Brighttalk converged infrastructure and it operations management - finalAndrew White
How Converged Infrastructure Will Change IT Operations Management
Over the past decade, Enterprises have leveraged a shared service model to make IT more cost effective. The emergence of “Converged Infrastructure” and “Fabric-Based Infrastructure” will allow IT to offer purpose driven solutions rather than the function driven solutions of the past. To do this, IT will need to evolve towards more modular designs, rely more on open standards, and rethink their approach to management frameworks.
In this session you will learn:
How converged infrastructure is used to create purpose driven solutions
Why new operational challenges are faced as this new approach is used broadly
What changes need to occur to succeed with this new paradigm
This is a high level presentation on how to develop a monitoring improvement program. The topic of what to monitor is covered in a separate presentation.
Brighttalk converged infrastructure and it operations management - finalAndrew White
How Converged Infrastructure Will Change IT Operations Management
Over the past decade, Enterprises have leveraged a shared service model to make IT more cost effective. The emergence of “Converged Infrastructure” and “Fabric-Based Infrastructure” will allow IT to offer purpose driven solutions rather than the function driven solutions of the past. To do this, IT will need to evolve towards more modular designs, rely more on open standards, and rethink their approach to management frameworks.
In this session you will learn:
How converged infrastructure is used to create purpose driven solutions
Why new operational challenges are faced as this new approach is used broadly
What changes need to occur to succeed with this new paradigm
This is a high level presentation on how to develop a monitoring improvement program. The topic of what to monitor is covered in a separate presentation.
The VictorOps 2014 State of On-call report. This report, presented as a WebCast and released as a report is the first ever study of the people, processes and emotions of being on-call for technical organizations. If you are overhauling your on-call structure there are great tips how to make that job Suck Less !
Security disasters can emanate from many places but often the main contributor is the disconnect that exists between CIO’s (and executives in general) and the technical staff. This disconnect can give life to the scariest undead creature in the business world: <b>the bad idea zombie.
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...Steve Werby
20 years ago information security was a low corporate priority that was the realm of technical geeks. Factors such as the rapidly-evolving threat environment and increased corporate impact have elevated it to a multidisciplinary risk management discipline...which sometimes has a seat at the table. This talk explores what we're doing wrong, why it's ineffective (or worse), and better ways of thinking and doing. You will learn to question the status quo, rethink existing paradigms, and leverage better approaches from information security and other disciplines. Think different! Act different!
Keynote presentation delivered for the Ovum Analysts Business Process Management event in London, November 2012. Using case studies to demonstrate how emerging trends are connected and disrupting business as usual: social networks, mobile devices, big data and cloud computing. With gamification joining the party
Automated decision making with predictive applications – Big Data AmsterdamLars Trieloff
My slides from tonight's talk at Impact HUB in Amsterdam on big data, machine learning, cognitive biases and how to overcome them with predictive applications.
Intro to a Data-Driven Computer Security DefenseRoger Grimes
Introduces a Data-Driven Computer Security Defense, a computer security defense strategy introduced by the author. Slide deck complements the book and whitepaper and can be used by anyone.
Building a Successful Organization By Mastering Failurejgoulah
The Etsy organization has grown by a significant amount over the last five years. As a company grows, more thought must be put into the techniques that it uses to communicate and deal with failures. This talk will cover several techniques that have helped foster a Just Culture, one in which an effort is made to balance both safety and accountability
Covid 19: Understanding the context using systems thinking techniques webinar
Thursday 22 October 2020
presented by
David Cole, Frank Curtolo, Michael Emes, Dania Issa, Phil Knights, Cesar Rendora, Brian Slaughter and Andrew Wright
The link to the write up page and resources of this webinar:
https://www.apm.org.uk/news/covid-19-understanding-the-context-using-systems-thinking-techniques-webinar/
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
Security on the Brain – Using Human Psychology to Achieve Compliance: ISSA-UK Expert Workshop
Presented by Adrian Wright - ISSA-UK VP of Research
One of the biggest wake-up calls in recent times is the realisation that more than 60% of major security breaches and data losses are down to 'human factor' failings.
Our main weapon in mitigating these failings is to spend more on in-house awareness campaigns and on technical measures to minimise any losses - yet incidents and losses continue to increase. Clearly these existing awareness campaigns and controls are not enough, as the message is still not getting through or isn't being complied with.
This presentation and workshop session challenges current thinking and strategies in dealing with people as both an asset and a source of risk, by leveraging human psychology and people's differing motivations to improve communication, change opinions and turn basic awareness into actual compliance.
In this session
Learn:
- The psychology of why we don't comply - why awareness alone won't do
- What motivates people to do - or not do - specific things
- Neurolinguistics - it's not just what you say; but how you say it and to who
- Divide and conquer - adapting your message to target specific personality types
- Changing the security culture by changing people's belief systems
- Dirty tricks (slightly) - tactics that work in changing behaviour
- Selling the unsellable - lessons from other sectors in making boring stuff sexy
Participate:
- Informal group discussion of challenges and successes from your experience
- Identifying your audience’s character types and shaping the message
- Influencing the Board by speaking their language
- Developing an internal PR strategy to improve security's image and influence
- Develop a brand new and more effective mission statement for your team
About the Presenter:
Adrian Wright CISA
20 years experience in Information Security, IT Risk Management & Compliance. Specialist in managing security, risk and compliance awareness campaigns;
9 Years Global CISO Head of InfoSec at Reuters - covering 142 countries and 250,000 systems;
10 years founder and programme director at Secoda Risk Management. Experienced speaker and writer on all things cyber security, governance, risk & compliance.
2 Years Director of Projects & 1 Year VP of Research & Board member at ISSA-UK
Having spent decades looking into the darker recesses and failings within technology; Adrian has recently turned his attention to the darker recesses and failings within the human beings that work with the technology…
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014xMatters Inc
Dr. Steven B. Goldman is an internationally recognized expert and consultant in Business Continuity, Crisis Management, Disaster Recovery, and Crisis Communications. Read his predictions for 2014.
A look at some of the methodologies that have shaped the direction of agile software development. We take a look at Lean Software Development (and the Toyota Production System), the Theory of Constraints and Systems Thinking.
Architecting a Post Mortem - Velocity 2018 San Jose TutorialWill Gallego
Engineers are frequently tasked with being front and center in intense, highly demanding situations that require clear lines of communication. Our systems fail not because of a lack of attention or laziness but due to cognitive dissonance between what we believe about our environments and the objective interactions both internal and external to them.
It’s time to revisit your established beliefs surrounding failure scenarios, with an emphasis not on the “who” in decision making but instead on the “why” behind those decisions. With attention to growth mindset, you can encourage your teams to reject shallow explanations of human error for said failures and focus on how to gain greater understanding of these complexities and push the boundaries on what you believe to be static, unchanging context outside your sphere of influence.
Will Gallego walks you through the structure of postmortems used at large tech companies with real-world examples of failure scenarios and debunks myths regularly attributed to failures. You’ll learn how to incorporate open dialogue within and between teams to bridge these gaps in understanding.
Beyond the Knowledge Base: Turning Data into Wisdom - an ITSM Academy WebinarKaren Skiles
Many organizations live perceiving Knowledge Management begins and ends with a Knowledge Base. However, a more robust Knowledge Management process exists. The KM process is a pipeline to Continual Service Improvement. This presentation provides insight and methods for developing and implementing a more comprehensive Knowledge Management process leading to improvement throughout the enterprise. This presentation covers design of the KM process, DIKW and its usages, the KM-CSI connection, knowledge repositories and much more.
A look at IT decision making, budgeting, priorities and technology adoption among UK and Germany-based SMEs based on 500 interviews (250 in the UK and 250 in Germany) with IT decision makers from private sector SME organisations.
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
Becoming a social enterprise is not a technical evolution, but a business transformation. Technologies enable it, but only a cultural commitment will achieve it. Doing it is not optional, unless going out of business is also considered an OK option.
Don Maclean, Chief Cybersecurity Technologist, DLT Solutions, and Mav Turner, IT Security Business Unit, SolarWinds, share the most important things you can do to keep your networks and data safe, and what tools are available to help.
The VictorOps 2014 State of On-call report. This report, presented as a WebCast and released as a report is the first ever study of the people, processes and emotions of being on-call for technical organizations. If you are overhauling your on-call structure there are great tips how to make that job Suck Less !
Security disasters can emanate from many places but often the main contributor is the disconnect that exists between CIO’s (and executives in general) and the technical staff. This disconnect can give life to the scariest undead creature in the business world: <b>the bad idea zombie.
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...Steve Werby
20 years ago information security was a low corporate priority that was the realm of technical geeks. Factors such as the rapidly-evolving threat environment and increased corporate impact have elevated it to a multidisciplinary risk management discipline...which sometimes has a seat at the table. This talk explores what we're doing wrong, why it's ineffective (or worse), and better ways of thinking and doing. You will learn to question the status quo, rethink existing paradigms, and leverage better approaches from information security and other disciplines. Think different! Act different!
Keynote presentation delivered for the Ovum Analysts Business Process Management event in London, November 2012. Using case studies to demonstrate how emerging trends are connected and disrupting business as usual: social networks, mobile devices, big data and cloud computing. With gamification joining the party
Automated decision making with predictive applications – Big Data AmsterdamLars Trieloff
My slides from tonight's talk at Impact HUB in Amsterdam on big data, machine learning, cognitive biases and how to overcome them with predictive applications.
Intro to a Data-Driven Computer Security DefenseRoger Grimes
Introduces a Data-Driven Computer Security Defense, a computer security defense strategy introduced by the author. Slide deck complements the book and whitepaper and can be used by anyone.
Building a Successful Organization By Mastering Failurejgoulah
The Etsy organization has grown by a significant amount over the last five years. As a company grows, more thought must be put into the techniques that it uses to communicate and deal with failures. This talk will cover several techniques that have helped foster a Just Culture, one in which an effort is made to balance both safety and accountability
Covid 19: Understanding the context using systems thinking techniques webinar
Thursday 22 October 2020
presented by
David Cole, Frank Curtolo, Michael Emes, Dania Issa, Phil Knights, Cesar Rendora, Brian Slaughter and Andrew Wright
The link to the write up page and resources of this webinar:
https://www.apm.org.uk/news/covid-19-understanding-the-context-using-systems-thinking-techniques-webinar/
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
Security on the Brain – Using Human Psychology to Achieve Compliance: ISSA-UK Expert Workshop
Presented by Adrian Wright - ISSA-UK VP of Research
One of the biggest wake-up calls in recent times is the realisation that more than 60% of major security breaches and data losses are down to 'human factor' failings.
Our main weapon in mitigating these failings is to spend more on in-house awareness campaigns and on technical measures to minimise any losses - yet incidents and losses continue to increase. Clearly these existing awareness campaigns and controls are not enough, as the message is still not getting through or isn't being complied with.
This presentation and workshop session challenges current thinking and strategies in dealing with people as both an asset and a source of risk, by leveraging human psychology and people's differing motivations to improve communication, change opinions and turn basic awareness into actual compliance.
In this session
Learn:
- The psychology of why we don't comply - why awareness alone won't do
- What motivates people to do - or not do - specific things
- Neurolinguistics - it's not just what you say; but how you say it and to who
- Divide and conquer - adapting your message to target specific personality types
- Changing the security culture by changing people's belief systems
- Dirty tricks (slightly) - tactics that work in changing behaviour
- Selling the unsellable - lessons from other sectors in making boring stuff sexy
Participate:
- Informal group discussion of challenges and successes from your experience
- Identifying your audience’s character types and shaping the message
- Influencing the Board by speaking their language
- Developing an internal PR strategy to improve security's image and influence
- Develop a brand new and more effective mission statement for your team
About the Presenter:
Adrian Wright CISA
20 years experience in Information Security, IT Risk Management & Compliance. Specialist in managing security, risk and compliance awareness campaigns;
9 Years Global CISO Head of InfoSec at Reuters - covering 142 countries and 250,000 systems;
10 years founder and programme director at Secoda Risk Management. Experienced speaker and writer on all things cyber security, governance, risk & compliance.
2 Years Director of Projects & 1 Year VP of Research & Board member at ISSA-UK
Having spent decades looking into the darker recesses and failings within technology; Adrian has recently turned his attention to the darker recesses and failings within the human beings that work with the technology…
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014xMatters Inc
Dr. Steven B. Goldman is an internationally recognized expert and consultant in Business Continuity, Crisis Management, Disaster Recovery, and Crisis Communications. Read his predictions for 2014.
A look at some of the methodologies that have shaped the direction of agile software development. We take a look at Lean Software Development (and the Toyota Production System), the Theory of Constraints and Systems Thinking.
Architecting a Post Mortem - Velocity 2018 San Jose TutorialWill Gallego
Engineers are frequently tasked with being front and center in intense, highly demanding situations that require clear lines of communication. Our systems fail not because of a lack of attention or laziness but due to cognitive dissonance between what we believe about our environments and the objective interactions both internal and external to them.
It’s time to revisit your established beliefs surrounding failure scenarios, with an emphasis not on the “who” in decision making but instead on the “why” behind those decisions. With attention to growth mindset, you can encourage your teams to reject shallow explanations of human error for said failures and focus on how to gain greater understanding of these complexities and push the boundaries on what you believe to be static, unchanging context outside your sphere of influence.
Will Gallego walks you through the structure of postmortems used at large tech companies with real-world examples of failure scenarios and debunks myths regularly attributed to failures. You’ll learn how to incorporate open dialogue within and between teams to bridge these gaps in understanding.
Beyond the Knowledge Base: Turning Data into Wisdom - an ITSM Academy WebinarKaren Skiles
Many organizations live perceiving Knowledge Management begins and ends with a Knowledge Base. However, a more robust Knowledge Management process exists. The KM process is a pipeline to Continual Service Improvement. This presentation provides insight and methods for developing and implementing a more comprehensive Knowledge Management process leading to improvement throughout the enterprise. This presentation covers design of the KM process, DIKW and its usages, the KM-CSI connection, knowledge repositories and much more.
A look at IT decision making, budgeting, priorities and technology adoption among UK and Germany-based SMEs based on 500 interviews (250 in the UK and 250 in Germany) with IT decision makers from private sector SME organisations.
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
Becoming a social enterprise is not a technical evolution, but a business transformation. Technologies enable it, but only a cultural commitment will achieve it. Doing it is not optional, unless going out of business is also considered an OK option.
Don Maclean, Chief Cybersecurity Technologist, DLT Solutions, and Mav Turner, IT Security Business Unit, SolarWinds, share the most important things you can do to keep your networks and data safe, and what tools are available to help.
Peter Coffee of salesforce.com summarizes the state of the cloud after a decade of enterprise assimilation, and lays out the upside value opportunities of the reconceived Cloud 2 -- combining cloud economy with connected community
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
White-Collar Crime Fighter Newsletter Subscribe Now at No Cost!
FraudResourceNet has made the premier Anti-Fraud newsletter, White-Collar Crime Fighter freely available to all. All this is required is to complete the registration form with your work email address!
The widely read newsletter, White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Every two months you'll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies to put to work immediately to protect your organization.
When it comes to fraud, knowledge of the countless schemes, how they work and red flags to look for will help keep you, your organization and your clients safe.
At FraudResourceNet we understand this and take great pride in providing our FREE White Collar Crime Fighter newsletter -- filled with exclusive articles and tips to provide the knowledge you need.
Make sure you stay informed. Sign up for White Collar Crime Fighter newsletter and we’ll keep you up-to-date on special promos, training opportunities, and other news and offers from FraudResourceNet!
Signing up is easy and FREE. If you have not already subscribed to our newsletter, please sign up to get started!
Sign up for the White Collar Crime Fighter Newsletter (a $99 value ... now completely FREE)
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment.
Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month.
SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment.
Network:
The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points.
Configuration Highlights:
Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to.
Managed switches – There is no logging of network activities on any of the switches.
Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the f.
The Avid Life Media hack is a striking example of everything that can go wrong when a company is completely breached followed by a total disclosure of the stolen information. This attack resulted in an estimated $200 million in costs, firing of the CEO, and countless lives ruined. This presentation will review the data exposed and what can be learned to prevent this from happening to your organization.
As many audit departments are moving toward agile auditing, they struggle finding an effective technique for planning that goes beyond the traditional risk assessment. We recommend using exploratory data analytics to focus the agile plan and address those risks with the greatest exposure.
After this session, participants will be able to:
- Use data analytics for exploratory testing to validate a draft plan that incorporates emerging risks
- Dispel the Top 5 Analytics Myths
- Develop an agile risk based plan that aligns with senior management objectives
- Deliver a continuous monitoring plan with tools to your control owners
The concept of Web Governance is currently attracting a lot of attention.
It seems as if its moment has finally arrived - which is encouraging because until recently few industry commentators or senior managers were interested in the details of managing a website.
The reason is that there were just too many other problems that needed fixing first – like getting the basics of usability right, implementing accessibility or improving content.
And while we must admit that work remains to be done in these areas, many of the fundamentals have been put to bed.
As a consequence attention is now switching to how such tasks – and the resources needed to support them – are managed.
The shift to Web Governance highlights a realization that if the trajectory of online experience is to be maintained, a more professional approach to operations is needed.
Indeed, disciplines like design and content are now so widely understood that they are being gradually exhausted as differentiators .
This means that the way in which they are managed is becoming progressively more important to creating & maintaining value.
A Retrospective in Analytic Auditing and What’s Ahead
Description
The speaker will outline salient best practices in establishing an analytic program based on lessons learned looking back on the past two and a half decades. Specific learning objectives include:
o Review key dates in the last two decade’s timing that led to the advancement of audit data analytic programs.
o Highlight lessons learned over the years through case study examples.
o Outline the effective culture around the analytics program to serve as its foundation.
o Learn to apply analytics across the entire lifecycle from risk assessment, to planning, fieldwork, and reporting.
o Present analytic best practices being deployed by top performing organizations.
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
Project Deliverable 2: Business Requirements 1
Project Deliverable 2: Business Requirements 3
Project Deliverable 2: Business Requirements
Jessica Hill
Dr. Jan Felton
CIS 590: Directed Research Project
February 1, 2015
Table of Contents
1 Business Requirements……………………………………………………………….………3
1.1 Project Overview…………………………………………………………………….........3
1.2 Background including current process…………………………………………….3
1.3 Scope………………………………………………………………………………3
1.3.1 Scope of Project……………………………………………………….........4
1.3.2 Constraints and Assumptions……………………………………….............5
1.3.3. Risks…………………………………………………………………..........5
1.3.4. Scope Control ………………………………………………………………5
1.3.5. Relationship to Other Systems/Projects ……………………………………6
1.3.6. Definition of Terms (if applicable)………………………………………...6
1.1 Project Overview
This project is an information Technology project that was requested by WebFOCUS Company. The project is a development of a secure website that offers online advertisements, sharing, collection and storage of visual tools. The Website should be hosted in a cloud environment and should provide database functions for use in data warehousing
1.2 Background including current process
WebFOCUS was developed in order to generate profit through online advertisements as well as offshoring and outsourcing of business operations. Currently the business uses the relational database analysis. The company’s website in operated on both Windows and Mac OS X operating systems. In order to enhance virtualization, the company is seeking cloud computing services as well as data warehousing for data analysis purposes.
The project goals include;
a. Generation of profit through the charges on advertisement
b. Integration of database and operating systems in employee management.
c. Outsourcing work at a reduced cost (Olsen, 2006)
d. Developing a secure network infrastructure
e. The use of cloud computing to handle and share data
Tasks
a. Develop a website for advertisement
b. Install security measures
c. Integrate the website with cloud computing functionalities
d. Develop the outsourcing functionalities within the website
1.3 Scope
The scope of this project involves the determination and documentation of the project goals, deliverable, tasks, the cost and the deadlines.
1.3.1 Scope of the Project
Project Deliverables:
Scope Statement: This statement outlines the major activities to be carried out within the time allocated for the project. The scope statement’s goal is the financial analysis and financial documents regarding the operation of the project. The cost incurred and the revenue generated can be compared to observe the progress of the project.
Progress Reports: These include the process and the stages at which the project is undergoing. For the development of secure network infrastructure, the progress report deliverables would be network firewall types, authenticati ...
HI Team,
I am looking for a job change. I am having 5+ years of development and 1 year of Pen testing Experience. I am looking for Hyderabad location. Details below
Relevant IT Experience: 5.7 Years
Web application security testing Exp : 1 year
Contact number: 9742855955
Notice period: 90 days (Negotiable)
Current Location: Bangalore
Preferred Location: Hyderabad
Thanks,
Raju
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Brighttalk learning to cook- network management recipes - final
1. Learning to Cook:
Network Management Recipes
https://cbsstlouis.files.wordpress.com/2013/01/kidscooking.jpg
2. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Mr. White has over fifteen years of experience designing and managing
the deployment of Systems Monitoring and Event Management software.
Currently, he is serving as the Operational Readiness Leader for a Fortune
50 Enterprise. Mr. White has also held positions including Executive
Architect at IBM, leader of the Monitoring and Event Management
organization at Nationwide Insurance and owner of a Service
Management Consultancy developing solutions for a wide variety of
organizations, including the Mexican Secretaría de Hacienda
y Crédito Público, Telmex, Wal-Mart of Mexico, JP Morgan Chase,
Nationwide Insurance and the US Navy Facilities and Engineering
Command.
Andrew White
Long Time System Management Expert
UX Evangelist
8. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Ground rules for this
session…
• If you can’t tell if I am trying to be funny…
–
GO AHEAD AND LAUGH!
• Feel free to text, tweet, yammer, or whatever.
Use
• If you have a question, no need to wait until
the end. Just interrupt me. Seriously… I
don’t mind.
9. I have a lot of experience leading
Systems and Event Management teams
14. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
LaŸtenŸcy – [LEYT-n-see]
-noun, plural -cies
1. The state of being latent
2. The time that elapses between a stimulus and the
response to it
3. The state of being not yet evident or active
16. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
ExŸpeŸriŸence – [ik-SPEER-ee-uh’ns]
-noun
1. The apprehension of an object, thought, or emotion through
the senses or mind
2. Direct personal participation or observation; actual knowledge
or contact
3. A particular incident, feeling, etc., that a person has
undergone
-verb
4. To be emotionally or aesthetically moved by; to feel
5. To learn by perceiving, understanding, or remembering
18. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
When you put them together we get:
The ultimate measure of success for any system is
the perception of its performance. The less
interactive a system becomes the more likely its
performance will be perceived to be poor.
Latency is the mother of inactivity!
19. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The Two Dimensions of
Latency…
Internal Latency vs. External Latency
Actual Latency vs. Perceived Latency
This is what user experience is all about
In other words: Perceived = Fn(Internal+External)Variation )
20. We need to recognize when we
have problems to solve
29. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
No complaint… is more common
than that of a scarcity of money
-Adam Smith, Wealth of Nations
30. *Among adults who accessed the internet with a mobile phone in the past 12 months (n=1,001) – Gomez Mobile Web Experience Survey conducted by Equation Research
58% of mobile phone users expect websites
to load as quickly, almost as quickly or faster
on their mobile phone, compared to the
computer they use at home*
http://www.flickr.com/photos/lucianbickerton/3858380291/sizes/l/
31. *Among adults who accessed the internet with a mobile phone in the past 12 months (n=1,001) – Gomez Mobile Web Experience Survey conducted by Equation Research
60% of mobile web users have had a problem in the
past year when accessing a website on their phone*
http://www.flickr.com/photos/rickyromero/1357938629/sizes/l/
32. *Among adults who accessed the internet with a mobile phone in the past 12 months (n=602) – Gomez Mobile Web Experience Survey conducted by Equation Research
Slow load time was the number on issue,
experience by almost 75% of them*
http://bighugelabs.com/onblack.php?id=2497744197&size=large
33. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Our Problem Statement:
The business needs to reliably reach its customers and
users regardless of where they may be located. Latency
forces close geographic proximity of the components
and limits the quality of service provided to
geographically distributed customers.
35. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Our Constraints
At the same time, there are a few inescapable facts we face:
1. Today’s users demand reliable systems to do their work
2. IT systems will mirror the complexity of the businesses
they support
3. Our environments must be massive to handle the workload
4. Business continuity requires geographic diversity in our
deployment locations
5. The speed of light isn’t changing any time soon
36. When all of these happen at the same time…
Ug…
37. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Question
Is there a better way to figure out what
monitoring would help?
38. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Itemize the
existing
monitors
Brainstorm
potential gaps
to fill
Deploy new
monitors
Identify the
potential
risks
Itemize the
existing
monitors
Determine
if which
gaps exist
Fill the
monitoring
gaps
Current Approach
Proposed Approach
Picking Better Monitors
39. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
What Do You Want To Accomplish?
Your monitoring should help you answer:
• How will we know if the users are getting the experience
they are expecting?
• How much capacity do we need during normal and peak
times to ensure user expectations are met?
• How quickly can the provider we select ramp up to meet
our needs if we find that the service is underperforming?
• How fast do we need to be able to access additional
capacity once it is ready for us?
40. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Composite
Applications
Site Content
Search
Session
Information
User Login
& Identity Mgmt
Content Mgmt
System
Social Network
Widgets
Site Tracking
& Analytics
Banner Ads &
Revenue Generators
Multimedia &
CDN Content
41. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Composite Applications Are
Everywhere
• ATG (Oracle) – Shopping Cart
• Estara – Click to Chat
• Twitter Widget – Social Networking
• Gigya – Social Networking
• Google Maps API – GeoLocation
• Facebook Widget – Social Networking
• Google Analyics – User Tracking
42. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Seeing Is Believing
Real User Monitoring
Would Report 94ms
Response Time.
The page seemed
“done” to me
1.2 seconds later
The time spent rendering
represented 93% of the
user experienced latency
43. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The Same Old Problem
Corporate
LANs & VPNs
ISP
Connection
DNS & Internet
Services
Content Mgmt
System
Social Network
Widgets
Site Tracking
& Analytics
Banner Ads &
Revenue Generators
Multimedia &
CDN Content
Home Wireless
& Broadband
Mobile Broadband
Is It My Data Center?
• Configuration errors
• Application design issues
• Code defects
• Insufficient infrastructure
• Oversubscription Issues
• Poor routing optimization
• Low cache hit rate
Is It a Service Provider Problem?
• Non-optimized mobile content
• Bad performance under load
• Blocking content delivery
• Incorrect geo-targeted content
Is it an ISP
Problem?
• Peering problems
• ISP Outages Is it My Code or a Browser Problem?
• Missing content
• Poorly performing JavaScript
• Inconsistent CSS rendering
• Browser/device incompatibility
• Page size too big
• Conflicting HTML tag support
• Too many objects
• Content not optimized for device
The Cloud
Distributed
Database
Mainframe
Network
Middleware
Storage
44. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Cognitive Dissonance
Corporate
LANs & VPNs
Distributed
Database
Mainframe
Network
Middleware
Storage
ISP
Connection
DNS & Internet
Services
Content Mgmt
System
Social Network
Widgets
Site Tracking
& Analytics
Banner Ads &
Revenue Generators
Multimedia &
CDN Content
Home Wireless
& Broadband
Mobile Broadband
The Part You Control
The Part They Experience
…meanwhile
the user is
NOT
happy
All our systems
look great,
SLA’s are being
met…
You Have More
Control Here Than
You Think
45. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Gaining Perspective
Requires Balance
Packet Capture
Synthetic Transactions
Client Monitoring
Client Monitoring
Synthetic Transactions
Server Probe
1. Client to the Server
2. Server to the Client
3. “3rd Party” Vantage Point
4. Synthetic Transactions
Four Perspectives of User Experience
46. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Why Multiple Perspectives?
Know Your Customer:
• What they do?
§ Customers care about completing tasks
NOT whether the homepage is available
• Where they do it from?
§ Your customers don’t live in the cloud, test from their perspective
• When they do it?
§ Test at peak and normal traffic levels, to find all the problems
• What expectations do customers have?
§ Is 5 seconds fast enough or does it have to be quicker?
47. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
What Does Good
Monitoring Look Like?
Corporate
LANs & VPNs
Load Balancer
Load Balancer
Firewall
Switch
Web Server Farm
Database
Data Power
Mainframe
Middleware
Load Balancer
1. System Availability
2. Operating System Performance
3. Hardware Monitoring
4. Service/Daemon and Process Availability
5. Error Logs
6. Application Resource KPIs
7. End-to-End Transactions
8. Point of Failure Transactions
9. Fail-Over Success
10. “Activity Monitors” and “Reverse Hockey Stick”
Elements of Good Monitoring
32 4 5 61
7
8
9 10
48. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
When decisions are not made based
on information, it’s called gambling.
49. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Finding Metrics That Matter
§ Will the metric be used in a report? If so, which one? How is it used in the report?
§ Will the metric be used in a dashboard? If so, which one? How will it be used?
§ What action(s) will be taken if an alert is generated? Who are the actors? Will a ticket
be generated? If so, what severity?
§ How often is this event likely to occur? What is the impact if the event occurs? What
is the likelihood it can be detected by monitoring?
§ Will the metric help identify the source of a problem? Is it a coincident / symptomatic
indicator?
§ Is the metric always associated with a single problem? Could this metric become a
false indicator?
§ What is the impact if this goes undetected?
§ What is the lifespan for this metric? What is the potential for changes that may
reduce the efficacy of the metric?
Evaluating the Effectiveness of a Metric
50. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Watch your words
737-900ER 747-400ER
Maximum Number of
Passengers
215
524
Maximum Crusing Speed (mph)
511
570
A 737 and a 747 both travel around 500 mph but the 747
carries twice as many people. Would you say it is twice as fast?
51. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
What Matters Most?
Dr. Lee
Goldman
Cook County Hospital,
Chicago, IL
§ Is the patient feeling unstable
angina?
§ Is there fluid in the patient’s lungs?
§ Is the patient’s systolic blood
pressure below 100?#
The Goldman Algorithm
Prediction of Patients Expected to
Have a Heart Attack Within 72 Hours
0
20
40
60
80
100
Traditional Techniques
Goldman Algorithm
By paying attention to what really matters, Dr.
Goldman improved the “false negatives” by 20
percentage points and eliminated the “false
positives” altogether.
52. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
• Server Metrics
– Server Response Time
– Server Connection Time
– Refused Session Percentage
– Unresponsive Session Percentage
• Network Metrics
– Network Round Trip Time
– Retransmission Delay
– Effective Network Round Trip Time
– Network Connection Time
• Application Metrics
– Total Transaction Time
– Data Transfer Time
Really Helpful KPIs
53. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Beware of Averages
75th
Percentile
50th
Percentile
25th
Percentile
0.5 0.7 0.9 1.8 2.5 2.5 2.6 2.9 3.3 3.5
Average
54. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Your Mission…
In addition to monitoring for system availability, we are
here to help manage latency.
The Recipe:
1. Continually map, monitor, and categorize all
sources of latency
2. Help identify and remove all sources that are found
55. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The Critical Path of
Performance
Browser
Workstation
OS
Workstation
Hardware
Client LAN
Corporate
WAN
Datacenter
LAN
Etc.
Web Server
Web Server
OS
Web Server
Hardware
Datacenter
LAN
Middleware
Server
Hardware
Middleware
Server OS
Middleware
Application
Etc.
Database
Server
Database
Server OS
Database
Server
HBA
SAN
Fabric
Switch
Array
Hardware
Array
Controller
Hardware
Cache
Disk
Drives
Etc.
Client Node
Middleware
Database
58. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
MIBs and OIDs
root
iso (1)
org (3)
dod (6)
Internet (1)
Interfaces (2)
IP (4)
System (1)
ifOperStatus = ..1.3.6.1.2.1.2.2.1.8.0
MIB-2 (1)
Directory (1)
Experimental (3)
Mgmt (2)
Private (4)
Juniper (2636)
Cisco (9)
Apple (63)
Microsoft (311)
Port OperStatus = .1.3.6.1.4.1.9.5.1.4.1.1.6.0Functionally the same
59. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
MIBs and OIDs
root
iso (1)
org (3)
dod (6)
Internet (1)
Interfaces (2)
IP (4)
System (1)
MIB-2 (1)
Directory (1)
Experimental (3)
Mgmt (2)
Private (4)
Juniper (2636)
Cisco (9)
Apple (63)
Microsoft (311)
Port Index = .1.3.6.1.4.1.9.5.1.4.1.1.4.0 A MIB is the set
of OIDs for a
defining a set of
information in the
database
Port Type = .1.3.6.1.4.1.9.5.1.4.1.1.5.0
Port OperStatus = .1.3.6.1.4.1.9.5.1.4.1.1.6.0
Port IfIndex = .1.3.6.1.4.1.9.5.1.4.1.1.11.0
portMacControlUnknownProtocolFrames = .1.3.6.1.4.1.9.5.1.4.1.1.21.0
63. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
RMON is “Flow-Based”
Monitoring
RMON v1 (RFC 2819)
• Statistics: real-time LAN statistics e.g. utilization,
collisions, CRC errors
• History: history of selected statistics
• Alarm: definitions for RMON SNMP traps to be
sent when statistics exceed defined thresholds
• Hosts: host specific LAN statistics e.g. bytes
sent/received, frames sent/received
• Hosts top N: record of N most active
connections over a given time period
• Matrix: the sent-received traffic matrix between
systems
• Filter: defines packet data patterns of interest e.g.
MAC address or TCP port
• Capture: collect and forward packets matching
the Filter
• Event: send alerts (SNMP traps) for the Alarm
group
• Token Ring: extensions specific to Token Ring
RMON v2 (RFC 4502)
• Protocol Directory: list of protocols the probe can
monitor
• Protocol Distribution: traffic statistics for each
protocol
• Address Map: maps network-layer (IP) to MAC-
layer addresses
• Network-Layer Host: layer 3 traffic statistics, per
each host
• Network-Layer Matrix: layer 3 traffic statistics, per
source/destination pairs of hosts
• Application-Layer Host: traffic statistics by
application protocol, per host
• Application-Layer Matrix: traffic statistics by
application protocol, per source/destination pairs
of hosts
• User History: periodic samples of user-specified
variables
• Probe Configuration: remote configure of probes
• RMON Conformance: requirements for RMON2
MIB conformance
64. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The RMON MIBs
root
iso (1)
org (3)
dod (6)
Internet (1)
Interfaces (2)
IP (4)
System (1)
MIB-2 (1)
Directory (1)
Experimental (3)
Mgmt (2)
Private (4)
RMON (16)
RMON data is
stored in a MIB
and can be
collected using
SNMP
65. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
MIBs and OIDs
root
iso (1)
org (3)
dod (6)
Internet (1)
Interfaces (2)
IP (4)
System (1)
MIB-2 (1)
Directory (1)
Experimental (3)
Mgmt (2)
Private (4)
RMON (16)
rmonEventsV2
statistics
history
alarm
hosts
hostTopN
matrix
filter
Capture
Event
tokenRing
protocolDir
protocolDist
addressMao
nlHost
nlMatrix
alHost
alMatrix
usrHistory
probeConfig
rmonConformance
mediaIndependentStats
switchRMON
interfaceTopNMIB
hcAlarmMIB
= .1.3.6.1.2.1.16.0
= .1.3.6.1.2.1.16.1.0
= .1.3.6.1.2.1.16.2.0
= .1.3.6.1.2.1.16.3.0
= .1.3.6.1.2.1.16.4.0
= .1.3.6.1.2.1.16.5.0
= .1.3.6.1.2.1.16.6.0
= .1.3.6.1.2.1.16.7.0
= .1.3.6.1.2.1.16.8.0
= .1.3.6.1.2.1.16.9.0
= .1.3.6.1.2.1.16.10.0
= .1.3.6.1.2.1.16.11.0
= .1.3.6.1.2.1.16.12.0
= .1.3.6.1.2.1.16.13.0
= .1.3.6.1.2.1.16.14.0
= .1.3.6.1.2.1.16.15.0
= .1.3.6.1.2.1.16.16.0
= .1.3.6.1.2.1.16.17.0
= .1.3.6.1.2.1.16.18.0
= .1.3.6.1.2.1.16.19.0
= .1.3.6.1.2.1.16.20.0
= .1.3.6.1.2.1.16.21.0
= .1.3.6.1.2.1.16.22.0
= .1.3.6.1.2.1.16.23.0
= .1.3.6.1.2.1.16.24.0
All this information lives in just
one table and most people
don’t know about it!
66. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Setting Thresholds
Falling Threshold
Rising Threshold
Sample Interval
Policy Activations
68. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
How we view the network
69. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
How our applications view it
70. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
What a Flow Record Looks Like
http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/configuration/guide/12_2sr/fnf_12_2_sr_book/fnetflow_overview.html
71. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
One record, multiple uses
http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/configuration/guide/12_2sr/fnf_12_2_sr_book/fnetflow_overview.html
73. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The Progression
SNMP
Granularity
Accuracy
RMON
Netflow
Packet
Inspection
75. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Shallow vs Deep Packet Inspection
SPI is very focused on header information from OSI Layers 3 & 4 (IP, TCP, UDP, etc.)
DPI processes header and datagram information (HTTP, SQL, SIP, etc.)
IP Header
TCP Header
GET /userLogin.jsp HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14
(KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Shallow Packet Inspection (SPI)
Deep Packet Inspection (DPI)
76. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Shallow Packet Inspection
77. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Degraded Threshold – The point at which users will
complain about poor performance
Excessive Threshold – The point at which users will
stop using the application due to poor
performance
Two Different Thresholds
78. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
3. Compare network latency across sites
2. Prove the value of a server upgrade1. Document the results of QoS changes
Validating Changes
79. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Solving Problems
Pervasiveness:
The problem is
effecting user
across your
network
82. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Troubleshooting VoIP
83. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Don’t Commit a Felony
85. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Using Indices
• Network Congestion Index
• Packet Loss SLAs
NCI = (Packets/sec + Avg Payload) * (Avg Latency + Avg Bandwidth)
App Owner Controlled Network Controlled
bps < min(rwin/rtt, MSS/(rtt*sqrt(loss)))
For example, to achieve a gigabit per second with TCP on a coast-to-coast
path (rtt = 40 msec), with 1500 byte packets, the loss rate can not exceed
8.5x10^-8! If the loss rate was even 0.1% (far better than most SLAs), TCP
would be limited to just over 9 Mbps. [Note that large packet sizes help. If
packets were n times larger, the same throughput could be achieved with n^2
times as much packet loss.]
86. (C) SystemsManagementZen.com 2007-2015. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Let’s keep the
conversation going…
Andrew.P.White@Gmail.com
ReverendDrew
SystemsManagementZen.Wordpress.com
systemsmanagementzen.wordpress.com/feed/
@SystemsMgmtZen
ReverendDrew
APWhite@us.ibm.com
614-306-3434