All news with #infrastructure security tag

🚀 Google announces the Virgo Network, a megascale, flat two-layer fabric purpose-built for modern AI workloads that unifies accelerators across pods into a single compute domain. The design separates a high-bandwidth scale-up domain, an east-west RDMA scale-out accelerator fabric, and the Jupiter north-south network to deliver deterministic low latency and massive non-blocking bandwidth. Virgo uses high-radix switches and multi-planar control domains to reduce layers and isolate faults, while sub-millisecond telemetry and automated straggler detection aim to preserve cluster goodput. The fabric targets predictable performance and rapid recovery for large distributed training and serving.

🔗 Amazon Elastic Kubernetes Service (EKS) introduces the Amazon EKS Hybrid Nodes gateway to automate networking between an EKS cluster VPC and Kubernetes Pods running on EKS Hybrid Nodes. The gateway removes the need to make on‑premises pod networks routable and avoids extensive coordination with network teams by automatically maintaining VPC route tables as workloads scale. Deployed to Amazon EC2 instances via Helm, the gateway also enables control-plane-to-webhook, pod-to-pod, and AWS service connectivity (ALB, NLB, Amazon Managed Service for Prometheus). The codebase is open source and the feature is available in all Regions where EKS Hybrid Nodes is supported, excluding China Regions. AWS offers the gateway itself at no additional charge; customers pay for underlying EC2 and data transfer costs.

📺 This joint analysis from Google Cloud product leadership and industry analyst Dan Rayburn outlines evolving requirements for modern streaming delivery. It emphasizes that beyond raw capacity, platforms must deliver architectural flexibility, predictable pricing, and broadcast-grade operational visibility. The authors cite practical updates—flexible shielding in regions, origin compatibility fixes such as HEAD request support and larger 25MiB segments, multi-part range requests—and the move toward monthly savings plans to stabilize costs. They urge technical leaders to explore modern edge architectures and proactive monitoring to ensure reliable, cost-effective live streaming.

🚀Using Real User Measurements that capture browser‑side timing via a small background speed test, Cloudflare reports it became the fastest provider in 60% of the top 1,000 networks by December 2025, up from 40% in September. Rankings rely on the trimean of TCP connection time to smooth outliers and reflect real user experience. Improvements came from new points of presence (Wroclaw, Malang, Constantine) and software optimizations such as HTTP/3 support and tighter congestion handling, producing an average 6ms lead over the next provider in December.

🚀 Cloudflare upgraded Workflows with V2, a rearchitected control plane to meet machine-speed, agent-driven workloads. The update raises defaults to 50,000 concurrent instances, 300 instances/sec per account, and 2,000,000 queued instances per workflow, and introduces horizontally scalable components SousChef and Gatekeeper to distribute metadata and concurrency slots. The redesign preserves reliability via Engine-driven instance state, Durable Object alarms, and a staged, zero‑downtime migration that converted legacy Account Durable Objects into SousChefs.

🔎 Research by Silent Push finds that, despite US Treasury sanctions in 2025, Triad Nexus has expanded and refined a global fraud operation with average victim losses around $150,000. The group uses infrastructure laundering — compromised AWS, Cloudflare, Google and Microsoft accounts — to host high-performance scam platforms that closely mimic legitimate sites. It industrializes brand impersonation across banking, luxury retail and public services, enforces US IP blocks to reduce scrutiny, and has localized campaigns in Spanish, Vietnamese and Indonesian markets. Silent Push released a CNAME Chain Lookup tool to expose layered domain redirections and help defenders map the group's complex infrastructure.

🔌 AWS has announced general availability of AWS Interconnect - last mile, a fully managed offering that streamlines private, high-speed connections from branch offices, data centers, and remote sites to AWS in partnership with Lumen. Through the AWS Console customers can provision pre-provisioned capacity, automate BGP, VLAN and ASN configuration, and scale bandwidth from 1 Gbps to 100 Gbps while MACsec is enabled by default. The service is SLA-backed, designed for high availability, zero-downtime maintenance, and includes an open API for partner adoption.

🔁 This guide explains how to migrate on-premises application load balancer configurations to Google Cloud Application Load Balancer using a pragmatic, phased approach. It recommends a four-step plan: discovery and mapping, choosing cloud equivalents, test and validate, and a phased canary cutover. For common patterns use declarative features like URL maps and Cloud Armor; for bespoke logic use Service Extensions. The post emphasizes monitoring, rollback planning, and operator training.

🔒 Organizations often implement strong identity and access controls but miss enforcement at the traffic layer. During incidents these gaps—across ingress paths, load balancers, CDNs, and APIs—allow traffic to bypass identity checks. Common failures include weak TLS and cipher baselines, fragmented ingress, and half‑implemented mutual TLS. Effective programs treat traffic handling as the primary enforcement point through standardized ingress, request normalization, and consistent end-to-end telemetry.

🔧 Google Cloud outlines its strategy for building resilient GPU AI/ML infrastructure to support massive-scale training workloads. The post emphasizes measuring reliability beyond simple uptime with MTBI and Goodput, and describes four core principles — proactive prevention, continuous monitoring, transparency and control, and minimizing disruptions — to reduce interruptions and accelerate recovery. It frames infrastructure reliability as a commercial imperative when training at scale.

🌐 Amazon ElastiCache Serverless now supports IPv6 and dual-stack connectivity, expanding beyond previous IPv4-only access. When creating a Serverless cache, you can choose IPv4, IPv6, or dual stack so a cache can accept connections over both protocols simultaneously. IPv6 support also enables deployment into IPv6-only subnets. The capability is available in all AWS Regions, including AWS GovCloud (US) and China Regions, at no additional charge.

⚙️ AWS Deadline Cloud now offers configurable job scheduling modes that let administrators control how workers are distributed across queued jobs. You can choose from three modes when creating or updating a queue: priority FIFO (the existing default), priority balanced, and weighted balanced. The balanced options help artists get immediate feedback by distributing capacity across concurrent jobs rather than allocating all workers to the earliest, highest-priority job. This change is available in all Regions that support Deadline Cloud.

⚡Amazon Lightsail now offers compute-optimized instance bundles with up to 72 vCPUs across seven sizes and supports both IPv6-only and dual-stack networking. These bundles are compatible with all Lightsail blueprints, including popular OS and application stacks such as WordPress, cPanel & WHM, Plesk, Drupal, Magento, MEAN, LAMP, Node.js, Ruby on Rails, Amazon Linux, Ubuntu, CentOS, Debian, AlmaLinux, and Windows. The instances provide consistent, dedicated CPU performance for CPU-intensive workloads—examples include batch processing, distributed analytics, high-performance web serving, scientific modeling, dedicated gaming servers, ad serving engines, video encoding, and CPU-bound ML inference—and are available in 15 AWS Regions.

🔒 AWS expanded AWS Direct Connect to provide 100 Gbps dedicated connections at the Datacom Orbit DH6 colocation near Auckland, New Zealand. Customers can now establish private, direct access to all public AWS Regions (excluding China), AWS GovCloud Regions, and AWS Local Zones from this location. This site is the second in New Zealand to offer 100 Gbps with MACsec encryption, improving throughput and secure hybrid connectivity.

🛡️ This guide summarizes GTIG and Mandiant research on threats targeting the vCenter Server Appliance and ESXi hypervisors, where attackers establish persistence beneath guest OS defenses. It prescribes an infrastructure-centric defense across four phases—benchmarking and base controls, identity management, vSphere network hardening, and logging/forensic visibility—emphasizing Photon OS hardening, mandatory remote telemetry, and strict network segmentation to force detectable friction.

🤖 Cloudflare describes how increasing AI crawler traffic—used by retrieval-augmented generation, real-time summarization, and large-scale dataset collection—fundamentally alters CDN cache dynamics. AI agents request high volumes of unique, long‑tail URLs, often in parallel and without shared sessions, producing low reuse and high cache churn that raises misses and origin load. Cloudflare proposes AI-aware caching, traffic filtering, and a dedicated AI cache tier to preserve low-latency human-facing performance while serving diverse AI workloads.

🔧 AWS Direct Connect now supports AWS CloudFormation, enabling infrastructure-as-code provisioning of Direct Connect resources. You can define your entire Direct Connect topology in CloudFormation templates and automate creation and management of connections, virtual interfaces, Direct Connect gateways, LAGs, and BGP peering. This capability is available in all AWS Regions and supports repeatable, version-controlled deployments with drift detection.

🚀 Amazon CloudFront now supports bringing your own IPv6 addresses (BYOIP) for Anycast Static IPs using VPC IP Address Manager (IPAM). Administrators can create unified IPAM pools for IPv4 (/24) and IPv6 (/48) and assign dual‑stack Anycast Static IP lists, preserving existing allow‑lists and branding when migrating to CloudFront. The feature is available in most commercial AWS Regions with a few regional exceptions.

🔒 AWS updated its Storage Gateway Terraform modules to deploy gateways on Amazon Linux 2023, improving security, reliability, and IaC consistency. The modules support all gateway types—Amazon S3 File Gateway, Tape Gateway, and Volume Gateway—in both Amazon EC2 and VMware environments. EC2 deployments now enforce IMDSv2 by default to mitigate credential theft and SSRF, and support optional Elastic IP association and simplified Active Directory integration. The update also prevents unexpected gateway replacements during routine Terraform operations.

🔒 AI-driven demand is reshaping data center security and requires a programmatic, repeatable approach to scale without sacrificing quality. Providers must turn projects into standardized programs, reuse templates and BIM/digital-twin assets, and automate design and QA to sustain precision at hyperscale. Strategic partners should engage early, operate as collaborative owners, and help translate evolving regulatory, identity/access, drone and device risks into repeatable controls.