military occupation codes (MOS, AFSC, NEC, or rating) directly into our search bar to see relevant civilian jobs available at client companies. We’re also using Cloud Talent Solution’s remote work functionality to provide an improved job search experience that allows our customers to make remote work opportunities in the U.S. more discoverable on their career sites. We’re excited about this feature, as it enhances our ability to deliver meaningful jobs to important members of our military community, military spouses, and veterans with limited mobility. The results of Cloud Talent Solution compared to our previous search are tremendous. Our job seekers are getting a much better experience, and to us that means more veterans are connected to jobs with our clients. We know this because our number of daily job applications has grown by 78 percent. And knowing that we now have a tool that’s going to learn and get better as more of our job seekers use it means that we will reap benefit for work done over time, and so will our clients and veterans who use our job board. That’s tremendous ROI to receive for a lean development staff. These are just a few of the types of tools I wish I’d had access to when I was considering my transition in 1996. With the help of technology and resources, like those from RecruitMilitary and Grow with Google, people in the military community, including veterans like myself, can prepare for and build meaningful careers.
Quelle: Google Cloud Platform

da Agency

Using KubeFed to Deploy Applications to OCP3 and OCP4 Clusters

Introduction In the previous blog post  we saw what KubeFed is and how to deploy KubeFed on Red Hat OpenShift. On top of that, we deployed a federated MongoDB ReplicaSet and a federated Pacman application. In today’s blog, we are going to use KubeFed to deploy the federated MongoDB as well as the federated Pacman […]
The post Using KubeFed to Deploy Applications to OCP3 and OCP4 Clusters appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift

da Agency

What is a hybrid integration platform (HIP)?

Business leaders are constantly looking for new ways to transform their organizations by using technology and data to drive innovation and business results. But before you can think about deriving insights or building seamless customer experiences, you first need to connect and standardize all of the data across your entire application landscape.
From established on-premises systems to newly adopted software-as-a-service (SaaS) applications, integration is a critical, yet increasingly complicated, step toward digital business transformation.
Integration has become a bottleneck
Over the last several years the demand for new integrations has far surpassed the capacity most enterprises can handle. Traditional integration approaches simply can’t keep up with the requests. Lowering the cost per integration and is essential to creating a flexible, scalable model for integration.
Nobody can afford to pause their business or rip and replace their entire infrastructure. Instead, businesses are looking for ways to streamline processes, disperse skill sets over a wider range of people, restructure their integration architecture, and utilize new technologies to make integration simpler and more efficient. Adopting an agile integration strategy helps manage these changes across people, processes and architecture. And, as companies look to technology options for streamlined integration, hybrid integration platforms (HIP) are becoming more prevalent.
What is a hybrid integration platform?
According to Ovum, a hybrid integration platform is “a cohesive set of integration software (middleware) products enabling users to develop, secure and govern integration flows connecting diverse applications, systems, services and data stores, as well as enabling rapid API creation/composition and lifecycle management to meet the requirements of a range of hybrid integration use cases.”
In other words, a hybrid integration platform should provide organizations with all of the tools they need to make it simpler and easier to integrate data and applications across any on-premises and multicloud environment. With data silos broken down, businesses have an incredible opportunity to turn their data into actionable insights, allowing them to make better decisions faster.
What are the key capabilities to look for in a hybrid integration platform?
Today’s integration teams need access to a mix of tools that allow them to balance traditional and modern integration styles. When evaluating hybrid integration platforms, here are the most important capabilities you should look to evaluate.

API lifecycle management. APIs are among the most common styles of modern integration. Companies need to be able to create, secure, manage and share APIs across environments quickly and easily.
Application and data integration. Siloed data is one of the most critical problems organizations face when trying to digitally transform. The ability to copy and synchronize data across applications will help address a variety of issues, including data formats and standards.
Messaging and event-driven architecture. Syncing and standardizing data is crucial, but if enterprises want to be able to build more engaging customer experiences or react to things in real-time, they need to have the ability to securely exchange that data across their ecosystem from any cloud-based to on-premise application.
High-speed data transfer. The sheer volume of data being exchanged in a modern environment can be staggering. In fact, by 2025, IDC predicts worldwide data creation will reach 163 zettabytes per year. That’s ten times as much data as the world produced in 2017.

Being able to send, share, stream and sync large files reliably and at high speeds is critical to providing the types of real-time responses to data that modern organizations are looking for.
Is it better to build or buy a hybrid integration platform?
Until recently, hybrid integration platforms were mostly thought of as something that organizations needed to build by piecing together key capabilities from existing tools (like API management software, iPaaS and ESB solutions) from a variety of vendors into a cohesive system.
This can be an expensive and cumbersome process, however, and often leads to an end result that fails to meet all of the requirements. Some features or capabilities will be duplicated across offerings from multiple vendors, while others modern integration capabilities, like event streaming or high-speed data transfer, are left out.
Instead, enterprises should consider complete solutions, like IBM Cloud Pak for Integration, which combine all of the capabilities required for both traditional and modern integration styles into a unified, containerized platform. Features like single sign-on, common logging, tracing, an asset repository and a unified dashboard help bring all of the capabilities together and make integration workflows more efficient.
How can a hybrid integration platform help modernize integration?
By utilizing an agile integration approach combined with a robust hybrid integration platform, organizations can empower their teams with everything they need to speed up new integrations while lowering the cost. Done right, organizations will be able to continue using their existing infrastructure and traditional integration styles while introducing new skills, endpoints, use cases and deployment models at their own pace.
A hybrid integration platform should allow for more collaboration, democratization and reuse of assets through features like asset repositories, helping integration teams build and support the volume of integrations that digital transformation initiatives require.
Interested in learning more about hybrid integration platforms and the key capabilities, features and requirements you should look for when evaluating them?
Register to read the Ovum analyst report: Hybrid Integration Platforms: Digital business calls for integration modernization and greater agility.
Learn more about the IBM Cloud Pak for Integration.
The post What is a hybrid integration platform (HIP)? appeared first on Cloud computing news.
Quelle: Thoughts on Cloud

da Agency

Mounts: KI hilft Vulkanausbrüche vorherzusagen

Satelliten beobachten die Erde über einen langen Zeitraum und erfassen dabei auch Veränderungen, die auf bevorstehende Vulkanausbrüche hinweisen. Forscher aus Berlin und Potsdam haben ein KI-System entwickelt, das die Daten auswertet und rechtzeitig vor einem Ausbruch warnen kann. (KI, Technologie)
Quelle: Golem