SlideShare a Scribd company logo

GTM vs AWS Route 53 with Cisco umbrella

Download as PPTX, PDF
Dhruv Sharma
Dhruv Sharma

This slides will help you to understand the different flavor of DNS Services offered by various vendors like F5, AWS and Cisco.

Education
1 of 50
By Dhruv Sharma
• Dhruv Sharma • Experienced IT Professional – CISSP, OSCP, CCNP-Sec, AWS Architect • Linked In: https://www.linkedin.com/in/dhruv-sharma-/
Introduction • Does your business have a disaster recovery plan for natural disaster ? • Does your business have global clients that need regional access to content ? • Does your business want to maximize your investment in secondary datacenter ? • Is DNS management error prone and cumbersome ? • Do you follow a multi-step manual failover process ?
Introduction • F5 GTM (BIG-IP DNS): F5® BIG-IP® Global Traffic Manager™ (GTM) distributes DNS and user application requests based on business policies, data center and cloud service conditions, user location, and application performance. https://www.f5.com/pdf/products/big-ip-global-traffic-manager-ds.pdf • AWS Route 53: Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. Amazon Route 53 is fully compliant with IPv6 as well. Amazon Route 53 effectively connects user requests to infrastructure running in AWS – such as Amazon EC2 instances, Elastic Load Balancing load balancers, or Amazon S3 buckets – and can also be used to route users to infrastructure outside of AWS. https://aws.amazon.com/route53/
• GTM Building Blocks
Load Balancing Mechanism • GTM Load Balancing Mechanism:
Load Balancing Mechanism • We define load balancing mechanism in two sections: • Create Pool • Create wide IP
Load Balancing Mechanism • Topology: BIG-IP GTM distributes DNS name resolution requests using proximity-based load balancing. BIG-IP GTM determines the proximity of the resource by comparing location information derived from the DNS message to the topology records in a topology statement you have configured. • The Global Availability load balancing method instructs BIG-IP GTM to select the first pool in the wide IP pool list until it becomes unavailable, and then to select the next pool in the list until the first pool becomes available again. This ensures that the most robust pool receives DNS name resolution requests, while the other pools act as backups in case the primary pool becomes unavailable.
Configuration Summary • Step 1: Define the GTM Datacenter • Step 2: Add the Servers • Step3: Create Pool Members • Step 4: Create Wide IP • Step 5: Define GTM Listener
Topology
Step 1: Define the GTM Datacenter • Create two datacenters as shown below – India and UK
Step 2: Add the Servers • Define the Servers in the server list, which include the servers and the GTM themselves.
Step3: Create Pool Members • Create pool with India and UK server members. • Select the Load balancing mechanism
Step 4: Create Wide IP • Create a new Wide IP – www.cow.com & select the load balancing mechanism
Step 5: Define GTM Listener • Define the listener address.
Testing • We can confirm first the URI resolves into India URI and later to UK URI.
Costing • If we want to start a GTM service for your company, with bare minimum costing is described: • Device Cost: $ 3977 (https://www.amazon.com/F5-Networks-F5-BIG-LTM-1600-R- Enterprise/dp/B00EAR456Y ) • License Cost: $9,795.10 (tentative costing – not sure)
Extra Features • Zone-Runner: Easy Authoritative DNS Management (NS, SOA, A Records) • DNS Sec (https://www.youtube.com/watch?v=MrtsKTC3KDM ) • iRules – Flexibility to define distribution policies • IPv6 AAAA records support. • Application Specific monitor • Supports iControl. • CDN Support.
• Building Blocks AWS Route 53
AWS Route 53 • A hosted zone is a collection of resource record sets hosted by Amazon Route 53. Like a traditional DNS zone file, a hosted zone represents resource record sets that are managed together under a single domain name. Each hosted zone has its own metadata and configuration information. • Supported record types include: • A • AAAA • CNAME • MX • NS • PTR • SOA • SPF • SRV • ALIAS
Load Balancing Mechanism • When you create a resource record set, you choose a routing policy, which determines how Amazon Route 53 responds to queries. • Routing policies can be associated with health checks, so resource health status is considered before it even becomes a candidate in a conditional decision tree. A description of possible routing policies and more on health checking is covered in this section.
Load Balancing Mechanism 1. Simple: This is the default routing policy when you create a new resource. Use a simple routing policy when you have a single resource that performs a given function for your domain (for example, one web server that serves content for the example.com website). In this case, Amazon Route 53 responds to DNS queries based only on the values in the resource record set (for example, the IP address in an A record).
Load Balancing Mechanism 2. Weighted: With weighted DNS, you can associate multiple resources (such as Amazon Elastic Compute Cloud [Amazon EC2] instances or Elastic Load Balancing load balancers) with a single DNS name.
Load Balancing Mechanism 3. Latency-based routing: allows you to route your traffic based on the lowest network latency for your end user (for example, using the AWS region that will give them the fastest response time). • Use the latency routing policy when you have resources that perform the same function in multiple AWS Availability Zones or regions and you want Amazon Route 53 to respond to DNS queries using the resources that provide the best latency.
Load Balancing Mechanism 4. Use a failover routing policy: to configure active-passive failover, in which one resource takes all the traffic when it’s available and the other resource takes all the traffic when the first resource isn’t available. Note that you can’t create failover resource record sets for private hosted zones.
Load Balancing Mechanism 5. Geo-location Routing: Let you choose where your traffic will be sent based on the geographic location of your users (i.e. the location from which DNS queries originated). For example, you might want all queries from Europe to be routed to a fleet of EC2 instance configured specifically for Europe customers.
AWS Route 53 Implementation • Building Blocks: • Step 1: Register a domain on AWS or external domain providers like godaddy. • Step 2: Setup the servers (EC2 for instance) • Step 3: Create Health Policy • Step 4: Creating DNS-Routing policy
Topology
Step 1: Register a domain • Register for a new domain or setup for an existing domain as shown below. You can buy a new domain directly from AWS or via external vendor like godady and use it here - https://www.radishlogic.com/aws/using-godaddy-domain-in-aws-route-53/
Step 2: Setup the servers • We have successfully hosted two server = 3.8.118.98 & 13.232.6.171
Step 3: Create Health Policy • Optionally configure the health policy, we will use them while we create the DNS policy.
Step 4: Creating DNS-Routing policy • Finally configure the DNS policy as shown below.
Costing • Reference : https://aws.amazon.com/route53/pricing/
Costing • You pay only for what you use. There are no minimum fees, no minimum usage commitments, and no overage charges. • Refer to AWS price calculator: https://calculator.aws/#/
Extra Features • DNSSec is supported.
References • https://www.youtube.com/watch?v=509OS3x-k1A • https://devcentral.f5.com/s/articles/using-big-ip-gtm-to-integrate- with-amazon-web-services
Quick Tips • If you are new to AWS, you can create your account for AWS from link - https://aws.amazon.com/
• Security
Introduction • According to Cisco’s research, over 90% of attacks are done over DNS and only two-thirds of organizations monitor their DNS records. Fortunately, Cisco Umbrella has a feature that would prevent a user from accessing a site, directly using it’s IP address, if it’s known to be malicious. • If you are using your default DNS service, through your internet service provider, you are allowing your desktop or servers to connect to any website without a security filter. • Umbrella keeps a record of all websites that have been known to be malicious and prevents users from accessing the site. Many sites that were once safe, could have been hijacked recently and can host viruses and trojans that can then be pushed down to unsuspecting users.
Introduction • Prevents phishing attacks - Cisco Umbrella would prevent you from accessing phishing site if it has been around long enough for Cisco to detect it. • Prevents Ransomware attacks - Ransomware relies heavily on connecting back to their Command and Control Centre to receive its encryption password to encrypt your files. Umbrella detects these DNS queries in real time and uses anomaly detection algorithms, new domain clustering, and domain reputation system. Even if you were to install the virus, CiscoUmbrella will prevent your system from talking back to the Command and Control Center and thus preventing encryption. • Content Filtering – It has an ability to use content filtering to prevent its users from accessing sites that are not allowed.
Implementations • Home users can protect themselves for free by simply putting in 208.67.222.222 and 208.67.220.220 in their DNS, thus opting for Open DNS. • Visit URI - https://welcome.opendns.com/
Implementations • For enterprise environments, there are several options to implement Umbrella services through the network. At a minimum, you could set your DNS on workstations and servers manually to Umbrella’s DNS IP’s. However, if you add Umbrellas Virtual Appliances and use their AD connector to integrate with your internal DNS server, you will gain further insight into the network. • For Remote VPN Users - Windows and Mac laptop users can also be protected if Roaming Client agent is installed. When the laptop is on the network, it will be disabled since it recognized the DNS of the Virtual Appliances. When the user is at home and off the network, it will re-enable itself and the user will be protected by Umbrella.
Cost • Cisco Umbrella offers below packages for installation: • Wireless LAN – Based on number of Access Points • Professional – Based on number of Users • Insights – Based on number of Users • Platform – Based on number of Users For more details refer below link: • Ref: https://umbrella.cisco.com/opendns-cisco-umbrella • Ref: https://learn-umbrella.cisco.com/datasheets/cisco-umbrella-package-comparison-2
References • https://umbrella.cisco.com/opendns-cisco-umbrella
Cisco FTD – DNS Policies • Firepower system provides the ability to intercept DNS traffic requests and looks for the malicious domain name. If Firepower module finds a malicious domain, the Firepower takes appropriate action to mitigate the request as per configuration of DNS policy. • New attack methods designed to breach IP-based intelligence, misuse DNS load balance features in order to hide the actual IP address of a malicious server. While the IP addresses associated with the attack are frequently swapped in and out, the domain name is rarely changed. • Firepower provides the ability to redirect the malicious request to a sinkhole server which can be a honeypot server to detect, deflect or study attempts to know more about the attack traffic.
New DNS working with FTD • Option 1: We can traditionally create an access control policy to block DNS traffic as shown below. 5/25/2020 47
New DNS working with FTD • Option 2: DNS-based Security Intelligence Firepower allows you to identify a susceptible DNS query and blacklist the resolution of an unsafe domain name, while any queries to legitimate websites are allowed. It leads to a browser not being able to obtain the IP address of a website. FTD blocks the request for a website before a potential HTTP connection is even established. Consequently, FTD does not need to engage its resources for further HTTP inspection. 5/25/2020 48
New DNS working with FTD • DNS Actions – Domain not Found, Drop, Sink Hole 5/25/2020 49
Questions ??

Recommended

Azure Hub spoke v1.0
Azure Hub spoke v1.0Azure Hub spoke v1.0
Azure Hub spoke v1.0
Sayed Ashraf Kazi
 
Meet up roadmap cloudera 2020 - janeiro
Meet up roadmap cloudera 2020 - janeiroMeet up roadmap cloudera 2020 - janeiro
Meet up roadmap cloudera 2020 - janeiro
Thiago Santiago
 
APACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka StreamsAPACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka Streams
Ketan Gote
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
Robb Boyd
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit GatewayArchitecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Cynthia Hsieh
 
Envoy and Kafka
Envoy and KafkaEnvoy and Kafka
Envoy and Kafka
Adam Kotwasinski
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 

Recommended

Azure Hub spoke v1.0
Azure Hub spoke v1.0Azure Hub spoke v1.0
Azure Hub spoke v1.0
Sayed Ashraf Kazi
 
Meet up roadmap cloudera 2020 - janeiro
Meet up roadmap cloudera 2020 - janeiroMeet up roadmap cloudera 2020 - janeiro
Meet up roadmap cloudera 2020 - janeiro
Thiago Santiago
 
APACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka StreamsAPACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka Streams
Ketan Gote
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
Robb Boyd
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit GatewayArchitecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Cynthia Hsieh
 
Envoy and Kafka
Envoy and KafkaEnvoy and Kafka
Envoy and Kafka
Adam Kotwasinski
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 
LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
MinIO January 2020 Briefing
MinIO January 2020 BriefingMinIO January 2020 Briefing
MinIO January 2020 Briefing
Jonathan Symonds
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Pivotal Container Service Overview
Pivotal Container Service Overview Pivotal Container Service Overview
Pivotal Container Service Overview
VMware Tanzu
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
MAAS High Availability Overview
MAAS High Availability OverviewMAAS High Availability Overview
MAAS High Availability Overview
Christian "kiko" Reis
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb Sharding
Araf Karsh Hamid
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overview
Roshan Dias
 
Kafka 101 and Developer Best Practices
Kafka 101 and Developer Best PracticesKafka 101 and Developer Best Practices
Kafka 101 and Developer Best Practices
confluent
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
HungWei Chiu
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
Araf Karsh Hamid
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
Martin Schütte
 
Cisco Application Centric Infrastructure
Cisco Application Centric InfrastructureCisco Application Centric Infrastructure
Cisco Application Centric Infrastructure
islam Salah
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
Amazon Web Services
 
以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端
Amazon Web Services
 
Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)
Naseem Khoodoruth
 
AWS UG Windsor - Route 53 - Architecting Traffic Management
AWS UG Windsor - Route 53 - Architecting Traffic Management AWS UG Windsor - Route 53 - Architecting Traffic Management
AWS UG Windsor - Route 53 - Architecting Traffic Management
Goran Karmisevic
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 

More Related Content

What's hot

LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
MinIO January 2020 Briefing
MinIO January 2020 BriefingMinIO January 2020 Briefing
MinIO January 2020 Briefing
Jonathan Symonds
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Pivotal Container Service Overview
Pivotal Container Service Overview Pivotal Container Service Overview
Pivotal Container Service Overview
VMware Tanzu
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
MAAS High Availability Overview
MAAS High Availability OverviewMAAS High Availability Overview
MAAS High Availability Overview
Christian "kiko" Reis
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb Sharding
Araf Karsh Hamid
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overview
Roshan Dias
 
Kafka 101 and Developer Best Practices
Kafka 101 and Developer Best PracticesKafka 101 and Developer Best Practices
Kafka 101 and Developer Best Practices
confluent
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
HungWei Chiu
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
Araf Karsh Hamid
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
Martin Schütte
 
Cisco Application Centric Infrastructure
Cisco Application Centric InfrastructureCisco Application Centric Infrastructure
Cisco Application Centric Infrastructure
islam Salah
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
Amazon Web Services
 
以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端
Amazon Web Services
 
Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)
Naseem Khoodoruth
 

What's hot (20)

LTM essentials
LTM essentialsLTM essentials
LTM essentials
 
MinIO January 2020 Briefing
MinIO January 2020 BriefingMinIO January 2020 Briefing
MinIO January 2020 Briefing
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
 
Pivotal Container Service Overview
Pivotal Container Service Overview Pivotal Container Service Overview
Pivotal Container Service Overview
 
Service mesh
Service meshService mesh
Service mesh
 
MAAS High Availability Overview
MAAS High Availability OverviewMAAS High Availability Overview
MAAS High Availability Overview
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb Sharding
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overview
 
Kafka 101 and Developer Best Practices
Kafka 101 and Developer Best PracticesKafka 101 and Developer Best Practices
Kafka 101 and Developer Best Practices
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
 
Cisco Application Centric Infrastructure
Cisco Application Centric InfrastructureCisco Application Centric Infrastructure
Cisco Application Centric Infrastructure
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
 
以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端
 
Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)
 

Similar to GTM vs AWS Route 53 with Cisco umbrella

AWS UG Windsor - Route 53 - Architecting Traffic Management
AWS UG Windsor - Route 53 - Architecting Traffic Management AWS UG Windsor - Route 53 - Architecting Traffic Management
AWS UG Windsor - Route 53 - Architecting Traffic Management
Goran Karmisevic
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
AWS Best Practices Version 2
AWS Best Practices Version 2AWS Best Practices Version 2
AWS Best Practices Version 2
Kenichi Shibata
 
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
Amazon Web Services
 
System design for video streaming service
System design for video streaming serviceSystem design for video streaming service
System design for video streaming service
Nirmik Kale
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
Dhruv Sharma
 
Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017 Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017
Amazon Web Services
 
AWS Best Practices
AWS Best PracticesAWS Best Practices
AWS Best Practices
Kenichi Shibata
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
Amazon Web Services
 
Amazon Web Services - Relational Database Service Meetup
Amazon Web Services - Relational Database Service MeetupAmazon Web Services - Relational Database Service Meetup
Amazon Web Services - Relational Database Service Meetup
cyrilkhairallah
 
Coolie @ call
Coolie @ callCoolie @ call
Coolie @ call
ICFAI Business School
 
Scaling the Platform for Your Startup - Startup Talks June 2015
Scaling the Platform for Your Startup - Startup Talks June 2015Scaling the Platform for Your Startup - Startup Talks June 2015
Scaling the Platform for Your Startup - Startup Talks June 2015
Amazon Web Services
 
Whats new fireware-v11-10.compressed
Whats new fireware-v11-10.compressedWhats new fireware-v11-10.compressed
Whats new fireware-v11-10.compressed
groberts52
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
Ajay Choudhary
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)
Adrian Hornsby
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the Cloud
Amazon Web Services
 
Scaling the Platform for Your Startup
Scaling the Platform for Your StartupScaling the Platform for Your Startup
Scaling the Platform for Your Startup
Amazon Web Services
 
Windows Azure Essentials V3
Windows Azure Essentials V3Windows Azure Essentials V3
Windows Azure Essentials V3
Michele Leroux Bustamante
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Amazon Web Services
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
Piyush Agrawal
 

Similar to GTM vs AWS Route 53 with Cisco umbrella (20)

AWS UG Windsor - Route 53 - Architecting Traffic Management
AWS UG Windsor - Route 53 - Architecting Traffic Management AWS UG Windsor - Route 53 - Architecting Traffic Management
AWS UG Windsor - Route 53 - Architecting Traffic Management
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
 
AWS Best Practices Version 2
AWS Best Practices Version 2AWS Best Practices Version 2
AWS Best Practices Version 2
 
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
 
System design for video streaming service
System design for video streaming serviceSystem design for video streaming service
System design for video streaming service
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017 Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017
 
AWS Best Practices
AWS Best PracticesAWS Best Practices
AWS Best Practices
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
 
Amazon Web Services - Relational Database Service Meetup
Amazon Web Services - Relational Database Service MeetupAmazon Web Services - Relational Database Service Meetup
Amazon Web Services - Relational Database Service Meetup
 
Coolie @ call
Coolie @ callCoolie @ call
Coolie @ call
 
Scaling the Platform for Your Startup - Startup Talks June 2015
Scaling the Platform for Your Startup - Startup Talks June 2015Scaling the Platform for Your Startup - Startup Talks June 2015
Scaling the Platform for Your Startup - Startup Talks June 2015
 
Whats new fireware-v11-10.compressed
Whats new fireware-v11-10.compressedWhats new fireware-v11-10.compressed
Whats new fireware-v11-10.compressed
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the Cloud
 
Scaling the Platform for Your Startup
Scaling the Platform for Your StartupScaling the Platform for Your Startup
Scaling the Platform for Your Startup
 
Windows Azure Essentials V3
Windows Azure Essentials V3Windows Azure Essentials V3
Windows Azure Essentials V3
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
 

More from Dhruv Sharma

RAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptxRAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptx
Dhruv Sharma
 
Load Balance with NSX-T.pptx
Load Balance with NSX-T.pptxLoad Balance with NSX-T.pptx
Load Balance with NSX-T.pptx
Dhruv Sharma
 
NSX_Troubleshooting.pptx
NSX_Troubleshooting.pptxNSX_Troubleshooting.pptx
NSX_Troubleshooting.pptx
Dhruv Sharma
 
ASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptxASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptx
Dhruv Sharma
 
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Dhruv Sharma
 
Routebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptxRoutebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptx
Dhruv Sharma
 
Ansible Network Automation session1
Ansible Network Automation session1Ansible Network Automation session1
Ansible Network Automation session1
Dhruv Sharma
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Dhruv Sharma
 
Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0
Dhruv Sharma
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE
Dhruv Sharma
 
Get vpn multicast for CCIE Security
Get vpn multicast for CCIE SecurityGet vpn multicast for CCIE Security
Get vpn multicast for CCIE Security
Dhruv Sharma
 
Route tags with OSPF
Route tags with OSPFRoute tags with OSPF
Route tags with OSPF
Dhruv Sharma
 
Aci vmware integration_youtube
Aci vmware integration_youtubeAci vmware integration_youtube
Aci vmware integration_youtube
Dhruv Sharma
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
Dhruv Sharma
 
Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
Dhruv Sharma
 
Unquoted service path exploitation
Unquoted service path exploitationUnquoted service path exploitation
Unquoted service path exploitation
Dhruv Sharma
 
Getting started kali linux
Getting started kali linuxGetting started kali linux
Getting started kali linux
Dhruv Sharma
 

More from Dhruv Sharma (17)

RAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptxRAVPN EAP-IKEv2 VPN.pptx
RAVPN EAP-IKEv2 VPN.pptx
 
Load Balance with NSX-T.pptx
Load Balance with NSX-T.pptxLoad Balance with NSX-T.pptx
Load Balance with NSX-T.pptx
 
NSX_Troubleshooting.pptx
NSX_Troubleshooting.pptxNSX_Troubleshooting.pptx
NSX_Troubleshooting.pptx
 
ASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptxASA VPN_Certificate authentication_ISE Authorization.pptx
ASA VPN_Certificate authentication_ISE Authorization.pptx
 
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
Setting up CDP (Cisco Discovery Protocol) between Cisco IOS and VMware Virtua...
 
Routebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptxRoutebased-Policybased VPN.pptx
Routebased-Policybased VPN.pptx
 
Ansible Network Automation session1
Ansible Network Automation session1Ansible Network Automation session1
Ansible Network Automation session1
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE
 
Get vpn multicast for CCIE Security
Get vpn multicast for CCIE SecurityGet vpn multicast for CCIE Security
Get vpn multicast for CCIE Security
 
Route tags with OSPF
Route tags with OSPFRoute tags with OSPF
Route tags with OSPF
 
Aci vmware integration_youtube
Aci vmware integration_youtubeAci vmware integration_youtube
Aci vmware integration_youtube
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
 
Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
 
Unquoted service path exploitation
Unquoted service path exploitationUnquoted service path exploitation
Unquoted service path exploitation
 
Getting started kali linux
Getting started kali linuxGetting started kali linux
Getting started kali linux
 

Recently uploaded

A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 

Recently uploaded (20)

A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 

GTM vs AWS Route 53 with Cisco umbrella

  • 2. • Dhruv Sharma • Experienced IT Professional – CISSP, OSCP, CCNP-Sec, AWS Architect • Linked In: https://www.linkedin.com/in/dhruv-sharma-/
  • 3. Introduction • Does your business have a disaster recovery plan for natural disaster ? • Does your business have global clients that need regional access to content ? • Does your business want to maximize your investment in secondary datacenter ? • Is DNS management error prone and cumbersome ? • Do you follow a multi-step manual failover process ?
  • 4. Introduction • F5 GTM (BIG-IP DNS): F5® BIG-IP® Global Traffic Manager™ (GTM) distributes DNS and user application requests based on business policies, data center and cloud service conditions, user location, and application performance. https://www.f5.com/pdf/products/big-ip-global-traffic-manager-ds.pdf • AWS Route 53: Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. Amazon Route 53 is fully compliant with IPv6 as well. Amazon Route 53 effectively connects user requests to infrastructure running in AWS – such as Amazon EC2 instances, Elastic Load Balancing load balancers, or Amazon S3 buckets – and can also be used to route users to infrastructure outside of AWS. https://aws.amazon.com/route53/
  • 6. Load Balancing Mechanism • GTM Load Balancing Mechanism:
  • 7. Load Balancing Mechanism • We define load balancing mechanism in two sections: • Create Pool • Create wide IP
  • 8. Load Balancing Mechanism • Topology: BIG-IP GTM distributes DNS name resolution requests using proximity-based load balancing. BIG-IP GTM determines the proximity of the resource by comparing location information derived from the DNS message to the topology records in a topology statement you have configured. • The Global Availability load balancing method instructs BIG-IP GTM to select the first pool in the wide IP pool list until it becomes unavailable, and then to select the next pool in the list until the first pool becomes available again. This ensures that the most robust pool receives DNS name resolution requests, while the other pools act as backups in case the primary pool becomes unavailable.
  • 9. Configuration Summary • Step 1: Define the GTM Datacenter • Step 2: Add the Servers • Step3: Create Pool Members • Step 4: Create Wide IP • Step 5: Define GTM Listener
  • 11. Step 1: Define the GTM Datacenter • Create two datacenters as shown below – India and UK
  • 12. Step 2: Add the Servers • Define the Servers in the server list, which include the servers and the GTM themselves.
  • 13. Step3: Create Pool Members • Create pool with India and UK server members. • Select the Load balancing mechanism
  • 14. Step 4: Create Wide IP • Create a new Wide IP – www.cow.com & select the load balancing mechanism
  • 15. Step 5: Define GTM Listener • Define the listener address.
  • 16. Testing • We can confirm first the URI resolves into India URI and later to UK URI.
  • 17. Costing • If we want to start a GTM service for your company, with bare minimum costing is described: • Device Cost: $ 3977 (https://www.amazon.com/F5-Networks-F5-BIG-LTM-1600-R- Enterprise/dp/B00EAR456Y ) • License Cost: $9,795.10 (tentative costing – not sure)
  • 18. Extra Features • Zone-Runner: Easy Authoritative DNS Management (NS, SOA, A Records) • DNS Sec (https://www.youtube.com/watch?v=MrtsKTC3KDM ) • iRules – Flexibility to define distribution policies • IPv6 AAAA records support. • Application Specific monitor • Supports iControl. • CDN Support.
  • 19. • Building Blocks AWS Route 53
  • 20. AWS Route 53 • A hosted zone is a collection of resource record sets hosted by Amazon Route 53. Like a traditional DNS zone file, a hosted zone represents resource record sets that are managed together under a single domain name. Each hosted zone has its own metadata and configuration information. • Supported record types include: • A • AAAA • CNAME • MX • NS • PTR • SOA • SPF • SRV • ALIAS
  • 21. Load Balancing Mechanism • When you create a resource record set, you choose a routing policy, which determines how Amazon Route 53 responds to queries. • Routing policies can be associated with health checks, so resource health status is considered before it even becomes a candidate in a conditional decision tree. A description of possible routing policies and more on health checking is covered in this section.
  • 22. Load Balancing Mechanism 1. Simple: This is the default routing policy when you create a new resource. Use a simple routing policy when you have a single resource that performs a given function for your domain (for example, one web server that serves content for the example.com website). In this case, Amazon Route 53 responds to DNS queries based only on the values in the resource record set (for example, the IP address in an A record).
  • 23. Load Balancing Mechanism 2. Weighted: With weighted DNS, you can associate multiple resources (such as Amazon Elastic Compute Cloud [Amazon EC2] instances or Elastic Load Balancing load balancers) with a single DNS name.
  • 24. Load Balancing Mechanism 3. Latency-based routing: allows you to route your traffic based on the lowest network latency for your end user (for example, using the AWS region that will give them the fastest response time). • Use the latency routing policy when you have resources that perform the same function in multiple AWS Availability Zones or regions and you want Amazon Route 53 to respond to DNS queries using the resources that provide the best latency.
  • 25. Load Balancing Mechanism 4. Use a failover routing policy: to configure active-passive failover, in which one resource takes all the traffic when it’s available and the other resource takes all the traffic when the first resource isn’t available. Note that you can’t create failover resource record sets for private hosted zones.
  • 26. Load Balancing Mechanism 5. Geo-location Routing: Let you choose where your traffic will be sent based on the geographic location of your users (i.e. the location from which DNS queries originated). For example, you might want all queries from Europe to be routed to a fleet of EC2 instance configured specifically for Europe customers.
  • 27. AWS Route 53 Implementation • Building Blocks: • Step 1: Register a domain on AWS or external domain providers like godaddy. • Step 2: Setup the servers (EC2 for instance) • Step 3: Create Health Policy • Step 4: Creating DNS-Routing policy
  • 29. Step 1: Register a domain • Register for a new domain or setup for an existing domain as shown below. You can buy a new domain directly from AWS or via external vendor like godady and use it here - https://www.radishlogic.com/aws/using-godaddy-domain-in-aws-route-53/
  • 30. Step 2: Setup the servers • We have successfully hosted two server = 3.8.118.98 & 13.232.6.171
  • 31. Step 3: Create Health Policy • Optionally configure the health policy, we will use them while we create the DNS policy.
  • 32. Step 4: Creating DNS-Routing policy • Finally configure the DNS policy as shown below.
  • 33. Costing • Reference : https://aws.amazon.com/route53/pricing/
  • 34. Costing • You pay only for what you use. There are no minimum fees, no minimum usage commitments, and no overage charges. • Refer to AWS price calculator: https://calculator.aws/#/
  • 35. Extra Features • DNSSec is supported.
  • 37. Quick Tips • If you are new to AWS, you can create your account for AWS from link - https://aws.amazon.com/
  • 39.
  • 40. Introduction • According to Cisco’s research, over 90% of attacks are done over DNS and only two-thirds of organizations monitor their DNS records. Fortunately, Cisco Umbrella has a feature that would prevent a user from accessing a site, directly using it’s IP address, if it’s known to be malicious. • If you are using your default DNS service, through your internet service provider, you are allowing your desktop or servers to connect to any website without a security filter. • Umbrella keeps a record of all websites that have been known to be malicious and prevents users from accessing the site. Many sites that were once safe, could have been hijacked recently and can host viruses and trojans that can then be pushed down to unsuspecting users.
  • 41. Introduction • Prevents phishing attacks - Cisco Umbrella would prevent you from accessing phishing site if it has been around long enough for Cisco to detect it. • Prevents Ransomware attacks - Ransomware relies heavily on connecting back to their Command and Control Centre to receive its encryption password to encrypt your files. Umbrella detects these DNS queries in real time and uses anomaly detection algorithms, new domain clustering, and domain reputation system. Even if you were to install the virus, CiscoUmbrella will prevent your system from talking back to the Command and Control Center and thus preventing encryption. • Content Filtering – It has an ability to use content filtering to prevent its users from accessing sites that are not allowed.
  • 42. Implementations • Home users can protect themselves for free by simply putting in 208.67.222.222 and 208.67.220.220 in their DNS, thus opting for Open DNS. • Visit URI - https://welcome.opendns.com/
  • 43. Implementations • For enterprise environments, there are several options to implement Umbrella services through the network. At a minimum, you could set your DNS on workstations and servers manually to Umbrella’s DNS IP’s. However, if you add Umbrellas Virtual Appliances and use their AD connector to integrate with your internal DNS server, you will gain further insight into the network. • For Remote VPN Users - Windows and Mac laptop users can also be protected if Roaming Client agent is installed. When the laptop is on the network, it will be disabled since it recognized the DNS of the Virtual Appliances. When the user is at home and off the network, it will re-enable itself and the user will be protected by Umbrella.
  • 44. Cost • Cisco Umbrella offers below packages for installation: • Wireless LAN – Based on number of Access Points • Professional – Based on number of Users • Insights – Based on number of Users • Platform – Based on number of Users For more details refer below link: • Ref: https://umbrella.cisco.com/opendns-cisco-umbrella • Ref: https://learn-umbrella.cisco.com/datasheets/cisco-umbrella-package-comparison-2
  • 46. Cisco FTD – DNS Policies • Firepower system provides the ability to intercept DNS traffic requests and looks for the malicious domain name. If Firepower module finds a malicious domain, the Firepower takes appropriate action to mitigate the request as per configuration of DNS policy. • New attack methods designed to breach IP-based intelligence, misuse DNS load balance features in order to hide the actual IP address of a malicious server. While the IP addresses associated with the attack are frequently swapped in and out, the domain name is rarely changed. • Firepower provides the ability to redirect the malicious request to a sinkhole server which can be a honeypot server to detect, deflect or study attempts to know more about the attack traffic.
  • 47. New DNS working with FTD • Option 1: We can traditionally create an access control policy to block DNS traffic as shown below. 5/25/2020 47
  • 48. New DNS working with FTD • Option 2: DNS-based Security Intelligence Firepower allows you to identify a susceptible DNS query and blacklist the resolution of an unsafe domain name, while any queries to legitimate websites are allowed. It leads to a browser not being able to obtain the IP address of a website. FTD blocks the request for a website before a potential HTTP connection is even established. Consequently, FTD does not need to engage its resources for further HTTP inspection. 5/25/2020 48
  • 49. New DNS working with FTD • DNS Actions – Domain not Found, Drop, Sink Hole 5/25/2020 49