This is a joint webinar hosted by AWS and Valtix discussing AWS Transit Gateway and advanced network security use cases with Valtix cloud-native network security service. Contents are subject to AWS and Valtix copyright and intellectual property protection.
In this session, we discuss the need for AWS Transit Gateway, dive into common use cases, and discuss reference architectures. The session will prepare you with the fundamentals to understand AWS Transit Gateway operations and create advanced architectures. Learn how AWS Transit Gateway interacts with other services, like Amazon Route 53 Resolver and AWS PrivateLink, to provide enterprise scale service in large operating environments.
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. In this session, we will work through the process and features involved to build an advanced hybrid and connected architecture exploring the new capabilities including VPC Shared Subnets, AWS Transit Gateway, Route 53 Resolver and AWS Global Accelerator. We dive into how they work and how you might use them.
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
In this session, we discuss the need for AWS Transit Gateway, dive into common use cases, and discuss reference architectures. The session will prepare you with the fundamentals to understand AWS Transit Gateway operations and create advanced architectures. Learn how AWS Transit Gateway interacts with other services, like Amazon Route 53 Resolver and AWS PrivateLink, to provide enterprise scale service in large operating environments.
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. In this session, we will work through the process and features involved to build an advanced hybrid and connected architecture exploring the new capabilities including VPC Shared Subnets, AWS Transit Gateway, Route 53 Resolver and AWS Global Accelerator. We dive into how they work and how you might use them.
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
Introduction to AWS products, services, and common solutions. Overview of fundamentals to become more proficient in identifying AWS services to help make informed decisions about IT solutions based on business requirements. Helps you get started working on AWS.
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Presented by: Alessandro Esposito, Cloudfront Account Manager, Amazon Web Services
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Amazon Web Services
Companies are moving existing on-premises applications to the cloud as fast as possible to become more agile and lower costs. However, certain workloads must remain on-premises due to low latency or local data-processing requirements. AWS Outposts brings fully managed, native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. In this tech talk, we provide an introduction to AWS Outposts and how it works, as well as present customer use cases. We also explore ways to use AWS-cloud native APIs to support workloads that must remain on-premises for a truly consistent hybrid experience.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Amazon Web Services
Learning Objectives:
- Learn how to secure your web applications
- Learn how to configure AWS Shield and AWS WAF
- Learn how to defend the most common Layer 7 attacks
Distributed denial of service (DDoS) and other web attacks can affect your application’s availability, compromise its security, and consume excessive resources. AWS Shield and AWS Web Application Firewall (WAF) help secure your applications from these types of attacks. AWS Shield is a managed DDoS protection service that offers always-on detection and automatic inline mitigation to minimize application downtime and latency. AWS WAF is a web application firewall that helps protect your applications from common web exploits such as SQLi, XSS, and botnets. This introductory tech talk will provide you an overview and demonstration of these services.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
Containers are a lightweight and very fast alternative to virtual machines. But keeping track of and coordinating a vast array of individual containers is no small feat and requires orchestration for all of the components to act as one. Amazon Elastic Container Service for Kubernetes (Amazon EKS) is the tool to handle this task. In this session, learn about this service’s latest new features.
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
In this session, we will review the new AWS Transit Gateway and new networking features. We compare AWS Transit Gateway and Transit VPCs and discuss how to architect your accounts and VPCs. This session will be helpful if the developers have been let loose, and you are planning lots of VPCs or accounts. How should you connect them; what limits do you need to be aware of; and how does routing work with many VPCs? We dive into the details of recent launches and how to work with concepts like Transit VPCs, account strategies, scaling services, using firewalls, and direct connect gateways to solve problems of many VPCs.
In this session, we will review the new AWS Transit Gateway and new networking features. We compare AWS Transit Gateway and Transit VPCs and discuss how to architect your accounts and VPCs. This session will be helpful if the developers have been let loose, and you are planning lots of VPCs or accounts. How should you connect them; what limits do you need to be aware of; and how does routing work with many VPCs? We dive into the details of recent launches and how to work with concepts like Transit VPCs, account strategies, scaling services, using firewalls, and direct connect gateways to solve problems of many VPCs.
"
Introduction to AWS products, services, and common solutions. Overview of fundamentals to become more proficient in identifying AWS services to help make informed decisions about IT solutions based on business requirements. Helps you get started working on AWS.
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Presented by: Alessandro Esposito, Cloudfront Account Manager, Amazon Web Services
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Amazon Web Services
Companies are moving existing on-premises applications to the cloud as fast as possible to become more agile and lower costs. However, certain workloads must remain on-premises due to low latency or local data-processing requirements. AWS Outposts brings fully managed, native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. In this tech talk, we provide an introduction to AWS Outposts and how it works, as well as present customer use cases. We also explore ways to use AWS-cloud native APIs to support workloads that must remain on-premises for a truly consistent hybrid experience.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Amazon Web Services
Learning Objectives:
- Learn how to secure your web applications
- Learn how to configure AWS Shield and AWS WAF
- Learn how to defend the most common Layer 7 attacks
Distributed denial of service (DDoS) and other web attacks can affect your application’s availability, compromise its security, and consume excessive resources. AWS Shield and AWS Web Application Firewall (WAF) help secure your applications from these types of attacks. AWS Shield is a managed DDoS protection service that offers always-on detection and automatic inline mitigation to minimize application downtime and latency. AWS WAF is a web application firewall that helps protect your applications from common web exploits such as SQLi, XSS, and botnets. This introductory tech talk will provide you an overview and demonstration of these services.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
Containers are a lightweight and very fast alternative to virtual machines. But keeping track of and coordinating a vast array of individual containers is no small feat and requires orchestration for all of the components to act as one. Amazon Elastic Container Service for Kubernetes (Amazon EKS) is the tool to handle this task. In this session, learn about this service’s latest new features.
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
In this session, we will review the new AWS Transit Gateway and new networking features. We compare AWS Transit Gateway and Transit VPCs and discuss how to architect your accounts and VPCs. This session will be helpful if the developers have been let loose, and you are planning lots of VPCs or accounts. How should you connect them; what limits do you need to be aware of; and how does routing work with many VPCs? We dive into the details of recent launches and how to work with concepts like Transit VPCs, account strategies, scaling services, using firewalls, and direct connect gateways to solve problems of many VPCs.
In this session, we will review the new AWS Transit Gateway and new networking features. We compare AWS Transit Gateway and Transit VPCs and discuss how to architect your accounts and VPCs. This session will be helpful if the developers have been let loose, and you are planning lots of VPCs or accounts. How should you connect them; what limits do you need to be aware of; and how does routing work with many VPCs? We dive into the details of recent launches and how to work with concepts like Transit VPCs, account strategies, scaling services, using firewalls, and direct connect gateways to solve problems of many VPCs.
"
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Amazon Web Services
In this session, we show you how to design connectivity between many VPCs and how new services interact with network architectures. We review common design patterns such as shared services VPCs, transit VPCs, private link, firewalls, and more. We also cover solutions to common challenges, such as VPN sprawl, keeping up with VPC automation, sharing services, and network segmentation at scale for hundreds of VPCs. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitAmazon Web Services
Networking is the foundation of your resources and applications on AWS. How you organize and connect your resources on the cloud are the most important things to consider when architecting your AWS cloud. In this session, we discuss planning for your advanced AWS networking architectures.
Speaker: Bradley Acar, AWS
Level: 300
In the journey of cloud adoption, Hybrid architectures are commonplace and are often seen as a very important milestone in business enablement. AWS offers customers many options to facilitate connectivity of their Amazon Virtual Private Cloud environments back to their existing on-premises networks.In this session, we will show you how to choose the best option for your business and how each of these options scale. We’ll also show you how you can use a CI/CD pipeline to automate deployment of AWS Accounts and VPCs and connect them to your existing network, on-the-fly, with all your guard rails in-place.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of Amazon VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Speakers:
Steve Seymour, AWS Solutions Architect
Eamonn O'Neill, Director, Lemongrass Consulting
Jackie Wong, Head of Networks, Financial Times
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitAmazon Web Services
Amazon VPC es un servicio que te ayuda a tener control total sobre tus recursos de red en AWS. Con este control ¿te has preguntado cómo es que las nuevas capacidades liberadas afectan la forma en la que diseñaste tu arquitectura de red o cómo cambiar tus arquitecturas existentes? En esta sesión compartiremos ejemplos reales sobre cómo utilizar Amazon VPC para crear arquitecturas de nube híbridas, conectando tus centros de datos locales con AWS. También exploraremos las capacidades recién agregadas a Amazon VPC y cómo puedes utilizarlas.
Many enterprises on their hybrid cloud journey into the cloud require consistent and highly secure connectivity between their existing data center and AWS footprints. In this session, we walk through the different architecture options for establishing this connectivity using AWS Direct Connect and VPN. As we walk through these options, we try to answer some of the most common questions that typically arise from enterprises that tackle design and implementation. You'll learn how to make connectivity decisions that are suitable for your workloads, and how to best prepare against business impact in the event of failure.
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This midlevel architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with VPC. Learn how you can connect your VPC with your offices and current data center footprint. This session adds a focus on AWS Partners and where they are relevant in AWS networking.
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Summits
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. In this session, we will work through the process and features involved to build an advanced hybrid and connected architecture exploring the new capabilities including VPC Shared Subnets, AWS Transit Gateway, Route 53 Resolver and AWS Global Accelerator. We dive into how they work and how you might use them.
Become an AWS VPN and AWS Direct Connect Expert (NET306-R1) - AWS re:Invent 2018Amazon Web Services
Do you want to learn how to connect to Amazon VPC from your on-premises location by using a hardware VPN connection or AWS Direct Connect? Come learn how to set up your hardware VPN and DX to establish connectivity to your Amazon VPC. We also focus on common customer issues, limitations and how to best identify them, and we perform troubleshooting of DX and VPN connections.
Everything You Wanted to Know about Firewalls and Middle Boxes on AWS (NET406...Amazon Web Services
In this interactive chalk talk, we briefly cover common architectures for inserting services like firewalls, routers, security services, and proxies in AWS. The majority of this session comprises whiteboarding network architectures to include middle boxes in AWS. This includes hybrid networks, multi-region connectivity, and new AWS services.
In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with
basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as automated provisioning with AWS CloudFormation, and configuration management with AWS OpsWorks.
Speakers:
Miha Kralj, AWS Solutions Architect
Amarpal S. Attwal, Senior Technical Lead, ICT Engineering, Just Eat
Koen van den Biggelaar, AWS Solutions Architect
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Amazon Web Services
This session focuses on best practices for connectivity between many virtual private clouds (VPCs), including the Transit VPC. We review how the Transit VPC works and use cases for centralization, network security, and connectivity. We include best practices for multiple accounts, multiple regions, and designing for scale. In addition, we also review some of the variants and extensions to the Transit VPC, including how to customize your own.
Connectivity Options for VMware Cloud on AWS Software Defined Data Centers (S...Amazon Web Services
VMware Cloud on AWS enables customers to have a hybrid cloud platform by running their VMware workloads in the cloud while having seamless connectivity to on-premises and AWS native services. In this session, we do a technical deep dive on SDDC networking and NSX-T's recent announcement on full routing over AWS Direct Connect to enable optimized migrations and cloud extension use cases. We also demonstrate a live vMotion for on-premises workload to VMware SDDC cluster on AWS with minimum to no network distribution over AWS Direct Connect.
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
Similar to Architecting Advanced Network Security Across VPCs with AWS Transit Gateway (20)
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. Agenda
AWS Transit Gateway
- Basics of AWS Transit Gateway
- Egress Filtering
- VPC vs VPN Attachment Model
- Ingress Filtering
AWS Transit Gateway with Valtix
- Architecture
- How it works
27. 27
Automated
Deployment
Network
Security
Policies
Management
Console
Telemetry
and
monitoring
API
Valtix Cloud Controller SaaS
Security-as-a-Service
▪ Fully managed network security
○ Software updates
○ Auto scaling
○ Networking
▪ Simplified deployment
▪ Unified policy & enforcement
Cloud-Native Architecture
▪ Decoupled control and data plane
▪ Multi-cloud, region, zone
▪ Single pass inspection
○ WAF + Trustwave ruleset
○ IPS + Talos ruleset
○ TLS Decryption/Encryption
throughout
Manage Globally, Enforce Locally
HUB
VPC
Policy and Telemetry
(no production traffic)
Internet
EDGE
Customer accounts
Valtix cloud account
Valtix Cloud
Firewalls
KMS
S3
28. ● Attack vectors
○ Malicious insiders, infected users, misconfiguration...
○ Vulnerable Servers
■ Apache Struts exploit: CVE-2017-5638
■ Windows SMB: NotPetya malware
○ Connections to command-n-control (C2) cannot be
differentiated from legit sites:
■ GitHub org repo vs public repo’s
■ canonical.com vs rapidshare.com
○ Lateral movement from vulnerable servers
● Impact
○ Drive up costs
○ Exfiltrate data
○ Disrupt operations
○ Reputation damage
Bitcoin
mining
Malware
Distribution
HackerCommand-n-Control Server
Infected User or
Malicious Insider
Bug or Vulnerable
Server
Data
Exfiltration
Example Attacks
29. ▪ Customer provides cloud IAM credentials
▪ Valtix continuously discovers:
○ Cloud applications and network
inventory
Discover Deploy Defend
▪ Automated deployment of a
cluster of autoscaling VCF’s aka
Valtix Gateway via
○ Valtix Cloud Controller SaaS
○ API
○ Terraform
▪ Edge and Hub mode
▪ Automated networking changes
▪ Define security policy by app
name and workload tags
▪ Multi-cloud, region, zone policies
▪ Integration with SIEMs and
datalake
▪ Support for threat and
vulnerability management tools
like AWS GuardDuty
Onboarding Flow
30. Service Components
▪ Valtix Controller SaaS portal [Valtix pays]
‒ Centralized controller
‒ Dashboard, security policy
‒ Manages lifecycle of VCFs
▪ Valtix Cloud Firewall (VCF)
‒ Single pass dataplane for WAF + NGFW
‒ Not deployed individually, only as part of a Valtix Gateway
▪ Valtix Gateway [Customer pays]
‒ Distributed dataplane as a cluster of auto scaling VCFs
‒ Deployed per region, across zones in the customer’s cloud account
‒ Reduces networking costs of traffic in/out of cloud VPC/VNET
31. Use Case 1: Hub Mode With AWS Transit Gateway - Egress
Internet
Gateway
VPC 10.2.0.0/16
VPC 10.1.0.0/16
TGW ENI
TGW ENI
Instance
10.1.0.10
att-1 att-2
Valtix Cloud Controller SaaS
Managed by Valtix
● VCF deployment
● TGW routing
● Security policies
● Auto Scaling of VCF’s Security VPC
AWS Transit
Gateway
NLB
Valtix Cloud Firewalls
32. Use Case 2: Hub Mode With AWS Transit Gateway - Ingress
Internet
Gateway
VPC 10.2.0.0/16
VPC 10.1.0.0/16
TGW ENI
TGW ENI
att-1 att-2 NLB
Valtix Cloud Controller SaaS
Managed by Valtix
● VCF deployment
● TGW routing
● Security policies
● Auto Scaling of VCF’s
ALB
Set DNS of
app to NLB in
Route 53
Valtix Cloud Firewalls
Security VPC
33. Use Case 3: PaaS Security, including API Gateway
Internet
Gateway
VPC 10.2.0.0/16
TGW ENI
TGW ENI
att-1 att-2 NLB
Valtix Cloud Firewalls
Valtix Cloud Controller SaaSManaged by Valtix
● VCF deployment
● TGW routing
● Security policies
● Auto Scaling of VCF’s
Valtix Cloud Firewalls
VPC 2
VPC 1
VPC 3
AWS S3
Amazon API
Gateway
AWS
Lambda
+
34. info@valtix.com
www.valtix.com
Learn more:
● Try Valtix Sandbox in our environment
www.valtix.com/sandbox
● 14-Day Free Trial for POC www.valtix.com/trial
● Available on AWS Marketplace
https://aws.amazon.com/marketplace/pp/B081781QXX
?ref_=srh_res_product_title