The document discusses different strategies for licensing CRM solutions and cloud services. It covers challenges with licensing, such as preventing unauthorized use while not punishing legitimate customers. It then describes strategies like using license keys tied to specific deployments and implementing public key cryptography. The document demonstrates how to generate and validate licenses. It also proposes using a "license wall" approach of putting solutions behind a check that authenticated customers can access online resources. The "license wall" is discussed as an easier alternative to generating license keys that avoids maintenance while allowing for subscription or user-based models.
How to set up a WordPress website step by-step tutorialMarshall Reyher
This step-by-step, comprehensive tutorial will guide you through the process of getting your WordPress website up and running, with all the tools needed for your site to grow.
Introduction to Optimizing WordPress for Website SpeedNile Flores
Google loves a speedy website, and well… your visitors like a speedy website too. This is not the dial-up days. Your content, plugins you run, and your host can be factors in slowing down your website.
I’m going to show you how to speed up your WordPress website using WordPress plugins, some services, and a little code. I’m also going to share what tools I like used in order to optimize website speed so that you can also use them too.
(Updated version)
Since its creation, Wordpress has gained much popularity and rightly so, because it can be used even by people who are not wizards at code writing and website creation.
This presentation is about Web Components. What they are, why do we need them and how to go about creating a few of our own. We will also look at the browser support, make sure our Web Components work ~everywhere with the help of polyfills like Polymer. http://arvindr21.github.io/WebComponents
How to set up a WordPress website step by-step tutorialMarshall Reyher
This step-by-step, comprehensive tutorial will guide you through the process of getting your WordPress website up and running, with all the tools needed for your site to grow.
Introduction to Optimizing WordPress for Website SpeedNile Flores
Google loves a speedy website, and well… your visitors like a speedy website too. This is not the dial-up days. Your content, plugins you run, and your host can be factors in slowing down your website.
I’m going to show you how to speed up your WordPress website using WordPress plugins, some services, and a little code. I’m also going to share what tools I like used in order to optimize website speed so that you can also use them too.
(Updated version)
Since its creation, Wordpress has gained much popularity and rightly so, because it can be used even by people who are not wizards at code writing and website creation.
This presentation is about Web Components. What they are, why do we need them and how to go about creating a few of our own. We will also look at the browser support, make sure our Web Components work ~everywhere with the help of polyfills like Polymer. http://arvindr21.github.io/WebComponents
How to Increase Security on your Wordpress WebsiteMeganGood12
So many simple things can help you keep your website more secure. Learn the top 10 things we recommend for Wordpress users in this presentation. Be sure you have your website protected as much as you can.
Red Hat Summit - OpenShift Identity Management and ComplianceMarc Boorshtein
Our presentation from Red Hat Summit on OpenShift, Identity Management and Compliance. We talk about how to apply DevOps to identity management in OpenShift and make everyone happy.
Office365 in today's digital threats landscape: attacks & remedies from a hac...Benedek Menesi
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Office 365 in today's digital threats landscape: attacks & remedies from a ha...panagenda
After the positive feedback of Ben Menesi's session at the 2019 SPS Ottawa, he was asked to repeat it at Salt Lake M365 Friday in February 2020.
Abstract: Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
https://www.linkedin.com/in/benedekmenesi/
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
While Microsoft Teams adoption is growing incredibly fast with over 80 million active daily users in 2020, some highly regulated organizations are often hesitant to deploy Teams or limit the deployment of Teams due to information security concerns and possible cyber security threats. Supporting any platform with that many daily users you can be sure that hackers are watching closely and will do everything they can to gain a foothold in your environment.
During this presentation we will cover real-world cyber security threats as well as strategies for hardening your security configurations to protect your Teams deployment. We will also cover the available Microsoft add-on solutions to improve security, including Advanced Threat Protection (ATP), increased logging options, and Azure AD P1 licenses that improve Teams governance capabilities. Some of the topics we'll discuss:
- Credential theft campaigns
- Identity spoofing for user impersonation
- Man-in-the-middle attacks
- Locking down 3rd party application implementations
- Conditional access policies
- Permission management settings
- Information boundary configurations
- And more…
You'll learn how hackers think, and how you can gain the upper hand by preparing and training your users for the most common cyber security exploits as well as leveraging the best Microsoft tools available to mitigate both external and internal security risks.
Websites and applications are implementing social single sign-on to allow users to login using trusted authentication providers such as Google, Facebook, and even Salesforce. Join us to learn how to configure the OpenID Connect authentication provider to allow users to authenticate at Google to access a Salesforce environment. We'll also look at how you can relieve yourself of the burden of password management by having your web app login users via Salesforce.
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
Enhance your website's security with Reliqus Consulting's simple guide on how to install an SSL certificate. Our step-by-step instructions make it easy for anyone to boost their site's protection. Learn the importance of SSL certificates and follow our user-friendly process to ensure a secure connection for your visitors. Safeguard sensitive data and build trust with your audience by implementing this crucial security measure.
How to Increase Security on your Wordpress WebsiteMeganGood12
So many simple things can help you keep your website more secure. Learn the top 10 things we recommend for Wordpress users in this presentation. Be sure you have your website protected as much as you can.
Red Hat Summit - OpenShift Identity Management and ComplianceMarc Boorshtein
Our presentation from Red Hat Summit on OpenShift, Identity Management and Compliance. We talk about how to apply DevOps to identity management in OpenShift and make everyone happy.
Office365 in today's digital threats landscape: attacks & remedies from a hac...Benedek Menesi
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Office 365 in today's digital threats landscape: attacks & remedies from a ha...panagenda
After the positive feedback of Ben Menesi's session at the 2019 SPS Ottawa, he was asked to repeat it at Salt Lake M365 Friday in February 2020.
Abstract: Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
https://www.linkedin.com/in/benedekmenesi/
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
While Microsoft Teams adoption is growing incredibly fast with over 80 million active daily users in 2020, some highly regulated organizations are often hesitant to deploy Teams or limit the deployment of Teams due to information security concerns and possible cyber security threats. Supporting any platform with that many daily users you can be sure that hackers are watching closely and will do everything they can to gain a foothold in your environment.
During this presentation we will cover real-world cyber security threats as well as strategies for hardening your security configurations to protect your Teams deployment. We will also cover the available Microsoft add-on solutions to improve security, including Advanced Threat Protection (ATP), increased logging options, and Azure AD P1 licenses that improve Teams governance capabilities. Some of the topics we'll discuss:
- Credential theft campaigns
- Identity spoofing for user impersonation
- Man-in-the-middle attacks
- Locking down 3rd party application implementations
- Conditional access policies
- Permission management settings
- Information boundary configurations
- And more…
You'll learn how hackers think, and how you can gain the upper hand by preparing and training your users for the most common cyber security exploits as well as leveraging the best Microsoft tools available to mitigate both external and internal security risks.
Websites and applications are implementing social single sign-on to allow users to login using trusted authentication providers such as Google, Facebook, and even Salesforce. Join us to learn how to configure the OpenID Connect authentication provider to allow users to authenticate at Google to access a Salesforce environment. We'll also look at how you can relieve yourself of the burden of password management by having your web app login users via Salesforce.
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
Enhance your website's security with Reliqus Consulting's simple guide on how to install an SSL certificate. Our step-by-step instructions make it easy for anyone to boost their site's protection. Learn the importance of SSL certificates and follow our user-friendly process to ensure a secure connection for your visitors. Safeguard sensitive data and build trust with your audience by implementing this crucial security measure.
AWS Certified Solutions Architect Professional Course S1-S5Neal Davis
This deck contains the slides from section 1 to section 5 in our AWS Certified Solutions Architect video course. It covers:
Section 1 Intro (no slides)
Section 2 AWS Accounts and Organizations
Section 3 Identity Management and Permissions
Section 4- AWS Directory Services and Federation
Section 5 - Advanced Amazon VPC
Full course can be found here: https://digitalcloud.training/courses/aws-certified-solutions-architect-professional-video-course/
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Cheqd: Making privacy-preserving digital credentials funSSIMeetup
Everyone is excited about SSI but there still aren’t any use cases that form part of people’s daily lives, so the team at Cheqd set out to change that. In this session, Ankur Banerjee walks through the research that led them to settle on social reputation in Web3 ecosystems as a use case that would be fun and drive daily usage. Find out more on creds.xyz.
Symantec CryptoExec for WHMCS - Installation and Management GuideSSLRenewals
Symantec would like to introduce the new CryptoExec API exclusively for Symantec Website Security business partners. Check out easy to understand guidelines here:
3. What are we going to cover?
# Licensing Challenges
# License Key Strategies for CRM Solutions
# License “Key” Strategies for Cloud
http://crmlicensing.codeplex.com
Connect + Learn = Grow
4. #1 Nothing is 100% safe. It can always
be hacked
Connect + Learn = Grow
8. License Keys
• Token to enable your solution
• Only you should be able to generate it
• Tied to a specific customer / deployment
Connect + Learn = Grow
9. Public Key Cryptography
• Cryptography -> Base for licensing
• Private key is not good enough
• Public Key encryption enables signing
Connect + Learn = Grow
13. What are we going to cover?
# Licensing Challenges
# License Key Strategies for CRM Solutions
# License “Key” Strategies for Cloud
Connect + Learn = Grow
14. How to validate the license in CRM?
• License storage/installation
• Web Resource license checks
• .Net code license checks
Connect + Learn = Grow
15. Demo Scenario
• The EU VAT Checker
Solution
– Using the VIES service
from the EU
– Allow to Check for Valid
VAT and Enrich Account
data with addresses
Connect + Learn = Grow
16. License Storage & Installation
• Store the license as a web resource
– XML File containing the license
– Clean & No need to create custom entities
– Needs publishing
• Configuration page
– Simple HTML Page
– Create/update license
Connect + Learn = Grow
17. Web Resource / UI License
Checks
• JavaScript Library
– Download License and Public Key
– Validate the License using Public Key
– Act on the results
• Web Resources / Forms
– Include the JavaScript library
<script src="../Scripts/crmlicensing.lib.auto.min.js"
type="text/javascript"></script>
Connect + Learn = Grow
18. Plug-in Checks
• Similar as JavaScript
– Validate the License using
Public Key & Act on the
results
• But
– Cache the result to avoid
penalising plugins
– Use a Abstract Class to
implement the plumbing
Connect + Learn = Grow
19. Building a fictitious ISV add-on solution to validate EU VAT
numbers and implementing the license checks
DEMO: A LICENSED SOLUTION
Connect + Learn = Grow
20. What are we going to cover?
# Licensing Challenges
# License Key Strategies for CRM Solutions
# License “Key” Strategies for Cloud
Connect + Learn = Grow
21. Let’s forget the licenses
• Generating licenses requires lots of Work
– Generate Licenses
– Replace them
– Support calls
• What if we use something easier?
Connect + Learn = Grow
23. Building a “License Wall”
• Put part of your solution behind a “License
Wall”
– Natural for Web Resources
– Can be used for .Net code
• Only licensed CRM instances can access
the resources
Connect + Learn = Grow
24. How to create a license wall in 10 minutes using Windows Azure
DEMO: LICENSE WALL
Connect + Learn = Grow
25. License Wall Pros & Cons
• Pros
– No requirement to generate license
– Easier to maintain / update
– Enables new license models
• Subscriptions, User based, etc.
• Cons
– Requires internet access
Connect + Learn = Grow
26. What have we covered?
# Licensing Challenges
# License Key Strategies for CRM Solutions
# License “Key” Strategies for Cloud
http://crmlicensing.codeplex.com
Connect + Learn = Grow
27. Marco Amoedo
Microsoft
@marcoamoedo
Thank You to all of our Sponsors and thank YOU for attending
eXtremeCRM 2013 Rome!
Session evaluation surveys are online! Check your email or to to:
http://www.extremecrm.com/Pages/2013RomeSurvey.aspx
Complete prior to the closing session to be included in today’s drawing!
Connect + Learn = Grow
7 minutesStart WPF AppAdd the UIThen add code to generate the license keysAdd the encrypt codeVerify
15 minutesConfiguration PageCheck for .lic fileUpload .licPublish request (using guid)Licensed Web ResourceExplain the setup with the minimiserExplain the issue about RSA.JSShow the code for the auto checkerExplain how to customiseLicensed PluginExplain basic ideaWhy needs a base class and hold the result in memory