Secure Cloud Networking – Beyond Cloud Boundaries. When you are learning cloud, networking examples are just complicated enough to get you exposed to the networking fundamentals of that cloud. Real-life is quite a bit different. Matt Kazmar, Rod Stuhlmuller, Corbin Louks and Mark Cunningham from Aviatrix walks us through the complications of cloud networking, especially those encountered beyond one cloud.
Slides from my presentation at Azure Saturday on 26.5.2018 in Munich.
In this session, I will cover the Secure DevOps Toolkit for Azure, a set of security-related tools, Powershell modules, extensions and automations for Azure. The session is a collection of lessons learned using the Toolkit from real-life projects.
After this sessions you will be able to improve the security of your Azure usage from IDE to Operations, regardless of your current state of security and level of cloud adoption.
Synnefo @ LinuxCon/CloudOpen North America 2014Vangelis Koukis
Synnefo is an open source cloud platform written from scratch in Python. It provides Compute, Network, Image, Volume, Object Storage, Identity, and Quota services, exposing the corresponding OpenStack APIs. To do so, Synnefo manages multiple Ganeti clusters in the backend, and uses Archipelago to unify cloud storage.
Synnefo has been used to power GRNET's large-scale "~okeanos" public cloud service, currently hosting over 10,000 VMs, with over 350,000 VMs launched in the last three years.
In this presentation, Vangelis Koukis focuses on why Synnefo chose to go the Google way, and why targeting enterprise-like, persistent VMs in a cloud stack matters. After presenting the general Synnefo architecture and components used (Python, Django, Ganeti, KVM, Archipelago, Ceph/RADOS), the talk reviews how Synnefo provides a unified view of cloud storage resources over Archipelago.
This course teaches participants the following skills:
Design and build data processing systems on Google Cloud Platform
Process batch and streaming data by implementing autoscaling data pipelines on Cloud Dataflow
Derive business insights from extremely large datasets using Google BigQuery
Train, evaluate and predict using machine learning models using Tensorflow and Cloud ML
Leverage unstructured data using Spark and ML APIs on Cloud Dataproc
Enable instant insights from streaming data
Slides from my presentation at Azure Saturday on 26.5.2018 in Munich.
In this session, I will cover the Secure DevOps Toolkit for Azure, a set of security-related tools, Powershell modules, extensions and automations for Azure. The session is a collection of lessons learned using the Toolkit from real-life projects.
After this sessions you will be able to improve the security of your Azure usage from IDE to Operations, regardless of your current state of security and level of cloud adoption.
Synnefo @ LinuxCon/CloudOpen North America 2014Vangelis Koukis
Synnefo is an open source cloud platform written from scratch in Python. It provides Compute, Network, Image, Volume, Object Storage, Identity, and Quota services, exposing the corresponding OpenStack APIs. To do so, Synnefo manages multiple Ganeti clusters in the backend, and uses Archipelago to unify cloud storage.
Synnefo has been used to power GRNET's large-scale "~okeanos" public cloud service, currently hosting over 10,000 VMs, with over 350,000 VMs launched in the last three years.
In this presentation, Vangelis Koukis focuses on why Synnefo chose to go the Google way, and why targeting enterprise-like, persistent VMs in a cloud stack matters. After presenting the general Synnefo architecture and components used (Python, Django, Ganeti, KVM, Archipelago, Ceph/RADOS), the talk reviews how Synnefo provides a unified view of cloud storage resources over Archipelago.
This course teaches participants the following skills:
Design and build data processing systems on Google Cloud Platform
Process batch and streaming data by implementing autoscaling data pipelines on Cloud Dataflow
Derive business insights from extremely large datasets using Google BigQuery
Train, evaluate and predict using machine learning models using Tensorflow and Cloud ML
Leverage unstructured data using Spark and ML APIs on Cloud Dataproc
Enable instant insights from streaming data
Terraform allows you to define your infrastructure as code. Variables and modules empower you to extend and reuse your Infrastructure as Code. With the Consul provider for Terraform, you can also let your Consul KV data drive your Terraform runs.
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Learn how to gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Join us to Learn:
How to protect and automate your AWS deployments while maintaining data segregation
Best practices for creating consistent security for data moving to and from the cloud
How to securely extend your application development testing environment to AWS
Speakers:
AWS Speaker: David Wright, Solution Architect
Palo Alto Networks Speaker: Bisham Kishnani, Senior Consulting Engineer
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
Azure Identity (AD,ADFS 2.0,AAD,ADB2C,OAuth,OpenID,PingID,AD Custom Policies) ,
Azure PaaS (Azure Functions, Serverless computing, Azure Comsos DB, Webhooks, API Apps, Logic Apps, Kudu, Azure Websites), Azure Functions, Lamda Function, Event Functions, Serverless architecture, Implementing azure functions on GIT HUB comment feature, Why Azure Functions, Azure Virtual Machines, Azure Cloud Services, Azure Web Apps & WebJobs, Service Fabric, Consumption Plans, Billing Model, Benefits of Azure Functions, What is serverless, Implementing bigger solutions into smaller azure functions, Microservices, Use cases, Function App, Implementation storing unstructured data using Azure functions into Cosmos DB, Cosmos DB, Custom Azure functions, Azure Cosmos DB, IOTS, Document DB, Doc DB, How to setup a Jenkins build server and automatically trigger code from Visual studio online,Azure App Service, App service Environment, Azure Stack, Managing Azure App services, Azure Powershell, Azure CLI, REST APIS, Azure Portal, Templates, Kudu Console access, Run GIT Commands on Kudu Console, Locking Azure Resources, Configuring Custom Domains, Adding Extensions to Azure Web App/Websites, App service Deployment options, Data Services in Azure , Azure SQL, Azure SQL server, Azure SQL database vs SQL server in a Azure VM, SQL Tiers, DTU, Data Transactional Unit, Planning & provisioning azure SQL databases,Migrating SQL Databases, Azure SQL Server, SQL server transactional replication, Deploy database to Microsoft Azure Database Wizard, DAC package, DAC, SQL compatibility issues, Migrating SQL with downtime, DMA, Data Migration Assistant, Database Snapshot, Migrating SQL without downtime, DTU, Data Transactional Unit, Recommendations for best performance during SQL Import Process, Transactional Replication, T-SQL, Task to implement what ever you learnt till now,
RightScale Webinar: Security and Compliance in the CloudRightScale
In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure.
Key Topics:
1. Understanding the security requirements of cloud
2. Security certifications among cloud providers
3. Managing secure & compliant cloud-enabled organizations
4. Live demo of the RightScale approach
See what deploying across polycloud environments using cross-workloads looks like in HashiCorp Nomad. And See Consul tie these workloads together with secure routing.
With the GA release of Consul 1.6, HashiCorp Dev Advocate Nic Jackson demos several new features in this release, including Layer 7 controls and Mesh Gateways.
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
You've employed the practices outlined for incident detection, but what do you do when you detect an incident in the cloud? This session walks you through a hypothetical incident response on AWS. Learn to leverage the unique capabilities of the AWS environment when you respond to an incident, which in many ways is similar to how you respond to incidents in your own infrastructure. This session also covers specific environment recovery steps available on AWS.
MSHOWTO ile Tech Summit 1'de Bende Özgür Çebi ile birlikte Citrix on Azure oturumunu gerçekleştirdim. Bu oturuma ait sunumu bu adresten inceleyebilirsiniz.
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
Erwin Staal from 4DotNet will share experience on “Network security with Azure PaaS services“.
He will share some of the things he learned while implementing network security at his current client. We will start with a short introduction to the basics of networking in Azure. He will present to you some best practices and tell you about some of the limitations you need to know before getting started. We will talk about how you for example can lock-down your API or SQL-server. To do that we will use relatively new Azure offerings like Service endpoints, Private endpoints, and VPN connections.
Erwin is a .NET Software Engineer and DevOps Consultant at 4DotNet. He’s helping clients with ASP.NET Core, Docker and Kubernetes and as a DevOps Consultant he helps companies with the implementation of DevOps and Continuous Delivery.
The presentation is dedicated to the main products of NUVX Technologies, which will be of interest to Telco companies, ISP providers, as well as integrators.
Our key products are: NUVX.DPI, NUVX.NAT and NUVX.QoE
Feel free to contact us in case of any questions: http://nuvx.com/contacts
Terraform allows you to define your infrastructure as code. Variables and modules empower you to extend and reuse your Infrastructure as Code. With the Consul provider for Terraform, you can also let your Consul KV data drive your Terraform runs.
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Learn how to gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Join us to Learn:
How to protect and automate your AWS deployments while maintaining data segregation
Best practices for creating consistent security for data moving to and from the cloud
How to securely extend your application development testing environment to AWS
Speakers:
AWS Speaker: David Wright, Solution Architect
Palo Alto Networks Speaker: Bisham Kishnani, Senior Consulting Engineer
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
Azure Identity (AD,ADFS 2.0,AAD,ADB2C,OAuth,OpenID,PingID,AD Custom Policies) ,
Azure PaaS (Azure Functions, Serverless computing, Azure Comsos DB, Webhooks, API Apps, Logic Apps, Kudu, Azure Websites), Azure Functions, Lamda Function, Event Functions, Serverless architecture, Implementing azure functions on GIT HUB comment feature, Why Azure Functions, Azure Virtual Machines, Azure Cloud Services, Azure Web Apps & WebJobs, Service Fabric, Consumption Plans, Billing Model, Benefits of Azure Functions, What is serverless, Implementing bigger solutions into smaller azure functions, Microservices, Use cases, Function App, Implementation storing unstructured data using Azure functions into Cosmos DB, Cosmos DB, Custom Azure functions, Azure Cosmos DB, IOTS, Document DB, Doc DB, How to setup a Jenkins build server and automatically trigger code from Visual studio online,Azure App Service, App service Environment, Azure Stack, Managing Azure App services, Azure Powershell, Azure CLI, REST APIS, Azure Portal, Templates, Kudu Console access, Run GIT Commands on Kudu Console, Locking Azure Resources, Configuring Custom Domains, Adding Extensions to Azure Web App/Websites, App service Deployment options, Data Services in Azure , Azure SQL, Azure SQL server, Azure SQL database vs SQL server in a Azure VM, SQL Tiers, DTU, Data Transactional Unit, Planning & provisioning azure SQL databases,Migrating SQL Databases, Azure SQL Server, SQL server transactional replication, Deploy database to Microsoft Azure Database Wizard, DAC package, DAC, SQL compatibility issues, Migrating SQL with downtime, DMA, Data Migration Assistant, Database Snapshot, Migrating SQL without downtime, DTU, Data Transactional Unit, Recommendations for best performance during SQL Import Process, Transactional Replication, T-SQL, Task to implement what ever you learnt till now,
RightScale Webinar: Security and Compliance in the CloudRightScale
In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure.
Key Topics:
1. Understanding the security requirements of cloud
2. Security certifications among cloud providers
3. Managing secure & compliant cloud-enabled organizations
4. Live demo of the RightScale approach
See what deploying across polycloud environments using cross-workloads looks like in HashiCorp Nomad. And See Consul tie these workloads together with secure routing.
With the GA release of Consul 1.6, HashiCorp Dev Advocate Nic Jackson demos several new features in this release, including Layer 7 controls and Mesh Gateways.
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014Amazon Web Services
You've employed the practices outlined for incident detection, but what do you do when you detect an incident in the cloud? This session walks you through a hypothetical incident response on AWS. Learn to leverage the unique capabilities of the AWS environment when you respond to an incident, which in many ways is similar to how you respond to incidents in your own infrastructure. This session also covers specific environment recovery steps available on AWS.
MSHOWTO ile Tech Summit 1'de Bende Özgür Çebi ile birlikte Citrix on Azure oturumunu gerçekleştirdim. Bu oturuma ait sunumu bu adresten inceleyebilirsiniz.
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
Erwin Staal from 4DotNet will share experience on “Network security with Azure PaaS services“.
He will share some of the things he learned while implementing network security at his current client. We will start with a short introduction to the basics of networking in Azure. He will present to you some best practices and tell you about some of the limitations you need to know before getting started. We will talk about how you for example can lock-down your API or SQL-server. To do that we will use relatively new Azure offerings like Service endpoints, Private endpoints, and VPN connections.
Erwin is a .NET Software Engineer and DevOps Consultant at 4DotNet. He’s helping clients with ASP.NET Core, Docker and Kubernetes and as a DevOps Consultant he helps companies with the implementation of DevOps and Continuous Delivery.
The presentation is dedicated to the main products of NUVX Technologies, which will be of interest to Telco companies, ISP providers, as well as integrators.
Our key products are: NUVX.DPI, NUVX.NAT and NUVX.QoE
Feel free to contact us in case of any questions: http://nuvx.com/contacts
Customer interest is increasing well beyond just what our standalone products offer. In fact, customer don’t care about the products, they care about the solution. IaaS with SDN as a solution is extremely popular. Therefore, this is focused on joint solution of vRA, vRO, NSX-v and 3rd party options.
This hands on workshop for OpenContrail will be led by Sreelakshmi Sarva & Aniket Daptari.
This is a labs session so we will have hard RSVP limits. Please RSVP only if you are confident that you will be able to attend.
About Sreelakshmi Sarva
Sree is currently working as part of solution engineering team at Juniper’s Contrail team. She is responsible for delivering & managing SDN solutions & partnerships relating to Contrail. She has been with Juniper for the last 13 years working on various Routing, Switching, Network programmability & virtualization platforms. Prior to Juniper, She worked at Nortel networks in the Systems Engineering group. Sree received her Masters in Computer Science from University of Texas at Dallas and Bachelor’s in Computer Science from India.
About Aniket Daptari
Aniket is currently working as part of Juniper Networks' Contrail Cloud Solutions team. He is responsible for delivering SDN solutions and technology partnerships related to Contrail. He has been with Juniper for the last 3 years working on various Network programmability & virtualization platforms. Prior to Juniper, he worked at Cisco Systems in the Internet Systems Business Unit (Catalyst 6500). Aniket received his Masters in Computer Science from University of Southern California and a graduate certificate in Management Science and Engineering from Stanford University.
Course Abstract
This session will be the first of a series of OpenContrail hands-on tutorials for developers who want to get deep into OpenContrail code.
This “Basic OpenContrail Programming” Hands-on Session will focus on making developers proficient in writing and contributing code for our OpenContrail Project.
Session will cover the following areas
1) Contrail Overview
· Use Cases
· Architecture recap
2) Contrail Hands on
· Demo + Hands on - Configuration , VN, VM, Network Policies etc
· DevStack introduction
The number of internet-connected devices is growing exponentially, enabling an increasing number of edge applications in environments such as smart cities, retail, and industry 4.0. These intelligent solutions often require processing large amounts of data, running models to enable image recognition, predictive analytics, autonomous systems, and more. Increasing system workloads and data processing capacity at the edge is essential to minimize latency, improve responsiveness, and reduce network traffic back to data centers. Purpose-built systems such as Supermicro’s short-depth, multi-node SuperEdge, powered by 3rd Gen Intel® Xeon® Scalable processors, increase compute and I/O density at the edge and enable businesses to further accelerate innovation.
Join this webinar to discover new insights in edge-to-cloud infrastructures and learn how Supermicro SuperEdge multi-node solutions leverage data center scale, performance, and efficiency for 5G, IoT, and Edge applications.
With uCPE/SD-WAN taking center stage in enabling software-defined Cloud services to enterprise branch offices globally, this session will provide a uCPE review from a solution, deployment and reference design standpoint.
Speaker: Sab Gosal, Segment Manager
Network Platforms Group (NPG), September 2018
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
Similar to GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries (20)
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
It's important to remember that accessing the dark web can be risky and requires specialized skills and tools. Many organizations leverage threat intelligence companies that have a safe and legal way to monitor these areas and extract valuable information.
Let's shine some light on the Dark Web.
Kyle Hettinger from Recorded Future's Dark Web research team joins GDG Cloud Southlake joins to Demystify the Dark Web.
Kyle has been doing cybercrime investigations for over 10 years, and has collaborated with both public and private sector partners to identify, mitigate, and neutralize cybercriminals.
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...James Anderson
GDG Cloud Southlake #31: Santosh Chennuri and Festus Yeboah: Empowering Developers: Gen AI's Impact on Productivity
In this interactive presentation and demo, we'll explore how Generative AI is revolutionizing the entire software development lifecycle (SDLC), empowering developers to work smarter, innovate faster, and deliver cutting-edge features to the market with unprecedented speed.
Santosh is the Lead Customer Engineer passionate about exploring the potential of Gen AI for enterprise clients. With a background in cloud migrations, DevOps, and application modernization, Santosh is committed to finding new ways to leverage generative AI for increased efficiency and problem-solving.
Festus is a Customer Engineer at Google Cloud, specializing in data and AI. He advises organizations on harnessing the potential of generative AI for innovation and enhanced customer experiences. With a strong background in data engineering and machine learning, Festus offers a unique perspective on improving developer productivity using GenAI solutions. Outside of work, he enjoys spending time with his family and is an avid fan of the Marvel Cinematic Universe.
#gdg #gdgcloudsouthlake #gdgcloud #google #genai #duetai #DeveloperProductivity #SDLC
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...James Anderson
Breeding 10x Developers with Developer Productivity Engineering
Sasquatch. Yeti. The Loch Ness Monster. The 10x Developer. You may think of these as mythical creatures that can’t possibly exist, but the 10x Organization is very real. In this session, Gradle’s Brian Demers will explain how a dedicated Developer Productivity Engineering (DPE) organization can breed 10x Developers. By reducing the toil, friction, and frustration of slow builds, flaky tests, and other avoidable failures, a DPE team enables a level of developer productivity that you may have thought impossible. Brian will help you explore DPE technologies, including build and test acceleration, failure analytics, and easily analyzed build records to show how to create an environment in which 10x Developers not only exist, but thrive.
Brian Demers is a Java Champion, Developer Advocate at Gradle and a PMC member for the Apache Shiro project. He spends much of his day contributing to OSS projects in the form of writing code, tutorials, blogs, and answering questions. Along with typical software development, Brian also has a passion for fast builds and automation. You can see the various topics he speaks on here.
Away from the keyboard, Brian is a beekeeper and can likely be found playing board games. You can find him on Twitter at @BrianDemers and most other places as ‘bdemers’.
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesJames Anderson
Given the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released Top 10 for Kubernetes (https://owasp.org/www-project-kubernetes-top-ten/) led by KSOC CTO & Co-Founder, Jimmy Mesta. When adopting Kubernetes, we introduce new risks to our applications and infrastructure. The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top 10 is a prioritized list of these risks. In the future, we hope for this to be backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how you can get involved.
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...James Anderson
GDG Cloud Southlake #28: Brad Taylor and Shawn Augenstein: Old Problems in the New Frontiers of AI
• Brad discusses how decades-old laws and expanding regulation have new implications in the ML and Large Model age, and will touch on:
• Legal and Regulatory: Data usage rights, cautionary tale of stability.ai and Getty Images, EU's planned expansion of GDPR re models
• How Neural Networks, zero and one-shot learning, and LLMs have increased the need for better data governance, lineage management
• Shawn speaks on the coming "Data Renaissance"
• The New IP: Prompts and Internatl Interaction Data
• Where GenAI can be used right now and where it maybe shouldn't be used yet
• The Power of the Diversity of Insight
• What is making the future look bright!
Brad has been an intrapreneur and entrepreneur in data, AI, and IoT and has led teams in the creation of NLP, data products and predictive analytics for retention, churn, driver safety, traffic, CX and fleet risk. He has built solutions on global hyperscalers GCP, AWS, Azure, and IBM. Brad is a former founding partner at Tech Wildcatters, and worked with dozens of mobile, SaaS and AI start-ups, many of which became both job creators and profitable exits for TW investors. He is currently a Senior Manager in Pepsico's global Strategy and Transformation group, where he focuses on delivering AI/ML driven solutions.
Shawn Augenstein is a dynamic and highly experienced professional, who is driven by educating, providing equal access to technology and equitable access to information. Currently, Shawn serves as Principal Data & AI Consultant at CDW, where he develops the curriculum and architectures for understanding and furthering the use of AI, as well as developing solutions for both partners and clients. In his spare time, he enjoys exploring new frontiers of Diffusers, capturing moments through photography, and listening to music as a passionate melophile.
GDG SLK - Why should devs care about container security.pdfJames Anderson
Title: Why should developers care about container security?
Abstract: Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don’t have an appsec background to fully understand why they are important. In this session, we will go over several of the most common practices, show examples of how your workloads can be exploited if not followed and, most importantly, how to easily find and fix your Dockerfiles and deployment manifests (i.e. Kubernetes config's) before you commit your code.
Speaker: Eric is a 30+ year enterprise software developer, architect, and consultant with a focus on CI/CD, DevOps, and container-based solutions over the last decade. He is a Docker Captain, is certified in Kubernetes (CKA, CKAD, CKS), and has been a Docker user since 2013. As a Senior Developer Advocate at Snyk, Eric helps developers implement proactive and scalable security practices with a focus on container and cloud-native technologies.
Catch the video: https://youtu.be/lBNcUBdY-VM
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfJames Anderson
GraphQL - Industry insights on the rise of the supergraph
Exploring what we’ve learned from hundreds of organizations transforming their business and customer experiences with GraphQL & the supergraph.
In his talk and Q&A session, Dan Boerner will share insights and best practices from his experience working with hundreds of companies working to unblock their teams and backlogs with the supergraph—a new layer of the stack. He’ll share real-world examples to explore why GraphQL and its architectural advantages must be coupled with leadership, vision, team empowerment, and mindset shifts to truly transform the way enterprises build, deliver and organize themselves to create digital products. As Apollo’s Graph Champion, Dan leads Apollo’s community of 800+ GraphQL leaders from 350 companies. Before joining Apollo, Dan led Expedia Group’s effort to radically accelerate the delivery of improved customer experiences with a company-wide supergraph.
Dan is passionate about helping graph champions harness the transformative power of the supergraph to improve product development and digital customer experiences. At Apollo, he leads a community of hundreds of GraphQL champions working to drive transformation within their organizations. He joined Apollo after a long tenure at Expedia Group where he led the effort to create a company-wide supergraph transforming product development and delivery, and enabling the organization to roll out their new trips platform in 1 year instead of 3.
https://youtu.be/0Vucl1qVecM
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...James Anderson
GDG Cloud Southlake #25: Ostrowski/Browne: Sabre's Journey to the Cloud
Brief overview of Sabre's journey from private datacenters, through multi-cloud to mono-cloud and beyond. Review of the drivers, expectations, and results with plenty of time for Q&A.
Jacek Ostrowski
Sabre
Sr Director Platform Engineering
In 1998 Jacek received MS in Computer Science from Jagiellonian University, Poland and started a developer career.
From 2001 to 2007 he honed his java and architecture skills while building systems supporting data warehouses with Asseco Poland.
In 2007 joined Sabre as a senior java engineer, and a few years later moved to enterprise architecture. After a few years as an EA, he started championing platform product management and took the platform product manager position. In 2018 took a leadership position over a team of platform product managers.
From 2020 Jacek leads Platform Engineering and uses his developer experience and product mindset to make Sabre's developers happier and more productive.
David Browne
Sabre
Senior Principal SRE Architecture
Graduated from the University of Waterloo with Joint degrees in Computer Science and Actuarial Science. Has spent 20 years doing software development and Enterprise Architecture work with IBM, Travelocity, and Sabre.
Experienced in implementing enterprise DevOps solutions to deploy software into on-prem and cloud-based environments such as AWS, Azure and GCP.
Currently working as an SRE architect with Sabre where he is an advocate for designing and implementing enterprise DevOps solutions that can run at scale. Enabling hundreds of teams to get their software products to market faster and more efficiently while meeting today’s current reliability regulatory and security requirements.
https://gdg.community.dev/events/details/google-gdg-cloud-southlake-presents-gdg-cloud-southlake-25-ostrowskibrowne-sabres-journey-to-the-cloud/cohost-gdg-cloud-southlake
This is the white paper behind the GDG Cloud Southlake #24 presentation by Arty Starr:
Enabling Powerful Software Insights by Visualizing Friction and Flow
In an Agile software development process, a software team will typically meet on a regular basis in a “retrospective meeting” to reflect on the challenges faced by the team and opportunities for improvement. On the surface, this challenge might seem straight-forward, but modern software projects are complex endeavors, and developers are human – identifying what’s most important in a complex sociotechnical system is a task humans struggle to do well. What if developers had tools that recorded and helped them explore their historical experiences with the code, and they could identify hotspots of team friction, worthy of discussion, based on empirical data? This talk will explore the possibility and impact of such tools through a design fiction and working prototype of an Augmented Reality (AR) Code Planetarium powered by FlowInsight developer tools.
Arty Starr, PhD student, University of Victoria & Founder, FlowInsight
Arty is a recognized Flow Experience expert, researcher, speaker and thought leader, and the author of Idea Flow. This expertise, along with her experience as a former CTO and software engineer inspired Arty’s mission to improve the efficiency and morale of engineering teams, culminating in her founding FlowInsight.
Arty teaches system models for better understanding the Flow Experience of software development, and the practice of using Flow Metrics to systematically optimize programming flow. “Flow as a practice” is the art of getting in and staying in flow state to optimize productivity.
The company she founded, FlowInsight, is on a mission to bring back joy to our everyday work.
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...James Anderson
Enabling Powerful Software Insights by Visualizing Friction and Flow
In an Agile software development process, a software team will typically meet on a regular basis in a “retrospective meeting” to reflect on the challenges faced by the team and opportunities for improvement. On the surface, this challenge might seem straight-forward, but modern software projects are complex endeavors, and developers are human – identifying what’s most important in a complex sociotechnical system is a task humans struggle to do well. What if developers had tools that recorded and helped them explore their historical experiences with the code, and they could identify hotspots of team friction, worthy of discussion, based on empirical data? This talk will explore the possibility and impact of such tools through a design fiction and working prototype of an Augmented Reality (AR) Code Planetarium powered by FlowInsight developer tools.
Arty Starr, PhD student, University of Victoria & Founder, FlowInsight
Arty is a recognized Flow Experience expert, researcher, speaker and thought leader, and the author of Idea Flow. This expertise, along with her experience as a former CTO and software engineer inspired Arty’s mission to improve the efficiency and morale of engineering teams, culminating in her founding FlowInsight.
Arty teaches system models for better understanding the Flow Experience of software development, and the practice of using Flow Metrics to systematically optimize programming flow. “Flow as a practice” is the art of getting in and staying in flow state to optimize productivity.
The company she founded, FlowInsight, is on a mission to bring back joy to our everyday work.
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsJames Anderson
Each day, the world continues to get smaller and smaller. The Cybersecurity and Data Science domains have converged, and we are now at a crossroads. Soft skills and effective communication are in higher demand than ever, with new roles such as Prompt Engineering being created. So, where do humans go from here?
Dive with us into the hidden depths of Social Engineering, a topic often considered taboo to explore. We must have the hard conversations now to tackle the Fear, Uncertainty, and Doubt that AI/ML brings. Is resistance really futile? No matter what, have fun during the event, and be sure to join us afterward for the social networking hour so we can practice our verbal judo on each other.
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...James Anderson
GCP Terraform Modules: Scaling Your Infrastructure the easy way
With GCP Terraform Modules, you can take advantage of pre-built modules that simplify the process of creating and managing GCP resources, such as virtual machines, load balancers, databases, and more. These modules are designed to be reusable, scalable, and customizable, allowing you to quickly and easily deploy complex infrastructure configurations with just a few lines of code.
Whether you're just getting started with GCP or you're looking for a more efficient way to manage your infrastructure, GCP Terraform Modules are a great way to streamline your operations and scale your infrastructure with ease. Join us as we cover details on why to use modules, how to use and where to find more helpful resources.
Anita Gutta is Cloud Infrastructure Engineer in Google Cloud Professional Services Organization (PSO). She provides technical guidance to customers adopting Google Cloud Platform services. She works closely with clients to understand their business needs and recommends the best cloud solutions to meet those needs. She has hands-on terraform experience and leads the SME TF Community in Google Cloud. Prior to Google Anita worked in the IT industry for 25 years, the majority focused in the finance sector.
Imran Nayer is a Senior Technical Solutions Consultant at Google Cloud Professional Services. He has been working on Google Cloud since 2019. Helped companies in the healthcare, financial, and retail sectors with projects including cloud foundation, migration, and automation. He is a regular contributor to the official GCP Terraform module, aka the Cloud Foundation Toolkit. He developed the Cloud Armor Security Module and several other CFT submodules.
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...James Anderson
Mastering Continuous Resiliency in Cloud: Chaos Engineering
No one likes downtime. It can be detrimental in today’s competitive environment. It isn’t cheap either. Many companies have been using traditional DR strategies. However, their testing is costly, limited, and complex. In the modern agile environment, the latest DR exercise becomes invalid not long after it is done and there’s a greater variety of disruptions that can occur. In this demo, we’ll explore how to use chaos engineering techniques to: quantify reliability and resiliency, gain valuable insights, and build systems that can withstand the unexpected. By applying these practices, you can gain confidence, prove resiliency, and be sure you are ready to face the unexpected.
Our speaker is Alexander Snegovoy, Lead of DevOps & Cloud Center of Competence at DataArt.
Alex spearheads DataArt’s drive toward innovation, with more than 10 years of professional experience across the financial services, healthcare, travel, and IoT industries. After joining DataArt as a software engineer in 2016, he became a leading member of the DevOps & Cloud Center of Competence. His role also includes identifying and communicating technology trends, cementing alliances and strategic partnerships with other companies, and coaching and mentoring new talent.
There is a “dark side” to Kubernetes that makes it difficult to ensure the desired performance and resilience of cloud-native applications, while also keeping their costs under control. Indeed, the combined effect of Kubernetes resource management mechanisms and application runtime heuristics may cause serious performance and resilience risks. See Akamas' AI-powered optimizations solve this!
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...James Anderson
Brian Sullivan and J Schuh GDG Cloud Southlake #19: Design Thinking Primer: How to Build Better Ideas
Video and other items from the event are here: https://gdg.community.dev/events/details/google-gdg-cloud-southlake-presents-gdg-cloud-southlake-19-sullivan-and-schuh-design-thinking-primer-how-to-build-better-ideas/
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...James Anderson
Crawl, Walk, Run. An exciting journey from 0 to fully certified on Google Cloud. A story of inspiration, entertainment, and struggle. You don't want to miss it.
@YujunLiang is an Associate Director at Accenture. He started his Google Cloud journey in 2017 and had been on many challenging projects including leading roles on some of them. His expertise spans Cloud Infrastructure and Data analytics. Currently, Yujun works as the cloud architect on a Data Analytics Platform and helps the team remove roadblocks in networking and security.
He is also known as the certification king on LinkedIn. He holds all 11 Google Cloud certifications and all 14 AWS certifications. His dedication to learning has created a sensation.
Yujun is a Google Cloud Champion Innovator with a specialization in Data Analytics, Databases, Security, and Networking.
Video on YouTube: https://youtu.be/RkMCn6ukfZg
Check out past and future GDG Cloud Southlake events: https://gdg.community.dev/gdg-cloud-s...
#cloud #gdg #gdgcloudsouthlake #sabre #google #careerjourney
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneJames Anderson
If Artificial Intelligence (AI) is a black-box, how can a human comprehend and trust the results of Machine Learning (ML) alogrithms? Explainable AI (XAI) tries to shed light into that AI black-box so humans can trust what is going on. Our speaker Meg Dickey-Kurdziolek is currently a UX Researcher for Google Cloud AI and Industry Solutions, where she focuses her research on Explainable AI and Model Understanding. Recording of the presentation: https://youtu.be/6N2DNN_HDWU
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...James Anderson
Do you know The Cloud Girl? She makes the cloud come alive with pictures and storytelling.
The Cloud Girl, Priyanka Vergadia, Chief Content Officer @Google, joins us to tell us about Scaleable Data Analytics in Google Cloud.
Maybe, with her explanation, we'll finally understand it!
Priyanka is a technical storyteller and content creator who has created over 300 videos, articles, podcasts, courses and tutorials which help developers learn Google Cloud fundamentals, solve their business challenges and pass certifications! Checkout her content on Google Cloud Tech Youtube channel.
Priyanka enjoys drawing and painting which she tries to bring to her advocacy.
Check out her website The Cloud Girl: https://thecloudgirl.dev/ and her new book: https://www.amazon.com/Visualizing-Google-Cloud-Illustrated-References/dp/1119816327
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
2. Agenda
●Introduction
●What is Aviatrix Secure Cloud Networking?
●Embedding Security Into Your Cloud
Network
●Business Value Overview
●Aviatrix CoPilot Demo
●Deep Dive and Open Q&A
4. 4
Gartner Recommends Aviatrix
4
“Organizations looking for advanced networking functionality missing from native
public cloud providers and/or those that desire a consistent networking console
across multiple public cloud providers, should shortlist Aviatrix”
7. 7
7
VPC VPC VCN VCN
VPC VPC
VNET VNET
VPC VPC
Region 1
Region 2
Private Interconnect
Aviatrix
Controller
Private Interconnect
Adds Advanced Networking and Security on Top In Each Cloud
2
18. 18
Network Behavior Analytics – Built Into Your Cloud
Network
18
Secure
Cloud
Networking
Next Gen
Firewalls
Malicious
IPs
Known Threat
Signatures
Network
Behavior
Analytics
Distributed
Inspection
Distributed
Control
New Capability of Aviatrix ThreatIQ™
- Fingerprints workload and traffic characteristics to form
baseline
- Custom for every environment
- Identifies and alerts on abnormal network behavior
- Not dependent on signatures or known threat database
- Continuous baselining, ”learns” and improves over time
Baseline
(Normal) Current
Behavior
Anomaly detected; Alert Sent
Example Behavior Analysis: Actionable Intelligence that may be
an indicator of Data Exfiltration, Lateral Movement, New
Ports/Protocols, DDoS attacks, Port scan detection, or unencrypted
traffic flows
19. 19
Aviatrix Business Value Across Multiple Teams
Increase Revenue Growth with Business Innovation
• Drive higher revenue and margins from existing
customers
• Expand into new markets and quickly onboard new
customers
• Faster product time-to-market and revenue
• Accelerate acquisition integrations
Increase Control, Visibility, and Resource Efficiency
• Faster monitoring and troubleshooting, lower MTTR
• Automated provisioning using Terraform and APIs
• Higher efficiency in network engineering and
security teams
Bridge the Skills Gap
• Reduce recruiting and training expenses
• Reallocate high-value resources to more strategic
functions
• Reduce operational costs by retiring legacy tech
debt
Reduce Business Risk
• Identify and Remediate know threats automatically
• End-to-End and high-performance encryption
• Multi-cloud network segmentation
31. A VPC is a VPC until it isn’t.
AWS Azure Google Cloud Platform
Scope Regional Regional Global; subnets are regional
Address Space Defined at VPC level; subnets
must be within.
Defined at VNET level; subnets
must be within.
Not defined at VPC level; subnets
can use any CIDR.
Static Routing Route Tables per subnet; can
override subnet routes.
Route Tables per Subnet; can
provide per VM
microsegmentation.
Global Route table; granularity
supplied by network tags; subnet
routes cannot be overridden.
BGP support On VPN and DirectConnect only Route Server, VPN,
ExpressRoute
NCC, VPN, Cloud Interconnect
Network level
security
NACLs and Security groups Network Security Groups Global Firewall rules; granularity
supplied by network tags.
Layer 7 Firewall AWS Network Firewall Azure Network Firewall None
Private external
connectivity
VPN and DirectConnect on VGW
and TGW
VPN and ExpressRoute on
respective gateway types.
VPN Gateway or VLAN attachments
Native Transit
options
TGW vWAN None
Visibility VPC Flow Logs NSG Flow Logs VPC Flow Logs
34. IPSec Performance Limitations
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
Traditional Tunnel
Encryption/
Decryption
Encryption/
Decryption
UDP/ESP
~ 1.25 Gbps
Azure
VPN GW
3rd party router
firewall
• Software based IPSec VPN
solutions have limits, max
performance of 1.25 Gbps with
VGW
• Packet flows can only utilize
single core, despite of
availability of multiple cores
36. Cloud Provider visibility
● The VPC and NSG flow logs are some variation of JSON.
● Any kind of visualization requires a significant amount of configuration and cost to stay
with the same vendor.
● Google requires configuration of a Cloud Logging sink to BigQuery, then visualization by something like
Data Studio.
● Azure can forward logs to Log Analytics.
● Alternatively, logs can be processed by a tool such as Splunk or other SEIM. These have
the same problems as the native solutions.
● AWS’s TGW and Azure’s vWAN do not have significant logging either. If something is
wrong, you may be staring at configurations instead of data.
39. 39
Aviatrix Cloud Network Platform Software
39
Aviatrix
Controller
HUB & SPOKE
Aviatrix Gateways
API
Cloud Networking Abstraction
Single Multi-Cloud Provider
Not a SaaS or
Managed Service.
It’s Yours. Aviatrix
CoPilot
1
2
4
3
Native Cloud
Constructs
API
Advanced
Networking
and Security
Service Insertion
and Chaining
40. 40
Single or Multi-Cloud Networking and Security
40
Aviatrix
Controller
VPC VPC VCN VCN
Region 1
Region 2
VPC VPC
VNET VNET
VPC VPC
1. Single Cloud
Multi-Account
High-Availability (Active-Active)
End-to-End Encryption
Network Correctness
2. Multi-Region
3. Multi-Cloud Repeatable Design 6. Service Insertion & Chaining
4. High-Performance Encryption
1 2 3
6
4
Single Multi-Cloud
Provider
5. Single / Multi-Cloud Network Segmentation
5
VPC VPC
10. Cloud-Native
8. Secure Cloud Access
8
10
INTERNET
9
7. Enterprise Operational Visibility
7
9. Secure Ingress and Egress
Aviatrix
CoPilot
Private Interconnect
41. • Aviatrix builds multiple tunnels between Aviatrix devices
• Utilizes all available CPU cores
• IPSec encryption performance can be from 10Gbps to 90Gbps
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
vCPU
Encryption/
Decryption
Encryption/
Decryption
High Performance
N x Tunnels
UDP/ESP
High Performance Encryption
Up to 90 Gbps
Aviatrix
Transit or
Spoke GW
Aviatrix
Transit GW
Aviatrix
Transit or
Spoke GW
Aviatrix
CloudN
Appliance
Aviatrix High Performance Encryption (HPE)
47. ● Visibility at each Aviatrix
Gateway hop provided by
CoPilot.
● Customer has E-W
Inspection provided by
Firenet.
● Branch connectivity is
provided by an SDWAN
appliance.
● Connectivity to the
datacenter/colo is provided
by a Hosted Cloud
Interconnect circuit.
Full GCP Design with
SDWAN and Interconnect
47
48. A customer with two Clouds
can easily connect the two
clouds with High Performance
Encryption.
In the event of DirectConnect
or Cloud Interconnect failure,
traffic can seamlessly flow via
the functional circuit.
AWS and GCP Dual
Cloud Environment
49. GKE Native Ingress using the
HTTPS or TCP Load Balancer
options use the GKE Nodes as
the Endpoints. This means
that requests will enter the
Cluster directly, bypassing
firewalls.
Using Aviatrix with a reverse
proxy enables use of Google
Cloud Armor and NGFW
inspection.
Google Kubernetes Engine
Ingress with NGFW Inspection
50. ● Customer has a free-for-all in
Azure. Business units spin up
cloud resources without
thought to coordination or
security.
● Corporate IT is reigning it in.
● Requires private
connectivity from Azure to
GCP.
● Requires overlapping IP
support during the
migration period.
Overlapping IP
Migration in Azure
50
