by Scott Muniz | Oct 6, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
• Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability cisco-sa-NFVIS-ISV-BQrvEv2h
• Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities cisco-sa-expressway-csrf-sqpsSfY6
by Scott Muniz | Oct 6, 2022 | Security, Technology
This article is contributed. See the original author and article here.
CISA released two (2) Industrial Control Systems (ICS) advisories on October 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
by Contributed | Oct 5, 2022 | Technology
This article is contributed. See the original author and article here.
Kim Akers – CVP, MCAPS Enablement and Operations
Over the past few years, across every industry, we have seen organizations quickly adjust to challenges and pursue new business opportunities as the pandemic reshaped our world. From health care, to manufacturing, retail and beyond, organizations have had to not only focus on building their own digital capability but hiring talent with proven potential.
As more and more organizations seek to fill the nearly 150 million jobs being created by this transformation, it has become acutely clear: talent is everywhere but the opportunity is not. In fact, Covid-19 put a giant spotlight on just how many people have been overlooked for far too long—people of color, women, people with less education. People with disabilities.
It’s never been more important to ensure everyone can prove they have the tech skills to take on that new assignment, get that new job or achieve the impossible.
With this in mind, and in honor of National Disability Employment Awareness Month, I’m excited to share more detail on how we’re helping to reshape the certification industry to be more inclusive for people with disabilities.
Understanding disabilities
For decades, “disability” has focused on mobility, vision, or hearing issues. Yet, 70 percent of disabilities don’t have visible indicators. Examples of non-apparent disabilities include:
- Learning: Includes difficulty focusing, concentrating, or understanding
- Mental health: Includes anxiety, bipolar disorder, PTSD, and/or depression
- Neurodiversity: Includes dyslexia, seizures, autism, or other cognitive differences
I am part of that 70% and my experience with dyslexia and dysgraphia helps me have empathy for the variety of challenges faced by the disability community. Especially knowing that having a seen, or unseen, disability can have a tremendous impact on someone’s career and opportunities—especially in an Industry with years of tradition stacked against them.
Take for instance Kevin’s story.
Kevin is a sales director whose job required him to complete a certification. He was diagnosed with ADHD as a child but thought it had subsided as he grew up. The symptoms re-emerged in adulthood, impacting his life at work.
For example, Kevin spent more than 500 hours studying and preparing for a certification test. He didn’t know how to get the accommodations required for success; the process was too complex. He failed the exam several times. This had a cascade effect. Not passing meant he missed his mandatory training goal, resulting in reduced compensation, contributing to increased anxiety at work and at home.
“The more we can help people to learn on their terms, the more we can help people take the time that they need and to have the resources they need to succeed,” Kevin says, noting that he passed the exam after receiving proper accommodations.
It is painful to read stories like Kevin’s. No one should be left behind because they need additional accommodation while taking a test or anything else. Yet that’s what happens every day.
Removing barriers to success, trying new approaches
I believe it’s time to shake things up.
We have been listening, researching, and learning how to be more inclusive—this includes reviewing and updating our certification exam accommodations. And just three months ago, we rolled out the first of many exam improvements: testers no longer have to ask before moving around or looking away from the computer during a test. They must simply stay in view of the camera. That will make a big difference for many test takers.
We also know seeking an accommodation has historically been complicated and may even require the need to share sensitive, personal information. So, we’ve also made changes like:
- Making the accommodation application process simpler
- Removing the documentation requirement for most requests; and when it is required, expanding the list of acceptable documentation and reducing the burden placed on applicants
- Ensuring proctors understand how to provide accommodations
- Establishing a Microsoft Certification Accommodations HyperCare support team to support learners who need extra help (msftexamaccom@microsoft.com)
For a complete list of accommodations requirements, please visit: Accommodations and associated documentation requirements.
Change begins within
Certifications are a proven method for employees and job candidates to stand out in an increasingly competitive industry. I’m thrilled to see the steps taken to ensure our Microsoft Certification program is accessible to all.
After all, living with a disability shouldn’t hinder opportunity. Simply put, organizations must go beyond compliance when it comes to accommodations. That includes both offering them and ensuring proctors are properly trained. I’m thrilled that Microsoft is leading the way.
Stay tuned, more changes are in the works. I can’t wait to share them with you.
Related announcements
Improvements to the Exam Accommodation Process
by Scott Muniz | Oct 5, 2022 | Security, Technology
This article is contributed. See the original author and article here.
The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that:
- Assesses malicious cyber activity aiming to compromise election infrastructure is unlikely to result in large-scale disruptions or prevent voting.
- Confirms “the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information.”
The PSA also describes the extensive safeguards in place to protect election infrastructure and includes recommendations for protecting against election-related cyber threats.
by Contributed | Oct 4, 2022 | Technology
This article is contributed. See the original author and article here.
App Service Hybrid connection offers a quick and uncomplicated way to reach your on-premises services in scenarios where there aren’t other networking solutions like VPN or ExpressRoute available. Normally, you don’t even need to open any firewall ports in your on-premises environments because it only requires outbound HTTP connection over port 443 towards Azure to work. Behind the scenes, it is a TCP relay proxy over websockets. It only works to reach services that run on TCP protocols and not UDP.
Therefore, it might be a good fit if you are planning to migrate your application(s) to Azure App Service but this app has dependencies to on-premises databases or APIs and your networking team is not yet ready to set up a VPN/ExpressRoute connection between these environments. The migration work can be unblocked using Hybrid connections towards these external dependencies with no code changes within your app.
However, what to expect in terms of performance? Apart from the pure networking latency of having an App Service connecting back to on-premises service… will the Hybrid connection itself introduce extra latency on top of network? What about the different scenarios:
- Reaching on-premises HTTP APIs;
- Reaching on-premises databases;
- Downloading on-premises large files over HTTP
In this article we will run benchmarks on all given scenarios above and compare them with and without Hybrid connection. It is not the goal here how to configure such a connection, because that tutorial is very well described here.
The test setup
An App Service Hybrid connection relies on a service called Azure Relay to work (and Azure Relay is based on Azure Service Bus platform). This is how the architecture looks like:
Now, let me explain how the setup in this test is done when comparing to the diagram above:
- App Service: a small PremiumV2 .NET Core 6 app running in Brazil South;
- Azure Relay: if you don’t have an already created Azure Relay created, the App Service Hybrid connection will ask you to do so. Here, I created one in Brazil South region;
- On Premises: to simulate an on-premises environment, here I have a physical computer with a fast and modern hardware (Ryzen 5 5600H, 16GB ram, 512gb SSD) connected to a 600mbps stable fiber connection. This system has an average 12ms (milliseconds) latency to Azure and vice-versa. It also has one SQL Express 2019 database, a .NET 6 API to simulate on-premises services for these tests and the HCM (Hybrid Connection Manager) that is required for this setup.
Now, we want to compare the Hybrid connection overhead over the raw network connection. So, for each test that will follow in this article, we will configure the App Service to hit the services via Hybrid connection endpoints and then run the same test but going directly to the public IP of the “on-premises” server, skipping the relay completely.
Here’s the configuration in the Portal:
Scenario 1: HTTP requests
Let’s assume you got on-premises HTTP services to reach from an App Service via Hybrid connection. In the configuration picture above, that endpoint name is “andre-api” which points to a on-premises DNS name of “testerelay” on port 5001. That is the .NET API running in the on-premises computer. This API has a REST endpoint that returns random strings of around ~8kb in size.
From the App Service side, it runs another .NET API that calls the previous endpoint in three different ways:
- Single request: App Service calls the on-premises API once
- Sequentially: App Service calls the on-premises API 50 times in a row. When the previous request finishes, the next goes ahead and so on… until we reach 50 requests;
- Parallel: App Service calls the on-premises API 50 times at the same time. This is accomplished by making use of .NET tasks
The intention here is to verify how well the relay handles a typical real-world scenario where you get many parallel requests at a given time. All requests here are using HTTP2 protocol.
Check out the results table:
|
Average response time per HTTP request
|
Difference
|
Direct
|
Hybrid connection
|
Single request
|
13ms
|
24ms
|
+84%
|
Sequential (50)
|
13ms
|
34ms
|
+161%
|
Parallel (50)
|
50ms
|
60ms
|
+20%
|
Important note
Having the App Service .NET API calls the relay forcing the HttpClient to use HTTP2 by default made a huge difference for the positive side in the tests results. HTTP 1.1 was much worse especially in the parallel requests test;
Conclusion for HTTP tests
If we look at the difference numbers in % it seems to be a huge overhead added by the Hybrid Connection, but looking at absolute numbers, it is not. In the more realistic test of this setup – the Parallel HTTP simulation – we get only 10ms added compared to a direct connection, which is negligible for most applications. Another point to keep in mind here is that we are comparing the Hybrid connection to a direct connection back to on-premises. In reality we would have a VPN or other appliance which might add some extra delay there too.
Scenario 2: database connections
Another very common use case is the need to fetch data from a on-premises database that could not be migrated to Azure at the same time as the application. Here we will make the App Service .NET API call the on-premises SQL Server using the relay connection and then directly. The query returns from the database around ~8kb of data per call. Like the HTTP tests, there will be three different scenarios:
- Single request: AppService queries the database once
- Sequentially: App Service queries the database 50 times in a row. When the previous query finishes, the next goes ahead and so on… until we reach 50 queries;
- Parallel: App Service queries the on-premises database 50 times at the same time. This is accomplished by making use of .NET tasks
|
Average response time per SQL query
|
Difference
|
Direct
|
Hybrid connection
|
Single query
|
13ms
|
13ms
|
0%
|
Sequential (50)
|
13ms
|
27ms
|
+107%
|
Parallel (50)
|
13ms
|
30ms
|
+130%
|
Conclusion for database tests
Compared to the HTTP tests, the database queries have less overhead because of the TCP nature of the connections. While the direct connection had no extra overhead even when querying 50 in parallel, the Hybrid counterpart added some but not significantly – again, looking from absolute numbers perspective and not purely in percentage.
Scenario 3: large file downloads
Now let’s benchmark something less usual: what about using the Hybrid connection to stream a 1GB file (a Linux ISO file) from on-premises REST API via HTTP? Here I’m expecting more overhead because the underlying websockets protocol that Azure Relay is using is not really meant for these cases. But anyway, here are the results:
REST API HTTP download speed
|
Difference
|
Direct
|
Hybrid connection
|
27 MB/s
|
20 MB/s
|
35%
|
Conclusion for file download test
I was expecting a much worse result, but the Hybrid connection surprised for the better here. I wouldn’t recommend this connection for streaming large files but this test shows that this is possible if it is really needed.
Overall conclusion
These benchmarks did not cover all the possibilities for a Hybrid connection but certainly give us an idea what to expect. Generally speaking, it is a solid alternative and I would recommend for scenarios where a VPN or ExpressRoute connection is not possible. The biggest advantage for sure is ease of use – setting up your own environment to run similar tests will take just a couple of hours top.
If you wish that I run additional benchmarks and scenarios, please let me know in the comments!
Recent Comments