SlideShare a Scribd company logo
1 of 50
Download to read offline
Secure Cloud Networking
Beyond Cloud Boundaries
Agenda
●Introduction
●What is Aviatrix Secure Cloud Networking?
●Embedding Security Into Your Cloud
Network
●Business Value Overview
●Aviatrix CoPilot Demo
●Deep Dive and Open Q&A
3
3
Iconic Enterprise Brands Choose Aviatrix for Cloud
Networking
64 Global Fortune 500
4
Gartner Recommends Aviatrix
4
“Organizations looking for advanced networking functionality missing from native
public cloud providers and/or those that desire a consistent networking console
across multiple public cloud providers, should shortlist Aviatrix”
5
5
Private Interconnect
6
6
Aviatrix
Controller
Private Interconnect
Programmatically Leverages and Controls Native Constructs
1
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Available in Cloud Marketplaces
7
7
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Private Interconnect
Adds Advanced Networking and Security on Top In Each Cloud
2
8
8
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Consistent Networking
9
9
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Consistent Visibility and Troubleshooting
10
10
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Consistent Security
11
11
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Consistent Automation
12
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
CLOUD 2 CLOUD 3 CLOUD 4
Other “Multi-Cloud” Solutions
12
13
13
Security Embedded Into Your Cloud Network
14
14
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Threat Database
“Malicious IPs” “All Seeing” Data Plane
ThreatIQ with ThreatGuard
CLOUD 2 CLOUD 3 CLOUD 4
15
15
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Threat Database
“Malicious IPs”
Critical Threat
Discovery and
Notification
ThreatIQ with ThreatGuard
16
16
17
17
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Threat Database
“Malicious IPs”
Critical Threat
Automatic
Remediation
ThreatIQ with ThreatGuard
18
Network Behavior Analytics – Built Into Your Cloud
Network
18
Secure
Cloud
Networking
Next Gen
Firewalls
Malicious
IPs
Known Threat
Signatures
Network
Behavior
Analytics
Distributed
Inspection
Distributed
Control
New Capability of Aviatrix ThreatIQ™
- Fingerprints workload and traffic characteristics to form
baseline
- Custom for every environment
- Identifies and alerts on abnormal network behavior
- Not dependent on signatures or known threat database
- Continuous baselining, ”learns” and improves over time
Baseline
(Normal) Current
Behavior
Anomaly detected; Alert Sent
Example Behavior Analysis: Actionable Intelligence that may be
an indicator of Data Exfiltration, Lateral Movement, New
Ports/Protocols, DDoS attacks, Port scan detection, or unencrypted
traffic flows
19
Aviatrix Business Value Across Multiple Teams
Increase Revenue Growth with Business Innovation
• Drive higher revenue and margins from existing
customers
• Expand into new markets and quickly onboard new
customers
• Faster product time-to-market and revenue
• Accelerate acquisition integrations
Increase Control, Visibility, and Resource Efficiency
• Faster monitoring and troubleshooting, lower MTTR
• Automated provisioning using Terraform and APIs
• Higher efficiency in network engineering and
security teams
Bridge the Skills Gap
• Reduce recruiting and training expenses
• Reallocate high-value resources to more strategic
functions
• Reduce operational costs by retiring legacy tech
debt
Reduce Business Risk
• Identify and Remediate know threats automatically
• End-to-End and high-performance encryption
• Multi-cloud network segmentation
Aviatrix CoPilot Demo
Mark Cunningham
20
21
21
22
22
23
23
24
24
Datacenter Networking
Where we came from
25
Back in Time
Overlay the Datacenter
Security in the Network
Why did you do this to me?
The pain of the traditional Network Engineer.
29
Trying to Network in the Cloud
A VPC is a VPC until it isn’t.
AWS Azure Google Cloud Platform
Scope Regional Regional Global; subnets are regional
Address Space Defined at VPC level; subnets
must be within.
Defined at VNET level; subnets
must be within.
Not defined at VPC level; subnets
can use any CIDR.
Static Routing Route Tables per subnet; can
override subnet routes.
Route Tables per Subnet; can
provide per VM
microsegmentation.
Global Route table; granularity
supplied by network tags; subnet
routes cannot be overridden.
BGP support On VPN and DirectConnect only Route Server, VPN,
ExpressRoute
NCC, VPN, Cloud Interconnect
Network level
security
NACLs and Security groups Network Security Groups Global Firewall rules; granularity
supplied by network tags.
Layer 7 Firewall AWS Network Firewall Azure Network Firewall None
Private external
connectivity
VPN and DirectConnect on VGW
and TGW
VPN and ExpressRoute on
respective gateway types.
VPN Gateway or VLAN attachments
Native Transit
options
TGW vWAN None
Visibility VPC Flow Logs NSG Flow Logs VPC Flow Logs
AWS
Network Architecture
32
Azure
AWS
Firewall Insertion Architecture
33
Azure
Google
IPSec Performance Limitations
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
Traditional Tunnel
Encryption/
Decryption
Encryption/
Decryption
UDP/ESP
~ 1.25 Gbps
Azure
VPN GW
3rd party router
firewall
• Software based IPSec VPN
solutions have limits, max
performance of 1.25 Gbps with
VGW
• Packet flows can only utilize
single core, despite of
availability of multiple cores
A Cloud Provider network
Cloud Provider visibility
● The VPC and NSG flow logs are some variation of JSON.
● Any kind of visualization requires a significant amount of configuration and cost to stay
with the same vendor.
● Google requires configuration of a Cloud Logging sink to BigQuery, then visualization by something like
Data Studio.
● Azure can forward logs to Log Analytics.
● Alternatively, logs can be processed by a tool such as Splunk or other SEIM. These have
the same problems as the native solutions.
● AWS’s TGW and Azure’s vWAN do not have significant logging either. If something is
wrong, you may be staring at configurations instead of data.
Example record
37
{
"insertId": "12ut1l1fg1wbd6",
"jsonPayload": {
"packets_sent": "8",
"end_time": "2022-01-12T00:57:34.838547102Z",
"src_gke_details": {
"cluster": {
"cluster_name": "gke-istio",
"cluster_location": "us-central1"
}
},
"bytes_sent": "1410",
"src_instance": {
"zone": "us-central1-c",
"vm_name": "gke-gke-istio-default-pool-4405d9b3-
22bq",
"project_id": “x",
"region": "us-central1"
},
"rtt_msec": "0",
"src_vpc": {
"vpc_name": "gke-workload-1",
"project_id": “x",
"subnetwork_name": "gke-istio-1"
},
"reporter": "SRC",
"connection": {
"protocol": 6,
"src_port": 55284,
"dest_ip": "34.123.239.193",
"src_ip": "10.201.0.56",
"dest_port": 443
},
"start_time": "2022-01-12T00:57:34.829503833Z",
"dest_location": {
"asn": 15169,
"continent": "America",
"country": "usa"
}
},
"resource": {
"type": "gce_subnetwork",
"labels": {
"subnetwork_name": "gke-istio-1",
"subnetwork_id": "5399475313982064650",
"project_id": "lexical-period-304315",
"location": "us-central1-c"
}
},
"timestamp": "2022-01-12T00:57:41.274322590Z",
"logName":
"projects/x/logs/compute.googleapis.com%2Fvpc_flows",
"receiveTimestamp": "2022-01-12T00:57:41.274322590Z"
}
Secure Cloud Networking 101
Flatten the Learning Curve.
38
39
Aviatrix Cloud Network Platform Software
39
Aviatrix
Controller
HUB & SPOKE
Aviatrix Gateways
API
Cloud Networking Abstraction
Single Multi-Cloud Provider
Not a SaaS or
Managed Service.
It’s Yours. Aviatrix
CoPilot
1
2
4
3
Native Cloud
Constructs
API
Advanced
Networking
and Security
Service Insertion
and Chaining
40
Single or Multi-Cloud Networking and Security
40
Aviatrix
Controller
VPC VPC VCN VCN
Region 1
Region 2
VPC VPC
VNET VNET
VPC VPC
1. Single Cloud
Multi-Account
High-Availability (Active-Active)
End-to-End Encryption
Network Correctness
2. Multi-Region
3. Multi-Cloud Repeatable Design 6. Service Insertion & Chaining
4. High-Performance Encryption
1 2 3
6
4
Single Multi-Cloud
Provider
5. Single / Multi-Cloud Network Segmentation
5
VPC VPC
10. Cloud-Native
8. Secure Cloud Access
8
10
INTERNET
9
7. Enterprise Operational Visibility
7
9. Secure Ingress and Egress
Aviatrix
CoPilot
Private Interconnect
• Aviatrix builds multiple tunnels between Aviatrix devices
• Utilizes all available CPU cores
• IPSec encryption performance can be from 10Gbps to 90Gbps
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
Encryption/
Decryption
Encryption/
Decryption
High Performance
N x Tunnels
UDP/ESP
High Performance Encryption
Up to 90 Gbps
Aviatrix
Transit or
Spoke GW
Aviatrix
Transit GW
Aviatrix
Transit or
Spoke GW
Aviatrix
CloudN
Appliance
Aviatrix High Performance Encryption (HPE)
Security Domains/Segmentation
OR-Transit
10.160.0.0/16
65013
OR-Spoke-1
AZSC-Transit
172.16.10.0/16
65020
DATA CENTER
10.200.0.0/16
65050
10.150.89.134
OR-Spoke-3
10.152.24.64
OR-SS
10.154.90.201
AZSC-Spoke-1
172.16.6.20 172.16.7.20
AZSC-Spoke-2
Partner-1
10.201.0.0/16
Partner-2
10.202.0.0/16
42
Production Production Development
On prem
Partner
Partner
Full Netflow Visibility with Geolocation
43
Aviatrix ThreatIQ
44
Aviatrix ThreatGuard
45
Designs and
Reference Architectures
Aviatrix and Google Cloud Platform
● Visibility at each Aviatrix
Gateway hop provided by
CoPilot.
● Customer has E-W
Inspection provided by
Firenet.
● Branch connectivity is
provided by an SDWAN
appliance.
● Connectivity to the
datacenter/colo is provided
by a Hosted Cloud
Interconnect circuit.
Full GCP Design with
SDWAN and Interconnect
47
A customer with two Clouds
can easily connect the two
clouds with High Performance
Encryption.
In the event of DirectConnect
or Cloud Interconnect failure,
traffic can seamlessly flow via
the functional circuit.
AWS and GCP Dual
Cloud Environment
GKE Native Ingress using the
HTTPS or TCP Load Balancer
options use the GKE Nodes as
the Endpoints. This means
that requests will enter the
Cluster directly, bypassing
firewalls.
Using Aviatrix with a reverse
proxy enables use of Google
Cloud Armor and NGFW
inspection.
Google Kubernetes Engine
Ingress with NGFW Inspection
● Customer has a free-for-all in
Azure. Business units spin up
cloud resources without
thought to coordination or
security.
● Corporate IT is reigning it in.
● Requires private
connectivity from Azure to
GCP.
● Requires overlapping IP
support during the
migration period.
Overlapping IP
Migration in Azure
50

More Related Content

What's hot

05 Azure overview Using cloud principles v.2.0
05 Azure overview Using cloud principles v.2.005 Azure overview Using cloud principles v.2.0
05 Azure overview Using cloud principles v.2.0Herman Keijzer
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland  - Running your Enterprise Windows Workload on AWSAWS Summit Auckland  - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAmazon Web Services
 
Citrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public CloudCitrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public CloudMarius Sandbu
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure NetworkingKarim Vaes
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Riyadh User Group
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud SecurityTudor Damian
 
Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiGirish Kalamati
 
Introducing rubrik a new approach to data protection
Introducing rubrik   a new approach to data protectionIntroducing rubrik   a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMitchell Pronschinske
 
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysMitchell Pronschinske
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Citrix on Azure
Citrix on AzureCitrix on Azure
Citrix on AzureMustafa
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 

What's hot (20)

05 Azure overview Using cloud principles v.2.0
05 Azure overview Using cloud principles v.2.005 Azure overview Using cloud principles v.2.0
05 Azure overview Using cloud principles v.2.0
 
Integrating Terraform and Consul
Integrating Terraform and ConsulIntegrating Terraform and Consul
Integrating Terraform and Consul
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland  - Running your Enterprise Windows Workload on AWSAWS Summit Auckland  - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
 
Citrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public CloudCitrix Cloud XL - Running Ctirix in Public Cloud
Citrix Cloud XL - Running Ctirix in Public Cloud
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure Networking
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage Overview
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish Kalamati
 
Introducing rubrik a new approach to data protection
Introducing rubrik   a new approach to data protectionIntroducing rubrik   a new approach to data protection
Introducing rubrik a new approach to data protection
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 
Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul Connect
 
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
 
Azure vnet
Azure vnetAzure vnet
Azure vnet
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
 
Citrix on Azure
Citrix on AzureCitrix on Azure
Citrix on Azure
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 

Similar to GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries

NUVX Technologies general solutions
NUVX Technologies general solutionsNUVX Technologies general solutions
NUVX Technologies general solutionsNUVX
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 VMwareJenn
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
BRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdfBRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdfMenakaDevi14
 
Scalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScott Sneddon
 
DevFest | Presentation | Final - Imran Roshan
DevFest | Presentation | Final - Imran RoshanDevFest | Presentation | Final - Imran Roshan
DevFest | Presentation | Final - Imran RoshanImranRoshan5
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
Accelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to CloudAccelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to CloudRebekah Rodriguez
 
Secure SDN
Secure SDNSecure SDN
Secure SDNAPNIC
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
Why sdn
Why sdnWhy sdn
Why sdnlz1dsb
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPEMichelle Holley
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018
Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018
Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018Chaitali Sengupta
 

Similar to GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries (20)

NUVX Technologies general solutions
NUVX Technologies general solutionsNUVX Technologies general solutions
NUVX Technologies general solutions
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined Networking
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
BRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdfBRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdf
 
Scalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage Networks
 
DevFest | Presentation | Final - Imran Roshan
DevFest | Presentation | Final - Imran RoshanDevFest | Presentation | Final - Imran Roshan
DevFest | Presentation | Final - Imran Roshan
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
Accelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to CloudAccelerating Innovation from Edge to Cloud
Accelerating Innovation from Edge to Cloud
 
Secure SDN
Secure SDNSecure SDN
Secure SDN
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
Why sdn
Why sdnWhy sdn
Why sdn
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018
Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018
Qualcomm Centriq Arm-based Servers for Edge Computing at ONS 2018
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 

More from James Anderson

GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...James Anderson
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...James Anderson
 
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesGDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesJames Anderson
 
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...James Anderson
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfJames Anderson
 
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfGraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfJames Anderson
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
 GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...James Anderson
 
A3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfA3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfJames Anderson
 
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...James Anderson
 
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsGDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsJames Anderson
 
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...James Anderson
 
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...James Anderson
 
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...James Anderson
 
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...James Anderson
 
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...James Anderson
 
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneGDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneJames Anderson
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...James Anderson
 
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...James Anderson
 
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...James Anderson
 
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8  Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...GDG Cloud Southlake #8  Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...James Anderson
 

More from James Anderson (20)

GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
 
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesGDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
 
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdf
 
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfGraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
 GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
 
A3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfA3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdf
 
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
 
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsGDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
 
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
 
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
 
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
 
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
 
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
 
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneGDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
 
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
 
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
 
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8  Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...GDG Cloud Southlake #8  Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
 

Recently uploaded

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Recently uploaded (20)

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries

  • 2. Agenda ●Introduction ●What is Aviatrix Secure Cloud Networking? ●Embedding Security Into Your Cloud Network ●Business Value Overview ●Aviatrix CoPilot Demo ●Deep Dive and Open Q&A
  • 3. 3 3 Iconic Enterprise Brands Choose Aviatrix for Cloud Networking 64 Global Fortune 500
  • 4. 4 Gartner Recommends Aviatrix 4 “Organizations looking for advanced networking functionality missing from native public cloud providers and/or those that desire a consistent networking console across multiple public cloud providers, should shortlist Aviatrix”
  • 6. 6 6 Aviatrix Controller Private Interconnect Programmatically Leverages and Controls Native Constructs 1 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Available in Cloud Marketplaces
  • 7. 7 7 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Private Interconnect Adds Advanced Networking and Security on Top In Each Cloud 2
  • 8. 8 8 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Consistent Networking
  • 9. 9 9 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Consistent Visibility and Troubleshooting
  • 10. 10 10 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Consistent Security
  • 11. 11 11 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Consistent Automation
  • 12. 12 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller CLOUD 2 CLOUD 3 CLOUD 4 Other “Multi-Cloud” Solutions 12
  • 13. 13 13 Security Embedded Into Your Cloud Network
  • 14. 14 14 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Threat Database “Malicious IPs” “All Seeing” Data Plane ThreatIQ with ThreatGuard CLOUD 2 CLOUD 3 CLOUD 4
  • 15. 15 15 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Threat Database “Malicious IPs” Critical Threat Discovery and Notification ThreatIQ with ThreatGuard
  • 16. 16 16
  • 17. 17 17 VPC VPC VCN VCN VPC VPC VNET VNET VPC VPC Region 1 Region 2 Private Interconnect Aviatrix Controller Threat Database “Malicious IPs” Critical Threat Automatic Remediation ThreatIQ with ThreatGuard
  • 18. 18 Network Behavior Analytics – Built Into Your Cloud Network 18 Secure Cloud Networking Next Gen Firewalls Malicious IPs Known Threat Signatures Network Behavior Analytics Distributed Inspection Distributed Control New Capability of Aviatrix ThreatIQ™ - Fingerprints workload and traffic characteristics to form baseline - Custom for every environment - Identifies and alerts on abnormal network behavior - Not dependent on signatures or known threat database - Continuous baselining, ”learns” and improves over time Baseline (Normal) Current Behavior Anomaly detected; Alert Sent Example Behavior Analysis: Actionable Intelligence that may be an indicator of Data Exfiltration, Lateral Movement, New Ports/Protocols, DDoS attacks, Port scan detection, or unencrypted traffic flows
  • 19. 19 Aviatrix Business Value Across Multiple Teams Increase Revenue Growth with Business Innovation • Drive higher revenue and margins from existing customers • Expand into new markets and quickly onboard new customers • Faster product time-to-market and revenue • Accelerate acquisition integrations Increase Control, Visibility, and Resource Efficiency • Faster monitoring and troubleshooting, lower MTTR • Automated provisioning using Terraform and APIs • Higher efficiency in network engineering and security teams Bridge the Skills Gap • Reduce recruiting and training expenses • Reallocate high-value resources to more strategic functions • Reduce operational costs by retiring legacy tech debt Reduce Business Risk • Identify and Remediate know threats automatically • End-to-End and high-performance encryption • Multi-cloud network segmentation
  • 20. Aviatrix CoPilot Demo Mark Cunningham 20
  • 21. 21 21
  • 22. 22 22
  • 23. 23 23
  • 24. 24 24
  • 28. Security in the Network
  • 29. Why did you do this to me? The pain of the traditional Network Engineer. 29
  • 30. Trying to Network in the Cloud
  • 31. A VPC is a VPC until it isn’t. AWS Azure Google Cloud Platform Scope Regional Regional Global; subnets are regional Address Space Defined at VPC level; subnets must be within. Defined at VNET level; subnets must be within. Not defined at VPC level; subnets can use any CIDR. Static Routing Route Tables per subnet; can override subnet routes. Route Tables per Subnet; can provide per VM microsegmentation. Global Route table; granularity supplied by network tags; subnet routes cannot be overridden. BGP support On VPN and DirectConnect only Route Server, VPN, ExpressRoute NCC, VPN, Cloud Interconnect Network level security NACLs and Security groups Network Security Groups Global Firewall rules; granularity supplied by network tags. Layer 7 Firewall AWS Network Firewall Azure Network Firewall None Private external connectivity VPN and DirectConnect on VGW and TGW VPN and ExpressRoute on respective gateway types. VPN Gateway or VLAN attachments Native Transit options TGW vWAN None Visibility VPC Flow Logs NSG Flow Logs VPC Flow Logs
  • 34. IPSec Performance Limitations vCPU vCPU vCPU vCPU vCPU vCPU vCPU vCPU Traditional Tunnel Encryption/ Decryption Encryption/ Decryption UDP/ESP ~ 1.25 Gbps Azure VPN GW 3rd party router firewall • Software based IPSec VPN solutions have limits, max performance of 1.25 Gbps with VGW • Packet flows can only utilize single core, despite of availability of multiple cores
  • 35. A Cloud Provider network
  • 36. Cloud Provider visibility ● The VPC and NSG flow logs are some variation of JSON. ● Any kind of visualization requires a significant amount of configuration and cost to stay with the same vendor. ● Google requires configuration of a Cloud Logging sink to BigQuery, then visualization by something like Data Studio. ● Azure can forward logs to Log Analytics. ● Alternatively, logs can be processed by a tool such as Splunk or other SEIM. These have the same problems as the native solutions. ● AWS’s TGW and Azure’s vWAN do not have significant logging either. If something is wrong, you may be staring at configurations instead of data.
  • 37. Example record 37 { "insertId": "12ut1l1fg1wbd6", "jsonPayload": { "packets_sent": "8", "end_time": "2022-01-12T00:57:34.838547102Z", "src_gke_details": { "cluster": { "cluster_name": "gke-istio", "cluster_location": "us-central1" } }, "bytes_sent": "1410", "src_instance": { "zone": "us-central1-c", "vm_name": "gke-gke-istio-default-pool-4405d9b3- 22bq", "project_id": “x", "region": "us-central1" }, "rtt_msec": "0", "src_vpc": { "vpc_name": "gke-workload-1", "project_id": “x", "subnetwork_name": "gke-istio-1" }, "reporter": "SRC", "connection": { "protocol": 6, "src_port": 55284, "dest_ip": "34.123.239.193", "src_ip": "10.201.0.56", "dest_port": 443 }, "start_time": "2022-01-12T00:57:34.829503833Z", "dest_location": { "asn": 15169, "continent": "America", "country": "usa" } }, "resource": { "type": "gce_subnetwork", "labels": { "subnetwork_name": "gke-istio-1", "subnetwork_id": "5399475313982064650", "project_id": "lexical-period-304315", "location": "us-central1-c" } }, "timestamp": "2022-01-12T00:57:41.274322590Z", "logName": "projects/x/logs/compute.googleapis.com%2Fvpc_flows", "receiveTimestamp": "2022-01-12T00:57:41.274322590Z" }
  • 38. Secure Cloud Networking 101 Flatten the Learning Curve. 38
  • 39. 39 Aviatrix Cloud Network Platform Software 39 Aviatrix Controller HUB & SPOKE Aviatrix Gateways API Cloud Networking Abstraction Single Multi-Cloud Provider Not a SaaS or Managed Service. It’s Yours. Aviatrix CoPilot 1 2 4 3 Native Cloud Constructs API Advanced Networking and Security Service Insertion and Chaining
  • 40. 40 Single or Multi-Cloud Networking and Security 40 Aviatrix Controller VPC VPC VCN VCN Region 1 Region 2 VPC VPC VNET VNET VPC VPC 1. Single Cloud Multi-Account High-Availability (Active-Active) End-to-End Encryption Network Correctness 2. Multi-Region 3. Multi-Cloud Repeatable Design 6. Service Insertion & Chaining 4. High-Performance Encryption 1 2 3 6 4 Single Multi-Cloud Provider 5. Single / Multi-Cloud Network Segmentation 5 VPC VPC 10. Cloud-Native 8. Secure Cloud Access 8 10 INTERNET 9 7. Enterprise Operational Visibility 7 9. Secure Ingress and Egress Aviatrix CoPilot Private Interconnect
  • 41. • Aviatrix builds multiple tunnels between Aviatrix devices • Utilizes all available CPU cores • IPSec encryption performance can be from 10Gbps to 90Gbps vCPU vCPU vCPU vCPU vCPU vCPU vCPU vCPU Encryption/ Decryption Encryption/ Decryption High Performance N x Tunnels UDP/ESP High Performance Encryption Up to 90 Gbps Aviatrix Transit or Spoke GW Aviatrix Transit GW Aviatrix Transit or Spoke GW Aviatrix CloudN Appliance Aviatrix High Performance Encryption (HPE)
  • 43. Full Netflow Visibility with Geolocation 43
  • 46. Designs and Reference Architectures Aviatrix and Google Cloud Platform
  • 47. ● Visibility at each Aviatrix Gateway hop provided by CoPilot. ● Customer has E-W Inspection provided by Firenet. ● Branch connectivity is provided by an SDWAN appliance. ● Connectivity to the datacenter/colo is provided by a Hosted Cloud Interconnect circuit. Full GCP Design with SDWAN and Interconnect 47
  • 48. A customer with two Clouds can easily connect the two clouds with High Performance Encryption. In the event of DirectConnect or Cloud Interconnect failure, traffic can seamlessly flow via the functional circuit. AWS and GCP Dual Cloud Environment
  • 49. GKE Native Ingress using the HTTPS or TCP Load Balancer options use the GKE Nodes as the Endpoints. This means that requests will enter the Cluster directly, bypassing firewalls. Using Aviatrix with a reverse proxy enables use of Google Cloud Armor and NGFW inspection. Google Kubernetes Engine Ingress with NGFW Inspection
  • 50. ● Customer has a free-for-all in Azure. Business units spin up cloud resources without thought to coordination or security. ● Corporate IT is reigning it in. ● Requires private connectivity from Azure to GCP. ● Requires overlapping IP support during the migration period. Overlapping IP Migration in Azure 50