These are the slides from the presentation given at the OpenStack Summit in Hong Kong in Fall 2013
PayPal has adopted a hypervisor agnostic stance within our Openstack Grizzly cloud. This presentation will cover the details surrounding our grizzly implementation and integration of both KVM and ESX hypervisors under one management umbrella. Grizzly deployment details configuration details for ESX integration Reasons for execution of this strategy benefits and pitfalls of this plan This will be an audience modified presentation of one that I am giving at VMWorld 2013 in San Francisco in August 2013.
Cloud Presentation and OpenStack case studies -- Harvard UniversityBarton George
The presentation walks through the forces affecting IT in higher education today, the value of a cloud brokerage model and case studies of OpenStack-based clouds in higher education. Presented at the Harvard University IT summit.
Liberate Your Files with a Private Cloud Storage Solution powered by Open SourceIsaac Christoffersen
Many of today's enterprises are working under a false assumption that there is a trade-off between consumer-centric file sharing and corporate IT policy compliance. This is because most market-leading SaaS solutions for file sync and share are not designed around enterprise IT's needs. They represent growing risks with vendor lock-in, data security, compliance and data ownership.
With a track record in delivering innovative Open Source solutions, Vizuri has an answer to help enterprises overcome these hurdles. By leveraging innovative Red Hat and ownCloud open source solutions, this solution help corporate IT provide a simple to use file sync and share solution for employees. As a result, organizations are able to retain a greater control over valuable intellectual property.
Delivering Mission Critical Applications with Leostream and HP RGSLeostream
Everyone these days wants access to their applications and computing resource on the go. And we mean everyone — including users running graphics heavy applications such as 3D rendering.
How do you enable these users to be mobile, while securing their data in your datacenter, when they typically have a workstation sitting below their desk? The answer is easier than you think.
Click through this presentation to learn more and access the full webinar here: http://www.leostream.com/resources/webinar/delivering-mission-critical-applications-with-leostream-and-hp-rgs.
Cloud Presentation and OpenStack case studies -- Harvard UniversityBarton George
The presentation walks through the forces affecting IT in higher education today, the value of a cloud brokerage model and case studies of OpenStack-based clouds in higher education. Presented at the Harvard University IT summit.
Liberate Your Files with a Private Cloud Storage Solution powered by Open SourceIsaac Christoffersen
Many of today's enterprises are working under a false assumption that there is a trade-off between consumer-centric file sharing and corporate IT policy compliance. This is because most market-leading SaaS solutions for file sync and share are not designed around enterprise IT's needs. They represent growing risks with vendor lock-in, data security, compliance and data ownership.
With a track record in delivering innovative Open Source solutions, Vizuri has an answer to help enterprises overcome these hurdles. By leveraging innovative Red Hat and ownCloud open source solutions, this solution help corporate IT provide a simple to use file sync and share solution for employees. As a result, organizations are able to retain a greater control over valuable intellectual property.
Delivering Mission Critical Applications with Leostream and HP RGSLeostream
Everyone these days wants access to their applications and computing resource on the go. And we mean everyone — including users running graphics heavy applications such as 3D rendering.
How do you enable these users to be mobile, while securing their data in your datacenter, when they typically have a workstation sitting below their desk? The answer is easier than you think.
Click through this presentation to learn more and access the full webinar here: http://www.leostream.com/resources/webinar/delivering-mission-critical-applications-with-leostream-and-hp-rgs.
This presentation on Open Source and Cloud Technologies was given by Vizuri SVP Joe Dickman at the 2012 Destination Marketing Technology Forum in Raleigh, NC. For more information please visit our website at www.vizuri.com or email solutions@vizuri.com.
Presentazione Tintri - Clouditalia @ VMUGIT UserCon 2015VMUG IT
Transitioning a Legacy Hosting Business to a Modern Virtualized Cloud Service Providing Business - Raffaello Poltronieri, Cloud Specialist, Clouditalia - Tintri session
Microsoft Technologies for Data Science 201612Mark Tabladillo
Delivered to SQL Saturday BI Edition -- Atlanta, GA
Microsoft provides several technologies in and around Azure which can be used for casual to serious data science. This presentation provides an overview of the major Microsoft options for both on-premise and cloud-based data science (and hybrid). These technologies have been used by the presenter in various companies and industries, both as a Microsoft consultant and previously independent consultant. As well, the speaker provides insights into data science careers, information which helps imply where the business will likely be for consultants and partners.
Automating the Enterprise with CloudForms & AnsibleJerome Marc
Automating the Enterprise with CloudForms & Ansible:
- Self-service IT requests and automated delivery of IT services.
- Automated configuration and policy enforcement of deployed systems.
- Operational visibility and control.
Machine learning services with SQL Server 2017Mark Tabladillo
SQL Server 2017 introduces Machine Learning Services with two independent technologies: R and Python. The purpose of this presentation is 1) to describe major features of this technology for technology managers; 2) to outline use cases for architects; and 3) to provide demos for developers and data scientists.
Regarding Clouds, Mainframes, and Desktops … and LinuxRobert Sutor
In this talk, I'll focus on three areas of great opportunity as well as challenge for Linux: the accelerating market for cloud computing, Linux as a significant operating system for mainframes, and the hope for Linux on the desktop.
• What are the key design characteristics for IaaS clouds?
• What are some of the key IaaS cloud patterns that emerge from these choices?
• What fundamental capabilities are impacted by these decisions?
• How do you use this knowledge to better construct a portfolio of IaaS cloud services best suited to your portfolio of applications?
A session in the DevNet Zone at Cisco Live, Berlin. Big data and the Internet of Things (IoT) are two of the hottest categories in information technology today, yet there are significant challenges when trying to create an end-to-end solution. The worlds of "IT" and “IoT" differ in terms of programming interfaces, protocols, security frameworks, and application lifecycle management. In this talk we will describe proven ways to overcome challenges when deploying a complete “device to datacenter” system, including how to stream IoT telemetry into big data repositories; how to perform real-time analytics on machine data; and how to close the loop with reliable, secure command and control back out to remote control systems and other devices.
Build cloud native solution using open source Nitesh Jadhav
Build cloud native solution using open source. I have tried to give a high level overview on How to build Cloud Native using CNCF graduated software's which are tested, proven and having many reference case studies and partner support for deployment
Exploring microservices in a Microsoft landscapeAlex Thissen
Presentation for Dutch Microsoft TechDays 2015 with Marcel de Vries:
During this session we will take a look at how to realize a Microservices architecture (MSA) using the latest Microsoft technologies available. We will discuss some fundamental theories behind MSA and show you how this can actually be realized with Microsoft technologies such as Azure Service Fabric. This session is a real must-see for any developer that wants to stay ahead of the curve in modern architectures.
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Scott Carlson
VSVC4994 - Marriage of ESX and OpenStack at PayPal
PayPal is quickly moving forward to utilize open source and open standards based technologies in the build-out of our private cloud. With our internal release of OpenStack software based on 'Grizzly' we have integrated ESX 5 support and now can deploy workloads against ESX as well as against KVM.
This presentation on Open Source and Cloud Technologies was given by Vizuri SVP Joe Dickman at the 2012 Destination Marketing Technology Forum in Raleigh, NC. For more information please visit our website at www.vizuri.com or email solutions@vizuri.com.
Presentazione Tintri - Clouditalia @ VMUGIT UserCon 2015VMUG IT
Transitioning a Legacy Hosting Business to a Modern Virtualized Cloud Service Providing Business - Raffaello Poltronieri, Cloud Specialist, Clouditalia - Tintri session
Microsoft Technologies for Data Science 201612Mark Tabladillo
Delivered to SQL Saturday BI Edition -- Atlanta, GA
Microsoft provides several technologies in and around Azure which can be used for casual to serious data science. This presentation provides an overview of the major Microsoft options for both on-premise and cloud-based data science (and hybrid). These technologies have been used by the presenter in various companies and industries, both as a Microsoft consultant and previously independent consultant. As well, the speaker provides insights into data science careers, information which helps imply where the business will likely be for consultants and partners.
Automating the Enterprise with CloudForms & AnsibleJerome Marc
Automating the Enterprise with CloudForms & Ansible:
- Self-service IT requests and automated delivery of IT services.
- Automated configuration and policy enforcement of deployed systems.
- Operational visibility and control.
Machine learning services with SQL Server 2017Mark Tabladillo
SQL Server 2017 introduces Machine Learning Services with two independent technologies: R and Python. The purpose of this presentation is 1) to describe major features of this technology for technology managers; 2) to outline use cases for architects; and 3) to provide demos for developers and data scientists.
Regarding Clouds, Mainframes, and Desktops … and LinuxRobert Sutor
In this talk, I'll focus on three areas of great opportunity as well as challenge for Linux: the accelerating market for cloud computing, Linux as a significant operating system for mainframes, and the hope for Linux on the desktop.
• What are the key design characteristics for IaaS clouds?
• What are some of the key IaaS cloud patterns that emerge from these choices?
• What fundamental capabilities are impacted by these decisions?
• How do you use this knowledge to better construct a portfolio of IaaS cloud services best suited to your portfolio of applications?
A session in the DevNet Zone at Cisco Live, Berlin. Big data and the Internet of Things (IoT) are two of the hottest categories in information technology today, yet there are significant challenges when trying to create an end-to-end solution. The worlds of "IT" and “IoT" differ in terms of programming interfaces, protocols, security frameworks, and application lifecycle management. In this talk we will describe proven ways to overcome challenges when deploying a complete “device to datacenter” system, including how to stream IoT telemetry into big data repositories; how to perform real-time analytics on machine data; and how to close the loop with reliable, secure command and control back out to remote control systems and other devices.
Build cloud native solution using open source Nitesh Jadhav
Build cloud native solution using open source. I have tried to give a high level overview on How to build Cloud Native using CNCF graduated software's which are tested, proven and having many reference case studies and partner support for deployment
Exploring microservices in a Microsoft landscapeAlex Thissen
Presentation for Dutch Microsoft TechDays 2015 with Marcel de Vries:
During this session we will take a look at how to realize a Microservices architecture (MSA) using the latest Microsoft technologies available. We will discuss some fundamental theories behind MSA and show you how this can actually be realized with Microsoft technologies such as Azure Service Fabric. This session is a real must-see for any developer that wants to stay ahead of the curve in modern architectures.
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Scott Carlson
VSVC4994 - Marriage of ESX and OpenStack at PayPal
PayPal is quickly moving forward to utilize open source and open standards based technologies in the build-out of our private cloud. With our internal release of OpenStack software based on 'Grizzly' we have integrated ESX 5 support and now can deploy workloads against ESX as well as against KVM.
Giles Sirett: Introduction and CloudStack news ShapeBlue
Giles will talk about all that's new and happening within the Apache CloudStack community, and about new and future releases, exciting features, upcoming events and more!
VMworld 2013: vCloud Powered HPC is Better and Outperforming PhysicalVMworld
VMworld Europe 2013
Theo van Drimmelen, Bitbrains IT Services
Willem van Engeland, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
A First Look at vSphere Integrated Containers and Photon PlatformDan Wendlandt
Talk presented at VMworld 2015 offering a sneak peak into two VMware technical previews announced at the conference: vSphere Integrated Containers and Photon Platform.
Optimize Your VMware SDDC with IBM InfrastructurePaula Koziol
Having the right IT infrastructure with true VMware integration is key to optimally deploying and managing your Software Defined Data Center (SDDC). This includes leveraging vRealize Automation with IBM Power and z Systems along with IBM software-defined storage and storage systems for vCloud Suite -- all ideally suited for your private and hybrid cloud environments. View this presentation to learn about the latest VMware Ready solutions from IBM – all built for performance and agility while bringing automation, ease of management and the highest levels of efficiency to your existing investments in VMware solutions.
2011-11-03 Intelligence Community Cloud Users GroupShawn Wells
Hosted by TMA, spoke about Red Hat's virtualization portfolio, RHEV & KVM technical updates (Xen vs KVM, sVirt), RHEV 3, and security automation (OpenSCAP).
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?Scott Carlson
slides from my 2018 talk at the RSA Asia Pacific Conference in Singapore. First a basic overview of Blockchain for the audience and then a complete discussion of how the security of blockchain is really about the security of the whole stack, with the chain itself being the last thing you focus on.
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
As a CISO, you have been asked why you can't just trust your employees to do the right thing. What benefit to the business comes from technical security controls? You have likely been asked to reduce risk and action every funded project at once. In this session, we will realistically consider which projects can reduce risk most quickly, which layers of security are most important, and how things like privilege management, vulnerability control, over-communicating, and simply reducing the attack surface can bring peace of mind and actual direct improvements to your information security posture.
RSA 2015 Realities of Private Cloud SecurityScott Carlson
My 2015 Talk at the RSA US Conference on Private Cloud Security and ways that companies need to think about their cloud as they built it within their private data center
2016 RSA US Conference Talk on Data Security
Follows along the pattern of my previous talks about Data, Security, and the Reality that you can't find a silver bullet, but there are a lot of things surrounding it that you need to think of too
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
Presentation from 2014 Atlanta OpenStack Summit
Will Your Cloud Be Compliant?
Scott Carlson - PayPal
Evgeniya Schumakher - Mirantis
https://www.youtube.com/watch?v=gTqyWsV5nzI&list=PLF2SitUlktI43byuCqY8L_KVT34NnpciS
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterScott Carlson
Presentation materials from 2014 Interop Conference - Cloud Connect Summit - Scott Carlson from PayPal in Las Vegas
Audio: https://www.youtube.com/watch?v=tyYGupLg7IE
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
In this presentation we discuss gathering data with syslog-ng in order to properly feed your SIEM system such as ArcSight ESM. This presentation is from HP/ArcSight Protect 2011.
HP Enterprise Security Customer Case Study - Apollo GroupScott Carlson
Summary:
Apollo Group is a publicly traded parent company that owns the University of Phoenix and a number of other higher education subsidiaries. The organization needs to be able to meet rigorous audit and compliance requirements and aimed to take its security to the next level by building a more mature security operations center.
Business Challenge:
With 300 physical location in six countries, 500,000 students, 50,000 faculty and 22,000 employees, Apollo Group has a formidable challenge in securing all its systems data and endpoints.
Solution:
ArcSight ESM enables Apollo Group to increase its visibility and intelligence into its network and protect against zero day cyberthreats. With ArcSight ESM, Apollo Group has been able to create unique use cases to identify events specific to its environment - for example, preventing student misuse of Internet resources and protecting against data leakage via mobile media.
Benefits:
The comprehensive correlation and reporting capabilities within ArcSight ESM enable Apollo Group to effectively process billions of security events and maintain compliance with SOX and PCI regulations. "We are extremely pleased to have ArcSight ESM as the basis for our security foundation. Its versatility and raw ability to combat cyberthreats and risk make it an excellent choice," says Scott Carlson, Principal Engineer, Apollo Group Data Center Architecture.
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesScott Carlson
Learn the latest trends and protections for the mobile workforce, including managing multiple devices. Security risks rise with the addition of more and more devices both in the traditional office and in the teleworking and mobile workforce. Join the interactive discussion on best practices for proactively managing devices across all levels of your agency.
Apollo Group, New York City Health and Hospitals, NJVC, and Physiotherapy Associates: Security in the Age of a Mobile Workforce and Mobile Devices
Scott Carlson, Principal Security Engineer, Apollo Group
Kevin Brownstein, Manager – Systems Engineers, McAfee, Inc.
Egon Rinderer, Chief of Cyber Security, NJVC, Inc., NGA
Corey Cush, Assistant Vice President – Infrastructure Services, NYC Health & Hospitals Corp
Kevin Slate, Vice President – Information Technology, Physiotherapy Associates
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013Scott Carlson
This is the presentation from the OpenStack Hong Kong Conference from Fall 2013.
There are many different blueprints describing how high-availability can be achieved underneith an OpenStack cloud. At PayPal, we have chosen to utilize some of the common OpenStack best practices as well as introducing common Data Center best practices to bring high availability to the management/control infrastructure within our cloud. Topics Included: Design of our Openstack Control infrastructure Pros and Cons of management and infrastructure racks separate from a compute rack High Availability requirements by component Pros and cons of High Availability choices external to and within the cloud Trade-offs that need to be made now to ensure availability
http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/openstack-high-availability-paypal
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong Fall 2013
1. MARRIAGE OF OPENSTACK
WITH KVM AND ESX AT
PAYPAL
MULTI-VENDOR AGILITY
Open Stack Summit – Hong Kong - 2013
2. ABOUT PAYPAL
PayPal offers flexible and innovative payment solutions for consumers
and merchants of all sizes.
• 137,000,000 Users.
• $300,000 Payments processed by PayPal each minute.
• 193 markets / 26 currencies.
• PayPal is the World‟s Most Widely Used Digital Wallet.
2
5. PAYPAL INTERNAL CLOUD
2012/2013 Shift toward an internal cloud model
• Shift from Enterprise design model to cloud-based design
• Elastically scale and self-heal infrastructure to accommodate
unpredictable usage patterns of customers and internet commerce
• Separate rapidly iterating customer experiences from core
services
• reduce overall cost per transaction within the environment
5
6. CLOUD IS THE GREAT ENABLER
ENABLE THE DEVELOPER
ENABLE THE BUSINESS
One-Click
Developer
Self Service
Global
Compute &
Data
Fulfillment
Payment Delivery
SelfOrganizing &
Optimizing
Infrastructure
System Intelligence
Driven Operation
Code
6
Deploy
Enjoy
7. PAYPAL CLOUD PLATFORM –
GUIDING PRINCIPLES
• Technology
− Adopt Open Source Solutions where ever possible
− No Vendor Lock-in
− Industry Best Practices
− Leverage Industry/ebay Inc Investments
• Functionality
− Self-Service tool for application life cycle management.
− Robust Automation & Orchestration
− Seamless On-Demand Capacity Fulfillment
7
8. OPENSTACK
PayPal deploying Openstack in order to help transform our global
infrastructure into an agile and open cloud platform.
Agility - time to market for customer facing services
Agility - speed to service developer requests for VM resources
Agility – utilize the engineering culture of PayPal to
deliver specialized cloud services where needed
8
10. CLOUD BEFORE INTEGRATION
WEB
F
Z
F
Z
F
Z
KVM
Local Disk
“Stateless & Disposable”
F
Z
MID
Cloud Management Zone
VCenter Management
F
Z
F
Z
F
Z
KVM
Local Disk
F
Z
F
Z
ESX
5.0u2
Shared
Storage
F
Z
ESX
5.0u2
Shared
Storage
F
Z
ESX
5.0u2
Shared
Storage
Physical
Non-virtualized
F
Z
ESX
5.0u2
Shared
Storage
Physical
Non-virtualized
DATABASE & RESTRICTED ZONE
FZ = Logical Fault Zones
13. COMPARING
But isn‟t Openstack a direct replacement for ESX? Why would
you keep them both?
ESX/Vsphere != Openstack
NOVA != vSphere || vCenter || ESXi
NOVA =~ vCD, vCAC
KVM =~ ESX
To connect to any hypervisor, the Openstack cloud „proxies‟
connections to any supported hypervisor via Nova. That
abstracts the „Cloud‟ from the hypervisor
13
14. BRINGING ESX „INTO‟ THE CLOUD
• Equivalent functionality on KVM and ESX
• Full birth to death lifecycle management of virtual machines
− Build new, power on, power off, console, rebuild, delete
• Auto-configuration of host resources following t-shirt sizes
standards
− CPU, RAM, NIC, IP, OS Version
• IP Address Management
• Build from “Snapshot”/”Template”
• Deploy resources following appropriate fault zone model
• Must work from within single Horizon/Asgard interface
14
15. HYPERVISOR REQUIREMENTS
• ESX 5.1
− 5.0 works but too many back-ports (for us) / tweaks
• Single security zone per hypervisor
− No sharing of confidential & non-confidential on same hardware (PCI)
• Openstack management network communication
− This is NOT necessarily the VKERNEL network
15
16. STORAGE REQUIREMENTS
• “Shared storage” required
− Data Store Cluster
− Single Data Store support
• DRS Enabled with auto-placement
• Data Stores must be created in advance
− No Cinder support
16
17. OPENSTACK GRIZZLY
⁃ O
penS ack C
t
ommand Line T
ools (nova-client, swif t-client, et c.)
⁃ C
loud M anagement T
ools (Right scale, E rat ius, et c.)
nst
⁃ G t ools (C
UI
yberduck, iPhone client, et c.)
Int er net
O
penS ack
t
O
bject API
O
penS ack
t
C
omput e API
O
penS ack
t
Image API
O
penStack
Identity
AP
I
O
penStack
D
ashboard
H (S)
TTP
Amazon
Web Ser vices
E 2 API
C
VNC VMRC
/
/ Spice
O
penS ack
t
Block S orage API
t
Hor izon
O
penS ack
t
Net wor k API
O
penStack
O
bject AP
I
O
penStack
Image AP
I
O
penS ack
t
O
bject API
swif t-proxy
O
penStack C
ompute
AP /
I
Admin AP
I
O
penStack
Identity
AP
I
O
penS ack
t
O
penS ack
t
Block S orage API Block S orage API
t
t
nova-api
O
penS ack
t
Image API
glance-api
(O E 2, Met adat a, Admin)
S, C
nova-comput e
nova-cert/
objectstore
glance-regist r y
cont ainer
object
cinder-api
nova-console
nova-*proxy
O
penS ack
t
Image
API
memcached
account
O
penS ack
t
Net wor k API
O
penS ack
t
Net wor k API
H
TTP(S)
cinder-volume
quant um
agent (s)
nova
dat abase
object
st ore
O
penStack
Identity
AP
I
O
penS ack O
t
bject St ore
Queue
net wor k
provider
quant um
plugin(s)
quant um
dat abase
Queue
volume provider
Queue
hyper visor
cont ainer
D
B
cinder-backup
libvirt, XenAPI, et c.
glance
dat abase
account
D
B
quant um-ser ver
cinder
dat abase
nova-conduct or
nova-consoleauth
cinder-scheduler
http://www.solinea.com
O
penStack
Identity
AP
I
O
penS ack
t
Image Ser vice
nova-scheduler
O
penS ack C
t
omput e
O
penS ack
t
Block S orage
t
O
penS ack
t
Net wor k Ser vice
O
penStack
Identity
AP
I
O
penStack
Identity AP
I
keyst one
(ser vice & admin APIs)
O
penStack
Identity
Service
t oken backend
cat alog
backend
policy
backend
O
penStack O
bject AP
I
O
penStack
Identity
AP
I
O
penStack
Identity
AP
I
ident it y
backend
19. CONFIG OF NOVA
Nova is the project name for OpenStack Compute, a cloud computing fabric controller,
the main part of an IaaS system. Individuals and organizations can use Nova to host
and manage their own cloud computing systems.
#compute_driver = libvirt.LibvirtDriver
compute_driver = vmwareapi.VMwareVCDriver
Can be multiple
vmwareapi_host_ip=192.168.20.50
clusters now!
vmwareapi_host_username=root
vmwareapi_host_password=vmware
vmwareapi_cluster_name=openstack_test
vmwareapi_wsdl_loc=https://192.168.20.50/sdk/vimService.wsdl
Vcenter 5.1 Appliance
19
Confidential and Proprietary
20. GLANCE AND IMAGES
Rules for Glances images for VMWare
• Saved in VMDK Format
• Imported as VMDK Format
• Thick Provisioned VMDK Required
• No split VMDK allowed (must be merged)
• In a multi-hypervisor cloud, all images are separate
„per hypervisor‟ (no launching KVM VM‟s on ESX)
glance add name=”MYMACHINE.vmdk" disk_format=vmdk container_format=bare
is_public=true vmware_adaptertype="lsiLogic" vmware_disktype="preallocated"
vmware_ostype="otherGuest" < /path/to/MYMACHINE.vmdk
20
Confidential and Proprietary
21. BUILDING AND INSTALLING OS
• Kickstart
• Build a small root disk
• Use kickstart to image machine
• Post-install with puppet to customize machine and
add additional mount points depending on
application requirements
• Image Deploy
• Currently does not support „config-drive‟
• Need Guest Tools to „duplicate‟ functionality
21
Confidential and Proprietary
22. WHAT ABOUT THE NETWORK
•
22
Quantum requires NVP 3.2
• Cannot talk directly to VSphere API to allocate VDS
Port to NIC
• Uses vAPP – integration bridge or native in 5.5
• Configured as separate transport zone within Nicira
Confidential and Proprietary
23. WHAT‟S LEFT
• Component “at-scale” testing
• Currently manage “tens” at a time, need to
move to “hundreds” or “thousands”
• Most fixes in Havanna, every bug-fix needs to be
reviewed and possible back-ported to Grizzly
• Multiple Data Store enumeration on a cluster
• Full Certification on VCE VBLOCK with Vision
Intelligent Operations, auto-upgrades, and full
Openstack support of all components
23
Confidential and Proprietary
24. READING MATERIALS
•
•
•
•
•
•
http://www.solinea.com/2013/06/15/openstack-grizzly-architecture-revisited/ - Ken Pepple
http://www.slideshare.net/kenhui65/getting-started-with-openstack?ref=http://cloudarchitectmusings.com/2013/06/16/getting-started-with-openstack/ - Kenneth Hui
http://docs.openstack.org/trunk/openstack-compute/admin/content/config-drive.html - config-drive doc
http://docs.openstack.org/trunk/openstack-compute/admin/content/vmware.html - Openstack VMWARE doc
http://www.ebay.com - Buy It Now
http://www.paypal.com - and then Pay for it Here!
Paypal is a Payments companyBetter for merchantsEasier for youCan be considered your digital walletWe’re not just on the internet, but we are also in store in places like Home Depot and GNCScale is importantShopping habits importantPaypal scales to meet needs worldwide and can be deployed in-country depending on local laws.
PayPal moved from 0% virtualized in production to 90% virtualized in one year.We took advantage of the converged infrastructure to shorten ramp up time and utilized resources from the vendor supplierAPI used for monitoring and deployment scriptsThere is a predictible scaling pattern for the front-tier on paypal.com and measuring the resultant output of the VM’s allowed us to scale as appropriate to meet demandVBLOCK measured at 99.999% availability which gave us confidence in running paypal apps on it
Clouds are a work in progress
Shift from Enterprise design model to cloud-based designElastically scale and self-heal infrastructure to accommodate unpredictable usage patterns of customers and internet commerceSeparate rapidly iterating customer experiences from core servicesreduce overall cost per transaction within the environment
Open Source to enable innovation fasterDefine Standards and APIsIt enables vendors to exactly know what large scale operators need to manage their cloudIndustry best practices prevents “reinventing the wheel”
Two Entry Points for InfrastructurePayPal Product DevelopersCloud Operators to manage CloudCentrally Orchestrated using HeatLocal StorageHP 4X600 GB(MirrorCisco 4948 & Arista 7050Nicira NVPF5 10.2.2 LB
New Hardware PlatformAll new Application PlatformGive infrastructure to developersFault Zones – Built to support maintenance activities and disposable compute for stateless load balanced poolsFront and business tiers separate infrastructure to retain separation for PCI
New Hardware PlatformAll new Application PlatformGive infrastructure to developers
Although many have mistakenly made direct comparisons between OpenStack Nova and vSphere, that is actually quite inaccurate since Nova actually sits at a layer above the hypervisor layer. OpenStack in general and Nova in paticular, is most analogous to vCloud Director (vCD) and vCloud Automation Center (vCAC), and not ESXi or even vCenter. In fact, it is very important to remember that Nova itself does NOT come with a hypervisor but manages multiple hypervisors, such as KVM or ESXi. Nova orchestrate these hypervisors via APIs and drivers. The list of supported hypervisors include KVM, vSphere, Xen, and others; a detailed list of what is supported can be found on the OpenStack Hypervisor Support Matrix.