Watch the replay: http://cs.co/9001DxsKP
Are you getting unrivaled simplicity, end-to-end visibility, hardware reliability, and consistent policies from your WAN? You can get all of these things when you combine SD-WAN software with Cisco IOS XE routing platforms.
Experts from Cisco’s enterprise routing team will be on hand to show you what intent-based networking and software-defined simplicity in the WAN can bring. Powerful new capabilities are possible with a simple software image change.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9003DvZHt
TechWiseTV: http://cs.co/9009DzrjN
The concept of service mesh is one of the new technologies that have grown up around the container and micro-service model over the last couple of years, and Istio is the latest entry into this space. As Istio was recently included as an incubated project in the CNCF, many companies are now looking to it to provide a set of key functions to accelerate their micro-service application management model. Istio enables bi-directional authentication and security of service communication via TLS based authentication and encryption, and at the same time is able to capture application level communication statistics, improving the application development team's visibility into the otherwise difficult to track communication patterns. In this way, Istio acts like an application level network, riding across the underlying capabilities of Kubernetes CNI based networks and network policy. We will implement Istio on a GKE kubernetes cluster, and instrument a simple application to get better insight into how Istio provides its capabilities.
Speaker Bio:
With over 20 years of experience as a systems reliability engineer, and a focus on automating not only application deployments but the underlying infrastructure as well, Robert Starmer brings a wealth of knowledge to the full application enablement stack. He has applied this knowledge in fields from high-performance computing to high-frequency trading environments, and everything in between. Robert also holds patents in network, data center, and application performance and scale enhancements. He is a Founder and the CTO at Kumulus Technologies, a DevOps, Systems Reliability Engineering and cloud computing consultancy. Additionally, Robert is an incurable photography nerd and has been known to stay up until dawn in remote locations to capture celestial time-lapses.
Architecting Advanced Network Security Across VPCs with AWS Transit GatewayCynthia Hsieh
This is a joint webinar hosted by AWS and Valtix discussing AWS Transit Gateway and advanced network security use cases with Valtix cloud-native network security service. Contents are subject to AWS and Valtix copyright and intellectual property protection.
Full recorded presentation at https://www.youtube.com/watch?v=2UfAgCSKPZo for Tetrate Tech Talks on 2022/05/13.
Envoy's support for Kafka protocol, in form of broker-filter and mesh-filter.
Contents:
- overview of Kafka (usecases, partitioning, producer/consumer, protocol);
- proxying Kafka (non-Envoy specific);
- proxying Kafka with Envoy;
- handling Kafka protocol in Envoy;
- Kafka-broker-filter for per-connection proxying;
- Kafka-mesh-filter to provide front proxy for multiple Kafka clusters.
References:
- https://adam-kotwasinski.medium.com/deploying-envoy-and-kafka-8aa7513ec0a0
- https://adam-kotwasinski.medium.com/kafka-mesh-filter-in-envoy-a70b3aefcdef
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Watch the replay: http://cs.co/9001DxsKP
Are you getting unrivaled simplicity, end-to-end visibility, hardware reliability, and consistent policies from your WAN? You can get all of these things when you combine SD-WAN software with Cisco IOS XE routing platforms.
Experts from Cisco’s enterprise routing team will be on hand to show you what intent-based networking and software-defined simplicity in the WAN can bring. Powerful new capabilities are possible with a simple software image change.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9003DvZHt
TechWiseTV: http://cs.co/9009DzrjN
The concept of service mesh is one of the new technologies that have grown up around the container and micro-service model over the last couple of years, and Istio is the latest entry into this space. As Istio was recently included as an incubated project in the CNCF, many companies are now looking to it to provide a set of key functions to accelerate their micro-service application management model. Istio enables bi-directional authentication and security of service communication via TLS based authentication and encryption, and at the same time is able to capture application level communication statistics, improving the application development team's visibility into the otherwise difficult to track communication patterns. In this way, Istio acts like an application level network, riding across the underlying capabilities of Kubernetes CNI based networks and network policy. We will implement Istio on a GKE kubernetes cluster, and instrument a simple application to get better insight into how Istio provides its capabilities.
Speaker Bio:
With over 20 years of experience as a systems reliability engineer, and a focus on automating not only application deployments but the underlying infrastructure as well, Robert Starmer brings a wealth of knowledge to the full application enablement stack. He has applied this knowledge in fields from high-performance computing to high-frequency trading environments, and everything in between. Robert also holds patents in network, data center, and application performance and scale enhancements. He is a Founder and the CTO at Kumulus Technologies, a DevOps, Systems Reliability Engineering and cloud computing consultancy. Additionally, Robert is an incurable photography nerd and has been known to stay up until dawn in remote locations to capture celestial time-lapses.
Architecting Advanced Network Security Across VPCs with AWS Transit GatewayCynthia Hsieh
This is a joint webinar hosted by AWS and Valtix discussing AWS Transit Gateway and advanced network security use cases with Valtix cloud-native network security service. Contents are subject to AWS and Valtix copyright and intellectual property protection.
Full recorded presentation at https://www.youtube.com/watch?v=2UfAgCSKPZo for Tetrate Tech Talks on 2022/05/13.
Envoy's support for Kafka protocol, in form of broker-filter and mesh-filter.
Contents:
- overview of Kafka (usecases, partitioning, producer/consumer, protocol);
- proxying Kafka (non-Envoy specific);
- proxying Kafka with Envoy;
- handling Kafka protocol in Envoy;
- Kafka-broker-filter for per-connection proxying;
- Kafka-mesh-filter to provide front proxy for multiple Kafka clusters.
References:
- https://adam-kotwasinski.medium.com/deploying-envoy-and-kafka-8aa7513ec0a0
- https://adam-kotwasinski.medium.com/kafka-mesh-filter-in-envoy-a70b3aefcdef
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Understanding MicroSERVICE Architecture with Java & Spring BootKashif Ali Siddiqui
This is a deep journey into the realm of "microservice architecture", and in that I will try to cover each inch of it, but with a fixed tech stack of Java with Spring Cloud. Hence in the end, you will be get know each and every aspect of this distributed design, and will develop an understanding of each and every concern regarding distributed system construct.
With the 2.0 release of MAAS, we are delivering High Availability for both Region and Rack components of MAAS. This deck describes the MAAS architecture and how HA is implemented.
Building Cloud-Native App Series - Part 4 of 11
Microservices Architecture Series
NoSQL vs SQL
Redis, MongoDB, AWS DynamoDB
Big Data Design Patterns
Sharding, Partitions
For customers with hundreds or thousands of secrets, like database credentials and API keys, manually rotating and managing access to those secrets can be complex and cause application disruptions. AWS Secrets Manager protects access to your IT resources by enabling you to easily and centrally rotate and manage access to secrets. In this session, we explore the benefits and key features of Secrets Manager. We demonstrate how to safely rotate secrets, manage access to secrets with fine-grained access policies, and centrally secure and audit your secrets.
Overview of kubernetes network functionsHungWei Chiu
In this slides, I briefly introduce the network function in the kubernetes and explain how kubernetes implement them.
Those function includes the container network interface (CNI) and kubernetes service.
In the last, I introduce the multus CNI which is designed for multiple networks in the container and it's necessary in some use case, such as SDN/NFV/5G
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Azure File Share and File Sync guide (Beginners Edition)Naseem Khoodoruth
Azure File Share and File Sync guide (Beginners Edition)
Option to have a file server on premise for caching or access the storage from your local desktop (Windows 10)
#azure #fileserver
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about IPv4 vs IPv6, types of records, simple routing policy, weighted routing policy, latency routing policy, failover routing policy and geolocation routing policy
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Understanding MicroSERVICE Architecture with Java & Spring BootKashif Ali Siddiqui
This is a deep journey into the realm of "microservice architecture", and in that I will try to cover each inch of it, but with a fixed tech stack of Java with Spring Cloud. Hence in the end, you will be get know each and every aspect of this distributed design, and will develop an understanding of each and every concern regarding distributed system construct.
With the 2.0 release of MAAS, we are delivering High Availability for both Region and Rack components of MAAS. This deck describes the MAAS architecture and how HA is implemented.
Building Cloud-Native App Series - Part 4 of 11
Microservices Architecture Series
NoSQL vs SQL
Redis, MongoDB, AWS DynamoDB
Big Data Design Patterns
Sharding, Partitions
For customers with hundreds or thousands of secrets, like database credentials and API keys, manually rotating and managing access to those secrets can be complex and cause application disruptions. AWS Secrets Manager protects access to your IT resources by enabling you to easily and centrally rotate and manage access to secrets. In this session, we explore the benefits and key features of Secrets Manager. We demonstrate how to safely rotate secrets, manage access to secrets with fine-grained access policies, and centrally secure and audit your secrets.
Overview of kubernetes network functionsHungWei Chiu
In this slides, I briefly introduce the network function in the kubernetes and explain how kubernetes implement them.
Those function includes the container network interface (CNI) and kubernetes service.
In the last, I introduce the multus CNI which is designed for multiple networks in the container and it's necessary in some use case, such as SDN/NFV/5G
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Azure File Share and File Sync guide (Beginners Edition)Naseem Khoodoruth
Azure File Share and File Sync guide (Beginners Edition)
Option to have a file server on premise for caching or access the storage from your local desktop (Windows 10)
#azure #fileserver
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about IPv4 vs IPv6, types of records, simple routing policy, weighted routing policy, latency routing policy, failover routing policy and geolocation routing policy
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...Amazon Web Services
As companies grow and expand their global footprint, it becomes increasingly critical to make systems highly available while also improving responsiveness to end-users. Companies are choosing to place their applications closer to end-users to improve performance, which introduces the complications of how to route end-user traffic to the most appropriate endpoints and how to most efficiently route traffic within internal systems.
In this session, learn how customers are using Route 53's Traffic Flow service for global traffic management, improving performance and availability for end users while reducing IT management cost. We will walk through how to use Traffic Flow to manager traffic to your applications' globally-distributed endpoints to optimize for constraints such as endpoint load, the health of your resources, geographic restrictions, and Internet latency. We'll demonstrate how you can configure multiple routing policies and take advantage of code control and versioning for easier management of your DNS and traffic management configuration.
System design for video streaming serviceNirmik Kale
This is my presentation for a "Streaming Service" like Netflix or Amazon Prime.
This was a part of an Interview I did woth a company so there is a lot of text explaining all components in detail.
Migration Recipes for Success - AWS Summit Cape Town 2017 Amazon Web Services
Now that you have earmarked workloads for migration, it's time to look at the various tools and methodologies that are available to help customers shift applications to AWS. This session highlights some of the key AWS tools, services and approaches that organisations are using to successfully migrate to the cloud.
AWS Speaker: Sven Hansen, Solution Architect - Amazon Web Services
Customer Speaker: Pieter Breed – Core Platform Engineer Zoona
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...Amazon Web Services
In this series of 15-minute technical flash talks you will learn directly from Amazon CloudFront engineers and their best practices on debugging caching issues, measuring performance using Real User Monitoring (RUM), and stopping malicious viewers using CloudFront and AWS WAF.
New Service created in services marketing for a project work. This project is all about coolie (Porter Service) service providing at your doorstep with the help of the mobile application.
Scaling the Platform for Your Startup - Startup Talks June 2015Amazon Web Services
Join AWS at this session to understand how to architect an infrastructure to handle going from zero to millions of users. From leveraging highly scalable AWS services to making smart decisions on building out your application, you'll learn a number of best practices for scaling your infrastructure in the cloud.
Practical Red Teaming is a hands-on class designed to teach participants with various techniques and tools for performing red teaming attacks. The goal of the training is to give a red teamer’s perspective to participants who want to go beyond VAPT. This intense course immerses students in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems. We will cover several phases of a Red Team engagement in depth – Local Privilege escalation, Domain Enumeration, Admin Recon, Lateral movement, Domain Admin privileges etc.
If you want to learn how to perform Red Team operations, sharpen your red teaming skillset, or understand how to defend against modern attacks, Practical Red Teaming is the course for you.
Topics :
• Red Team philosophy/overview
• Red Teaming vs Penetration Testing
• Active Directory Fundamentals – Forests, Domains, OU’s etc
• Assume Breach Methodology
• Insider Attack Simulation
• Introduction to PowerShell
• Initial access methods
• Privilege escalation methods through abuse of misconfigurations
• Domain Enumeration
• Lateral Movement and Pivoting
• Single sign-on in Active Directory
• Abusing built-in functionality for code execution
• Credential Replay
• Domain privileges abuse
• Dumping System and Domain Secrets
• Kerberos – Basics and its Fundamentals
• Kerberos Attack and Defense (Kerberoasting, Silver ticket, Golden ticket attack etc)
https://bsidessg.org/schedule/2019-ajaychoudhary-and-niteshmalviya/
In this session, you'll learn how to architect your applications based on Amazon Web Services' Well-Architected Framework principles and Adrian’s 10+ years of experience using AWS.
Join AWS at this session to understand how to architect an infrastructure to handle going from zero to millions of users. From leveraging highly scalable AWS services to making smart decisions on building out your application, you'll learn a number of best practices for scaling your infrastructure in the cloud.
Speakers:
Andreas Chatzakis, AWS Solutions Architect
Pete Mounce, Senior Developer, JustEat
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
We constantly hear about huge hacks in the media, with companies losing millions of dollars in an instant. While this problem is large for the enterprise side of the world, it is even more detrimental when it comes to the fedspace. CloudCheckr Co-Founder & CEO Aaron Newman will highlight effective strategies and tools that AWS users can employ to improve their security posture. Often times the biggest threat to security is the human, Aaron will go through ways to work around this and how you can shore up security to avoid these errors. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Learn More: https://aws.amazon.com/government-education/
In this session we will be setting up remote access VPN using Certificate as an authentication mechanism but for Authorisation we will use Cisco ISE as a Radius Server.
This document will guide you on how to setup GET VPN using multicast mechanism over your network. This will come handy for all CCIE Security aspirants.
This slide is useful to understand about "Unquoted Service Path Exploitation" and how we can prevent our operating system against these kind of attacks.
This is a Getting started with Kali linux guide. In this PPT we have touched various steps, which are required to setup your machine before proceeding further. We have covered topics like HTB (Hack the Box), Installation of Python, Installation of Kali Linux, How to install Terminator & How to install Tmux
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
2. • Dhruv Sharma
• Experienced IT Professional – CISSP, OSCP, CCNP-Sec, AWS Architect
• Linked In: https://www.linkedin.com/in/dhruv-sharma-/
3. Introduction
• Does your business have a disaster recovery plan for natural disaster ?
• Does your business have global clients that need regional access to content ?
• Does your business want to maximize your investment in secondary datacenter ?
• Is DNS management error prone and cumbersome ?
• Do you follow a multi-step manual failover process ?
4. Introduction
• F5 GTM (BIG-IP DNS): F5® BIG-IP® Global Traffic Manager™ (GTM)
distributes DNS and user application requests based on business policies,
data center and cloud service conditions, user location, and application
performance.
https://www.f5.com/pdf/products/big-ip-global-traffic-manager-ds.pdf
• AWS Route 53: Amazon Route 53 is a highly available and scalable cloud
Domain Name System (DNS) web service. Amazon Route 53 is fully
compliant with IPv6 as well. Amazon Route 53 effectively connects user
requests to infrastructure running in AWS – such as Amazon EC2 instances,
Elastic Load Balancing load balancers, or Amazon S3 buckets – and can also
be used to route users to infrastructure outside of AWS.
https://aws.amazon.com/route53/
7. Load Balancing Mechanism
• We define load balancing mechanism in two sections:
• Create Pool
• Create wide IP
8. Load Balancing Mechanism
• Topology: BIG-IP GTM distributes DNS name resolution requests using proximity-based load
balancing. BIG-IP GTM determines the proximity of the resource by comparing location
information derived from the DNS message to the topology records in a topology statement you
have configured.
• The Global Availability load balancing method instructs BIG-IP GTM to select the first pool in the
wide IP pool list until it becomes unavailable, and then to select the next pool in the list until the
first pool becomes available again. This ensures that the most robust pool receives DNS name
resolution requests, while the other pools act as backups in case the primary pool becomes
unavailable.
9. Configuration Summary
• Step 1: Define the GTM Datacenter
• Step 2: Add the Servers
• Step3: Create Pool Members
• Step 4: Create Wide IP
• Step 5: Define GTM Listener
16. Testing
• We can confirm first the URI
resolves into India URI and later
to UK URI.
17. Costing
• If we want to start a GTM service for your company, with bare minimum costing is
described:
• Device Cost: $ 3977 (https://www.amazon.com/F5-Networks-F5-BIG-LTM-1600-R-
Enterprise/dp/B00EAR456Y )
• License Cost: $9,795.10 (tentative costing – not sure)
18. Extra Features
• Zone-Runner: Easy Authoritative DNS Management (NS, SOA, A
Records)
• DNS Sec (https://www.youtube.com/watch?v=MrtsKTC3KDM )
• iRules – Flexibility to define distribution policies
• IPv6 AAAA records support.
• Application Specific monitor
• Supports iControl.
• CDN Support.
20. AWS Route 53
• A hosted zone is a collection of resource record sets hosted by Amazon Route 53. Like a
traditional DNS zone file, a hosted zone represents resource record sets that are managed
together under a single domain name. Each hosted zone has its own metadata and configuration
information.
• Supported record types include:
• A
• AAAA
• CNAME
• MX
• NS
• PTR
• SOA
• SPF
• SRV
• ALIAS
21. Load Balancing Mechanism
• When you create a resource record set, you choose a routing policy, which determines how
Amazon Route 53 responds to queries.
• Routing policies can be associated with health checks, so resource health status is considered
before it even becomes a candidate in a conditional decision tree. A description of possible
routing policies and more on health checking is covered in this section.
22. Load Balancing Mechanism
1. Simple: This is the default routing policy when you create a new resource. Use a simple routing
policy when you have a single resource that performs a given function for your domain (for
example, one web server that serves content for the example.com website). In this case, Amazon
Route 53 responds to DNS queries based only on the values in the resource record set (for example,
the IP address in an A record).
23. Load Balancing Mechanism
2. Weighted: With weighted DNS, you can associate multiple resources (such as Amazon Elastic
Compute Cloud [Amazon EC2] instances or Elastic Load Balancing load balancers) with a single DNS
name.
24. Load Balancing Mechanism
3. Latency-based routing: allows you to route your traffic based on the lowest network latency for
your end user (for example, using the AWS region that will give them the fastest response time).
• Use the latency routing policy when you have resources that perform the same function in
multiple AWS Availability Zones or regions and you want Amazon Route 53 to respond to DNS
queries using the resources that provide the best latency.
25. Load Balancing Mechanism
4. Use a failover routing policy: to configure active-passive failover, in which one resource takes all
the traffic when it’s available and the other resource takes all the traffic when the first resource isn’t
available. Note that you can’t create failover resource record sets for private hosted zones.
26. Load Balancing Mechanism
5. Geo-location Routing: Let you choose where your traffic will be sent based on the geographic
location of your users (i.e. the location from which DNS queries originated). For example, you might
want all queries from Europe to be routed to a fleet of EC2 instance configured specifically for
Europe customers.
27. AWS Route 53 Implementation
• Building Blocks:
• Step 1: Register a domain on AWS or external domain providers like godaddy.
• Step 2: Setup the servers (EC2 for instance)
• Step 3: Create Health Policy
• Step 4: Creating DNS-Routing policy
29. Step 1: Register a domain
• Register for a new domain or setup for an existing domain as shown below. You can buy a new
domain directly from AWS or via external vendor like godady and use it here -
https://www.radishlogic.com/aws/using-godaddy-domain-in-aws-route-53/
30. Step 2: Setup the servers
• We have successfully hosted two server = 3.8.118.98 & 13.232.6.171
31. Step 3: Create Health Policy
• Optionally configure the health policy, we will use them while we create the DNS policy.
32. Step 4: Creating DNS-Routing policy
• Finally configure the DNS policy as shown below.
34. Costing
• You pay only for what you use. There are no minimum fees, no minimum usage
commitments, and no overage charges.
• Refer to AWS price calculator: https://calculator.aws/#/
40. Introduction
• According to Cisco’s research, over 90% of attacks are done over DNS and only two-thirds of
organizations monitor their DNS records. Fortunately, Cisco Umbrella has a feature that would
prevent a user from accessing a site, directly using it’s IP address, if it’s known to be malicious.
• If you are using your default DNS service, through your internet service provider, you are allowing
your desktop or servers to connect to any website without a security filter.
• Umbrella keeps a record of all websites that have been known to be malicious and prevents users
from accessing the site. Many sites that were once safe, could have been hijacked recently and
can host viruses and trojans that can then be pushed down to unsuspecting users.
41. Introduction
• Prevents phishing attacks - Cisco Umbrella would prevent you from accessing phishing site if it has
been around long enough for Cisco to detect it.
• Prevents Ransomware attacks - Ransomware relies heavily on connecting back to their Command
and Control Centre to receive its encryption password to encrypt your files.
Umbrella detects these DNS queries in real time and uses anomaly detection algorithms, new
domain clustering, and domain reputation system. Even if you were to install the virus,
CiscoUmbrella will prevent your system from talking back to the Command and Control Center
and thus preventing encryption.
• Content Filtering – It has an ability to use content filtering to prevent its users from accessing sites
that are not allowed.
42. Implementations
• Home users can protect themselves for free by simply putting in 208.67.222.222 and
208.67.220.220 in their DNS, thus opting for Open DNS.
• Visit URI - https://welcome.opendns.com/
43. Implementations
• For enterprise environments, there are several options to implement Umbrella services through
the network. At a minimum, you could set your DNS on workstations and servers manually to
Umbrella’s DNS IP’s. However, if you add Umbrellas Virtual Appliances and use their AD connector
to integrate with your internal DNS server, you will gain further insight into the network.
• For Remote VPN Users - Windows and Mac laptop users can also be protected if Roaming Client
agent is installed. When the laptop is on the network, it will be disabled since it recognized the
DNS of the Virtual Appliances. When the user is at home and off the network, it will re-enable
itself and the user will be protected by Umbrella.
44. Cost
• Cisco Umbrella offers below packages for installation:
• Wireless LAN – Based on number of Access Points
• Professional – Based on number of Users
• Insights – Based on number of Users
• Platform – Based on number of Users
For more details refer below link:
• Ref: https://umbrella.cisco.com/opendns-cisco-umbrella
• Ref: https://learn-umbrella.cisco.com/datasheets/cisco-umbrella-package-comparison-2
46. Cisco FTD – DNS Policies
• Firepower system provides the ability to intercept DNS traffic requests and looks for the malicious
domain name. If Firepower module finds a malicious domain, the Firepower takes appropriate
action to mitigate the request as per configuration of DNS policy.
• New attack methods designed to breach IP-based intelligence, misuse DNS load balance features
in order to hide the actual IP address of a malicious server. While the IP addresses associated with
the attack are frequently swapped in and out, the domain name is rarely changed.
• Firepower provides the ability to redirect the malicious request to a sinkhole server which can be
a honeypot server to detect, deflect or study attempts to know more about the attack traffic.
47. New DNS working with FTD
• Option 1: We can traditionally create an access control policy to block
DNS traffic as shown below.
5/25/2020 47
48. New DNS working with FTD
• Option 2: DNS-based Security Intelligence
Firepower allows you to identify a susceptible DNS query and blacklist the resolution of an unsafe
domain name, while any queries to legitimate websites are allowed. It leads to a browser not being
able to obtain the IP address of a website. FTD blocks the request for a website before a potential
HTTP connection is even established. Consequently, FTD does not need to engage its resources for
further HTTP inspection.
5/25/2020 48
49. New DNS working with FTD
• DNS Actions – Domain not Found, Drop, Sink Hole
5/25/2020 49