Cloud Connect is a key component of the Cisco hybrid cloud portfolio. In this session, we review how Cloud Connect solutions can securely extend your private network to the AWS Cloud and ensure the application experience. The products we cover include the CSR1000v and vEdge with Umbrella integration.
This talk was presented in NULL Delhi chapter meet in 2014, as an insight into the world of PCI (Payment Card Industry) and the 12 requirements of PCI DSS
This slide deck served as presentation material for the talk with the same name at the 2021 COSAC security architecture conference.
It provides an architecture for applying zero trust networking on Amazon Web Services (AWS). We take a pragmatic approach to ensure that we link the theoretical components to implementation candidates. This relies on application of graph theory to establish traceability, which we can subsequently use to verify the logical integrity of the architecture. Our literature review indicates that the first imperative is to establish a reference model that describes zero-trust networking. The zero-trust reference model is subsequently mapped to relevant AWS services that realizes the components. This establishes traceability in terms of implementation requirements for each service. We see as part of this review that AWS is mature in its ability to support zero trust capabilities and that we can realize many aspects of zero trust using off-the-shelf AWS services. The correct configuration of these services however is crucial. The research is useful in providing solution architects with the logical components that can drive further stages in architecture development to support zero trust initiatives on AWS tenants.
This talk was presented in NULL Delhi chapter meet in 2014, as an insight into the world of PCI (Payment Card Industry) and the 12 requirements of PCI DSS
This slide deck served as presentation material for the talk with the same name at the 2021 COSAC security architecture conference.
It provides an architecture for applying zero trust networking on Amazon Web Services (AWS). We take a pragmatic approach to ensure that we link the theoretical components to implementation candidates. This relies on application of graph theory to establish traceability, which we can subsequently use to verify the logical integrity of the architecture. Our literature review indicates that the first imperative is to establish a reference model that describes zero-trust networking. The zero-trust reference model is subsequently mapped to relevant AWS services that realizes the components. This establishes traceability in terms of implementation requirements for each service. We see as part of this review that AWS is mature in its ability to support zero trust capabilities and that we can realize many aspects of zero trust using off-the-shelf AWS services. The correct configuration of these services however is crucial. The research is useful in providing solution architects with the logical components that can drive further stages in architecture development to support zero trust initiatives on AWS tenants.
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
Enel, AWS, and Athonet: Connecting Millions of IoT Devices on Private LTE (TL...Amazon Web Services
The upcoming launch of unlicensed spectrums globally, including CBRS in the USA (and later MulteFire globally), sXGP in Japan, and LAA in France, opens up new opportunities for deployment of 5G-ready industrial-grade private LTE networks integrated for industrial IoT applications. Deploying a private LTE network requires key considerations of both localized and widely distributed networks for highly resilient, low-latency broadband and narrow band (LTE-M, NB-IoT) LTE communications. In this workshop, we dive deep into how Enel plans to integrate millions of devices across power plants and field devices to AWS IoT using a private LTE network from Athonet to realize a smart electricity enterprise. Enel is one of the world's largest electricity utilities, with a 30-million smart meter program in Italy that has underlying LTE connectivity through a private MVNO. Athonet is a market leader globally in private LTE, with over 100 dedicated LTE networks globally for industry, public safety, and digital use cases, providing the mobile core network for Enel's private MVNO.
IT-Serve.com | Best IT Service and Support Provider in DubaiIT-Serve.com
IT-Serve.com is a Managed IT Service and Support Provider in Dubai, UAE. Offering reliable and affordable IT Service and Support services in Dubai, Abu Dhabi, Sharjah UAE. Read more about IT-Serve's award winning IT Service and Support solutions.
IT leaders have talked for years about routing traffic directly to the internet from the branch, but network complexity and security challenges have been too great. Times have changed, and today digital transformation is pushing organizations to rapidly evolve branch office IT and security architectures to take advantage of cloud services.
Join a conversation with Zeus Kerravala, Founder and Principal Analyst, ZK Research, and Bill Lapp, Vice President of Customer Success, Zscaler, to discuss the challenges of cloud migration, along with the opportunities it presents. We’ll explore the best ways to address complexity and security in the branch, and discuss a strategic approach to providing a scalable architecture for the adoption of SaaS and cloud services
Losing customers due to long, paper driven onboarding process?
Need a fast, easy and effective system for onboarding the new age digital customers?
With uniserve onboard, start off your customer relationship by onboarding your customers at half the time.....
Enabling Airbus Digital Transformation with Splunk
Learn how Airbus are turning their data into doing across their organisation. From real time monitoring to IT Service Management to security operations – Airbus are maximising their use of data to deliver more services and continuous process improvement.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
Aryaka helps CIOs modernize their infrastructure and simplify operations by converging networking and security in an all-in-one service. In today’s distributed world, where applications are everywhere, and employees can be anywhere, this unified SASE approach provides enterprises the security, connectivity, and flexibility they need to adapt to an unpredictable future rapidly.
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...Amazon Web Services
A key component of Cisco hybrid cloud portfolio is Cloud Connect. In this session, we review how Cloud Connect solutions can securely extend your private networks into the AWS Cloud and ensure the application experience. The products we cover include the CSR1000v and vEdge with Umbrella integration. This session is brought to you by AWS Partner, Cisco.
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWSAmazon Web Services
Learn how to enable and support data migrations in AWS and keep your business applications highly secure, whether you are migrating your IT infrastructure to the cloud, migrating your business applications to the cloud, or simply moving traffic on AWS between different Availability Zones. Our real-world use cases include securing your critical business applications in AWS by deploying vSRX as a perimeter firewall for VPC instances, and enabling secure transport and routing for hybrid cloud deployments using IPSec VPNs on vMX. Session sponsored by Juniper Networks.
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
Enel, AWS, and Athonet: Connecting Millions of IoT Devices on Private LTE (TL...Amazon Web Services
The upcoming launch of unlicensed spectrums globally, including CBRS in the USA (and later MulteFire globally), sXGP in Japan, and LAA in France, opens up new opportunities for deployment of 5G-ready industrial-grade private LTE networks integrated for industrial IoT applications. Deploying a private LTE network requires key considerations of both localized and widely distributed networks for highly resilient, low-latency broadband and narrow band (LTE-M, NB-IoT) LTE communications. In this workshop, we dive deep into how Enel plans to integrate millions of devices across power plants and field devices to AWS IoT using a private LTE network from Athonet to realize a smart electricity enterprise. Enel is one of the world's largest electricity utilities, with a 30-million smart meter program in Italy that has underlying LTE connectivity through a private MVNO. Athonet is a market leader globally in private LTE, with over 100 dedicated LTE networks globally for industry, public safety, and digital use cases, providing the mobile core network for Enel's private MVNO.
IT-Serve.com | Best IT Service and Support Provider in DubaiIT-Serve.com
IT-Serve.com is a Managed IT Service and Support Provider in Dubai, UAE. Offering reliable and affordable IT Service and Support services in Dubai, Abu Dhabi, Sharjah UAE. Read more about IT-Serve's award winning IT Service and Support solutions.
IT leaders have talked for years about routing traffic directly to the internet from the branch, but network complexity and security challenges have been too great. Times have changed, and today digital transformation is pushing organizations to rapidly evolve branch office IT and security architectures to take advantage of cloud services.
Join a conversation with Zeus Kerravala, Founder and Principal Analyst, ZK Research, and Bill Lapp, Vice President of Customer Success, Zscaler, to discuss the challenges of cloud migration, along with the opportunities it presents. We’ll explore the best ways to address complexity and security in the branch, and discuss a strategic approach to providing a scalable architecture for the adoption of SaaS and cloud services
Losing customers due to long, paper driven onboarding process?
Need a fast, easy and effective system for onboarding the new age digital customers?
With uniserve onboard, start off your customer relationship by onboarding your customers at half the time.....
Enabling Airbus Digital Transformation with Splunk
Learn how Airbus are turning their data into doing across their organisation. From real time monitoring to IT Service Management to security operations – Airbus are maximising their use of data to deliver more services and continuous process improvement.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
Aryaka helps CIOs modernize their infrastructure and simplify operations by converging networking and security in an all-in-one service. In today’s distributed world, where applications are everywhere, and employees can be anywhere, this unified SASE approach provides enterprises the security, connectivity, and flexibility they need to adapt to an unpredictable future rapidly.
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...Amazon Web Services
A key component of Cisco hybrid cloud portfolio is Cloud Connect. In this session, we review how Cloud Connect solutions can securely extend your private networks into the AWS Cloud and ensure the application experience. The products we cover include the CSR1000v and vEdge with Umbrella integration. This session is brought to you by AWS Partner, Cisco.
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWSAmazon Web Services
Learn how to enable and support data migrations in AWS and keep your business applications highly secure, whether you are migrating your IT infrastructure to the cloud, migrating your business applications to the cloud, or simply moving traffic on AWS between different Availability Zones. Our real-world use cases include securing your critical business applications in AWS by deploying vSRX as a perimeter firewall for VPC instances, and enabling secure transport and routing for hybrid cloud deployments using IPSec VPNs on vMX. Session sponsored by Juniper Networks.
The session covers how Cisco SD-WAN can be used to extend the WAN connectivity to AWS. We show how the Viptela-based SD-WAN solution accelerates the path to cloud migration while maintaining the application SLA using the policy-based app fabric model. We cover Viptela's cloud-first network management, orchestration, and overlay technologies with industry-leading routing platforms, services, and SD-WAN capabilities from Cisco. We also cover how a customer deployed Cisco SD-WAN and the benefits they achieved, how a customer extended Cisco SD-WAN fabric to AWS, and the benefits of consistent security and segmentation, policy, network visibility, and connectivity options across branch, campus, data center, and cloud. This session is brought to you by AWS Partner, Cisco.
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...Amazon Web Services
You’re trying to minimize your time to deploy applications, reduce capital expenditure, and take advantage of the economies of scale made possible by using Amazon Web Services; however, you have existing on-premises applications that are not quite ready for complete migration. Hybrid architecture design can help! In this session, we discuss the fundamentals that any architect needs to consider when building a hybrid design from the ground up. Attendees get exposure to Amazon VPC, VPNs, Amazon Direct Connect, on-premises routing and connectivity, application discovery and definition, and how to tie all of these components together into a successful hybrid architecture.
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...Amazon Web Services
Organizations use application delivery controllers (ADCs) to ensure that their most important applications receive the best performance across their network. In this session, you learn how and why Salesforce used the F5 BIG-IP platform, an ADC solution from AWS Marketplace, during a migration to AWS. To preserve an existing skillset within their business, Salesforce chose AWS Marketplace to first evaluate the solution on the AWS platform before ultimately selecting it as part of their international rollout. You see how BIG-IP performs application routing and security, and how it works with existing AWS networking solutions to provide a consistent experience for domestic and international rollouts. You also learn how Salesforce successfully used the AWS Marketplace Private Offers program to procure an enterprise license and consolidate the expenditure onto their AWS bill.
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...Amazon Web Services
Organizations use application delivery controllers (ADCs) to ensure that their most important applications receive the best performance across their network. In this session, you learn how and why Salesforce used the F5 BIG-IP platform, an ADC solution from AWS Marketplace, during a migration to AWS. To preserve an existing skillset within their business, Salesforce chose AWS Marketplace to first evaluate the solution on the AWS platform before ultimately selecting it as part of their international rollout. You see how BIG-IP performs application routing and security, and how it works with existing AWS networking solutions to provide a consistent experience for domestic and international rollouts. You also learn how Salesforce successfully used the AWS Marketplace Private Offers program to procure an enterprise license and consolidate the expenditure onto their AWS bill.
As Enterprises increasingly span their workloads across on-premises data centers and cloud environments, it is becoming significantly complex for IT teams to enable better workload portability and create consistent application delivery and networking services.
In this webinar, you will learn how VMware NSX Advanced Load Balancer facilitates seamless application delivery and provides choices to deploy your applications across on-premises data centers and Oracle Cloud Virtual Services (OCVS) while enabling:
Modern Application Delivery: Consider consistency, elastic scalability, cloud-native automation, and built-in end-to-end observability when choosing load balancing across hybrid environments.
Data-center Extension: Ensure continuous operations while providing elastic L4-L7 load balancing, security, and real-time application analytics for VMware-based apps running in Google Cloud.
Lift-and-Shift: When migrating to OCVS from an on-premises data center, operationalize uninterrupted enterprise-grade features, including GSLB and WAF.
You can seamlessly extend your datacenter into the cloud with VMware Cloud on AWS. This webinar focuses on getting started, moving and managing VMware workloads on AWS.
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
Which is better: a single VPC with multiple subnets or multiple accounts with many VPCs? Should you simplify management with a single VPC or use multiple VPCs to lessen the blast radius of network changes? In this session, we hear from customers who've implemented each approach and discuss how they addressed management, security, and connectivity for their Amazon EC2 environments.
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This midlevel architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with VPC. Learn how you can connect your VPC with your offices and current data center footprint. This session adds a focus on AWS Partners and where they are relevant in AWS networking.
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
Similar to Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain User Experience (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain User Experience
1. Liad Ofek
Director, Product management
Cloud and Virtualization
Networking Business Unit
July 2018
Cisco Hybrid cloud :
Cloud Connect
2. It’s a Hybrid cloud world
Source: IDC CloudView, April, 2017, n=8,293 worldwide respondents, weighted by country, company size and industry
Evaluating or using
public cloud
85%
Taken steps towards a hybrid
cloud strategy
87%
Among cloud users
3. Hybrid cloud Complexity Challenges
“I need to…”
FRAGMENTED
COMPLEX
NO DATA CONTROL
“…securely extend
private networks to
public clouds”
“…define and
execute my cloud
first strategy”
“…protect my cloud
applications, endpoints,
and data”
“…migrate to cloud
and manage the full
application lifecycle”
4. Cloud Adoption Journey-Key Activities
& Pain Points
FRAGMENTED
COMPLEX
NO DATA CONTROL
SaaS
SaaS
SaaS
SaaS
SaaS
SaaS
SaaS
Other
Public
Clouds
IaaS
AWS
PaaS
SaaS
PrivatePrivate
8. Cisco Cloud Portfolio — Implementation
▪ Faster implementation
and time to value
▪ Lower risk
▪ Lower cost
Design and
Deployment GuidesHybrid Cloud
Portfolio
Cloud
Connect
Cloud
Protect
Cloud
Advisory
Cloud
Consume
• Best practices
• Integrated design
• Detailed implementation
steps
9. Cloud Connectivity Challenges
On-Prem Datacenters
Remote Branches
Public Cloud
• Complexity & Dependency – Need a
simple and scalable way to securely
extend the private network across
cloud environments
• Inconsistent security policies between
private & public- Need to apply
consistent security policies
• Performance and ambiguity for best
path to reach the cloud – Need
enhance application experience
Applications
Users
Cloud
Connect
AWS
10. Enterprise DC
ASR1K
Branch
ISR4K
Cloud Connect – CSR 1000V
Securely extend the private
network to the cloud from
the Branch and DC with CSR1000v
Extend routing to multi-VPC
environment with CSR100v in Transit
VPC
Maintain application experience
with QoS and AVC
CSR1000v
CSR1000v
CSR1000v
VPC
VPC
VPC
VPC
VPC
11. Enterprise DC
ASR1K
Branch
Cloud Connect w/vEdge Cloud
vEdge Cloud
vEdgevEdge
Internet
Direct Cloud connectivity from a Branch
with vEdge to vEdge Cloud
Extend routing to multi-VPC environment
with vEdgeTransit VPC
Extend Cisco SD-WAN fabric to the cloud
VPC
VPC
VPC
VPC
VPC
12. Branch Enterprise DC
ASR1K
Cloud Connect - vEdge and Umbrella
vEdge Cloud
vEdgevEdge
Protecting your branch office users directly to
your multi-cloud environment leveraging
direct internet access(DIA), using vEdge and
secure internet gateway (Umbrella)
VPC
VPC
VPC
VPC
VPC
InternetUmbrella
14. CSR Cloud High Availability
• No virtual IP as with HSRP, since AWS
doesn’t allow multicast
• BFD over GRE tunnel is enabled between
two CSRs to detect failure
• AWS Route Tables for app subnets are re-
pointed to surviving CSR
• Failure detection is automatic
• CSR itself calls AWS API to adjust AWS
Route Table routes
• Sub-second failover
VPC
CSR Subnet
App Subnet
A
App Subnet
B
Before HA Failover
After HA Failover
AWS REST API
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/aws/b_csraws/b_csraws_chapter_0100.html
BFD
14
15. Public Cloud Transit Routing Challenge
• No transit routing capability
A-B Peering
B-C Peering
Transit Routing NOT supported
A-to-C-thru-B
Full mesh
Private DC
…
Backhaul2
See next slide
VPC-A
VPC-C
VPC-B
15
AWS
16. Transit VPC Design
• Dedicated VPC: Simplifies routing by not
combining with other shared services.
• CSR1000v Virtual Network Appliances:
Provide dynamic routing and VPN network
tunnels
• Redundancy: Dynamic routing combined
with multi-AZ deployment creates a robust
network infrastructure.
• VGW: VPC virtual gateways provide highly
available connections to transit VPC virtual
network appliances.
BA C
…...
Direct Connect
Or Internet
Private DC
Transit VPC
Spoke VPC
Other
Provider
Networks
CSR1 CSR2
AZ1 AZ2
Across regions, accounts/subscriptions
ASR
VPCVPCVPC
VPC
17. Scale Out
Private DC
Transit VPC
DX/ER
Internet
ASR
VPC
CSR1 CSR2 CSR3 CSR4
…...
• Add another pair of CSRs to scale
out
• Remote end (VGW) has multiple
tunnels and do L3 ECMP (Equal Cost
Multiple Path)
• Elasticity as you go: monitor CSR
real-time throughput and spin up
new CSRs on demand.
18. Traffic Segregation
• Traffic segregation is built-in natively
• Each Spoke VPC is represented as a
different VRF in CSR
• Routing is controlled through RT
(Route Target)
• Different VPCs can communicate by
export/import same RT
• Follow same mechanism to create
customized VRF like on-premise VRF
CSR1
MP-BGP
On-Premise VRF
CSR2
VPC-A VPC-B VPC-C
Private DC
VPC-C VRFVPC-B VRFVPC-A VRF
19. Data Center
Transit VPC
AZ1 AZ2
App 1
(VPC1)
App 2
(VPC2) App 3 (VPC3) Internet
Employee
Developer
Guest
Non-Compliant
✓ X ✓ ✓
X X ✓ ✓
X ✓ ✓ ✓
VPC1
Extend Trust Sec into AWS Transit VPC
Simplifying Segmentation and Control
Direct Connect
Dynamic Route Peering
Employee Tag
Developer Tag
Guest Tag
Non-Compliant Tag
X X ✓ ✓
ISE
Identity & Access Control
Policy Enforcement
App 1
VPC2
App 2
VPC3
App 3
Control Access to spoke VPC’s
based on SGT Tags and Policy
Enforcement within the Transit VPC
Hub CSRv’s
• Control Traffic between VPC’s
• Simplify Security Configurations
• Scale Security Group Control
• Single Control Point
dev pro test
ASR1K
CSR1 CSR2
20. Prioritize Your Traffic with QoS Policy
• AWS Infrastructure doesn’t acknowledge QoS value, however you can use it over Tunnel
• Based on transport type (Direct Connect, VPC Peering, Public IP), shape different traffic to ensure
app experience when link get over-subscribed
Cisco
ISR/ASR
Corporate DC
Co-Lo
Direct Connect
QoS
IPSEC Tunnel
21. Integrated Security Features on CSR
ACL VRF
Zone Based
Firewall
IPSEC
Trust Sec
Encrypted
Traffic
Analytics (ETA)Transit Hub
VPC
Integrated Security
• Low TCO by enabling security services
• Built-in high availability with routing
• Single device to manage routing and security
CSR1 CSR2
21
22. Cloud Security with Cisco Umbrella
Regional
Data Center
Remote Site
ISP1
SD-WAN
Fabric
DNS Queries
Data Center
DIA
• vEdge router intercepts client DNS queries
- Deep Packet Inspection
• DNS queries are forwarded to Cisco Umbrella
DNS servers based on the data or application
aware routing policies centrally defined on
vManage
- Target DNS servers list is defined under the
service side VPN
- Policy can pin DNS query for specific application
(DPI based) to specific DNS server from the list
• Cisco Umbrella enforces security policy compliance
based on DNS resolution
23. Two deployment models
VPC
Application VPC Gateway
• CSR deployed in application VPC
• Provide IPSEC gateway for entire VPC
• Need high availability
Transit Hub Router
• CSR deployed in dedicated Transit Hub, not in
application VPC
• High speed traffic routing for spoke VPC
• High availability is built-in natively
Transit Hub
AZ1 AZ2
Application VPC
VPC
23
24. Viptela Confidential24
Cloud onRamp for IaaS
How it works
Internet
Branch
DC
MPLS
Public Cloud (AWS) connectivity solution consumable through the vManage platform
vManage
Platform
Public cloud credentials
added to vManage
vManage invokes
instantiation of vEdge
instances in users
accounts & connects
IaaS instances to vEdge
GW VPN segments
IaaS instances are
discovered from users
account in a region.
User selects instances
to operate on
New instances can
be discovered and
mapped to VPN
segments later
Public Cloud Provider 1 Region 1
IaaS instances
IaaS instances
vEdge GW
User defines vEdge
gateway parameters and
maps IaaS instances to VPN
segments in the overlay
vManage Cloud onRamp for IaaS app: A vManage
application that orchestrates connectivity to IaaS
instances across multiple cloud and multiple regions.
Provides visibility into cloud instances.
vEdge Cloud Router: A virtualized
version of the vEdge router. Available
on the AWS and Azure marketplace.
25. Viptela Confidential25
Cloud onRamp for SaaS
Regional
internet exit
Branch with
local DMZ
Data
Center/DMZ
vFabric
httping probes
SaaS traffic primary
SaaS traffic backup
Cloud onRamp for SaaS Gateways: vEdge routers monitoring
service availability to SaaS apps.
vManage Cloud onRamp for SaaS app: A vManage application
provides visibility into SaaS performance and availability from the
branch.
• User designates Cloud onRamp gateways which can be remote
DMZs or local CPE (DIA case)
• SLA metrics are computed by using httping based probes to the
SaaS endpoint through the Cloud onRamp gateway
• Per application SLA metrics include loss and latency
• Application aware routing to SaaS end-point from gateway routers
• Path experiencing better SLA for the application is chosen
How it works
Viptela Quality of Experience (vQoE) score: Provides visibility into
application QoE based on realtime probes. vQoE information influences
routing decisions on vEdge routers
26. Viptela Confidential26
Why Cloud Connect ?
• Proven methodology – Transforming to deliver business outcomes based on
adoption of capabilities via cloud technologies
• Ease of management- Easy management and administration due to
consistency of the solutions between on prem and public cloud
• Integrated Security - Most comprehensive security and networking features
and services that leverage existing infrastructure
• Seamless transition to cloud environments by extending enterprise grade
networking & security from on-prem to cloud
• Best-in-class SD WAN with security - Viptela with Umbrella
• Best Network flow monitoring and threat analytics
27. Q: Where can I find the CSR on AWS?
A: In the AWS marketplace!
1. Search for “Cisco”
2. Pick a flavor
27