Inherent Security Design Patterns for SDN/NFV Deployments

John McDowall of Palo Alto networks presents on security design patterns to provide inherent security to NFV networks.

Technology

Inherent Security Design
Patterns for SDN/NFV
Deployments
John McDowall
Palo Alto Networks

Drivers for Consumers and Providers of Cloud/NFV
Automa'on

Minimize

OPEX
&
CAPEX

Dynamic

Resources

Self-‐Service

Portals

Scalability

Agility
Producers Consumers
Make security easy-to-deploy
by consumers
No Bottlenecks
Need well-defined security posture
New

Business

Models

“….if
innova+on
doesn’t
get
ahead
of
the

hackers,
we
will
likely
see
roadblocks
to

rolling
out
new
SDx
applica+ons
….

….
because
of
the
fear
that
SDx

Infrastructure
cannot
protect
against
and

contain
new
aAacks.
“

SDxCentral SDx Infrastructure Security Report 2015 Edition

Key Security Perspectives
The security perimeter no longer exists.
Understanding the Cyber Attack Pattern Lifecycle
How do we prevent attacks with SDN/NFV ?

Preventing Across the Cyber Attack* Life Cycle
Unauthorized Access Unauthorized Use
Gather
Intelligence
Leverage
Exploit
Execute
Malware
Command
& Control
Actions on
the
objective
Reconnaissance Weaponization
& Delivery
Malware
Communicates
with Attacker
Exploitation Data Theft,
Sabotage,
Destruction
* Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, Ph.D. Lockheed Martin Corporation
Breach
the
Perimeter
1 Deliver
the
Malware
2 Exﬁltrate
Data
4Lateral
Movement
3

Security Challenges with NFV
Manual

Deployments

Slow
and
error-‐
prone
processes
to

enable
security

Transient

Workloads

Workload
lifespan

is
in
hours,
days
or

weeks

Sta'c

Remedia'on

Lack
of
dynamic

remediaCon

measures

Malware

30,000

new
malware
/day

Applying Zero Trust* to NFV
FoundationalSecurity
DesignPattern
* No More Chewy Centers: The Zero Trust Model of Information Security John Kindervag, Forester Research, 2014
Verify
and

Never
Trust

Inspect
and

Log
all
Traﬃc

Design

Network

Inside-‐Out

Predefine:
•  User-Access Controls
•  Layer-7 Interactions
Build:
•  Security Compliance
•  Auditable Entities
Enable:
•  Fine grained kill switch
•  Real-time Security Updates

Foundation Security Blueprint
FoundationalSecurity
DesignPattern
•  Deﬁne
allowable

interacCons

•  Add
applicaCon

security
paOern

•  Sign-‐oﬀ
by
security

team

•  Deploy
zero-‐trust

applicaCon
security

paOern.

•  Merge

parameterized

paOern
with
tenant

instance

•  Deny-‐All
to
Only-‐
Allowed

•  Real-‐Cme
InspecCon

•  Update
threat

paOerns,
sigs
et
al

•  Disrupt
and/or

block
cyber

aOacks

•  Archive
logs
&

policies

•  Perform
forensics

•  Generate
report

Prepare
Deploy
Update
Remove

1 2 3 4
Virtual Function Security Model Virtual Function

Implementation of Foundation Security Pattern
SecureEncapsulation
DesignPattern
Enforce zero-trust
model – block all
traffic until policy is
applied.
Security

Enforcement

Point

VM-‐A

Security

Enforcement

Point

VM-‐A

Security

Enforcement

Point

VM-‐A

Security

Enforcement

Point

VM-‐A

1
Security
Controller
Get signed “security pattern”
from VM deployment
Descriptor and deploy with
application.
2
Get VNI/Tenant ID for
instance mapping
bridge
vxlan nic
Apply policy/tenant
based on tenant ID
and application
security pattern
retrieved from
deployment.
4
3
v-‐wire
v-wire NFV deployed
security enforcement
point.
1
Data
link

Control
link

v-‐wire

Summary
•  Security was one on the biggest impediments to
deployment of NFV.
•  Leveraging NFV to deﬁne a foundational pattern to
protect application workloads.
•  Application Security patterns can now be applied to the
foundational pattern to implement security from the
inside out
•  Security is now a resource that scales with your NFV
infra-structure.
11

Tsvi Korren, VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.

Pxosys Webinar Amplify your Security

🏆Ruben Cocheno💭

Cisco and Pxosys teamed up for this Webinar, we will walk you through the Threat Landscape and recent DNS Ransomware cases, and explain why DNS Security is important in your Security Stack within your Organization. We are going to look on a Cisco Umbrella Live Demo and see the potential of the platform from the easy deployment, reporting, and blocking & mitigate Threats from day Zero. A Q&A is going to end the event to clarify any questions that arise during the demo event. Attendees will receive a Cisco Umbrella Free Trial (30 days) at the end of the event. Visit www.pxosys.com to know more about us.

VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...

Behind the scene of malware operators. Insights and countermeasures. CONFiden...

Marco Balduzzi

Modern cybercrime operates highly-sophisticated campaigns that challenge, or even evade, the state-of-art in defense and protection. On a daily basis, users worldwide are fooled by new techniques and threats that went under the radar, like new 0-days or attack vectors. We passively monitored how these attacks are conducted on real installations, and unveiled the modus operandi of malware operators. In this presentation, we share with the audience our recent findings and trends that we observed in-the-wild from the analysis we conducted on 3 million software downloads, involving hundreds of thousands of Internet connected machines. During the talk, we provide insights on our investigation like the effect of code signing abuse, the compromise of cloud providers' operations, the use of domains generated automatically via social engineering, and the business model behind modern malware campaigns. We also discuss the problem of "unknown threats", showing how the Internet's threats landscape is still largely unexplored and how it badly impacts on million of users. We conclude with a proof-of-concept system that we designed and that uses machine-learning to generate human-readable rules for detection. Our system represents a potential mitigation to the problem of "unknown threats" and an assistance tool for analysts globally.

Using Your Network as a Sensor for Enhanced Visibility and Security

Lancope, Inc.

Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before. Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity. During the webinar we will discuss: Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance. Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.

Хакеро-машинный интерфейс

Positive Hack Days

Докладчики представят подробный анализ, проведенный на основе исследования более 200 уязвимостей в SCADA и HMI. Вы сможете ознакомиться с подробным описанием популярных типов уязвимостей в решениях крупнейших производителей, таких как Schneider Electric, Siemens, General Electric и Advantech. Вы узнаете о том, как обнаружить критически опасные уязвимости в базовом коде. В докладе будут сопоставляться активность разных производителей в выпуске исправлений, а также сегменты SCADA с другими сегментами рынка программного обеспечения. Вниманию разработчиков и операторов будут предоставлены рекомендации, которые позволят снизить вероятность осуществления атак, а также прогнозы касательно дальнейших тенденций развития атак.

Introduction to Mod security session April 2016

Rahul

VMworld 2013: Security Automation Workflows with NSX

ASA Firepower NGFW Update and Deployment Scenarios

This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases

Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...

Hacking IoT with EXPLIoT Framework

Priyanka Aash

"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy to use 2. Extendable 3. Support for hardware, radio and IoT protocol analysis EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits: 1. Radio – BLE , Zigbee 2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP 3. Hardware – CAN, SPI, I2C, UART, JTAG This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."

Preventing Today's Malware

David Perkins

How to Test High-Performance Next-Generation Firewalls

Ixia

Sourcefire Webinar - NEW GENERATION IPS

mmiznoni

See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...

PLUMgrid

After deployment and build-out of an OpenStack cloud, operators require a complete end to end single pane view of the SDN-based network overlay, all the associated workloads and hypervisors and physical infrastructure. Enterprises and cloud providers alike have aggressively adopted SDN visualization and monitoring platforms in addition to OpenStack horizon to keep their infrastructure running with 100% uptime. Additionally, new tools that aim at helping with proactive remediation of issues are being deployed and leveraged to quickly bring back the system to healthy conditions. In this session, attendees will discover: How comprehensive visualization could help operations staff How to correlate physical and virtual networks How to immediately identify problems as they arise

Open Source Means Upstream First

Chris Wright, Red Hat Chief Technologist, discussed how the needs of communications service providers are being addressed with an upstream first, open source philosophy. Chris touched on the evolution of network functions from hardware to cloud based, and how the industry can achieve the service availability, security, automation, and scale necessary with a Network Functions Virtualization platform through community innovation.

What's hot

Mod SecurityAbhishek Singh

Cisco amp for meraki

Cisco umbrella overview

Web Application Firewall

Chandrapal Badshah

Equifax cyber attack contained by containers

Aqua Security

TechWiseTV Workshop: OpenDNS and AnyConnect

Robb Boyd

Cloud Native Security: New Approach for a New Reality

Carlos Andrés García

Pxosys Webinar Amplify your Security

🏆Ruben Cocheno💭

VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...

Behind the scene of malware operators. Insights and countermeasures. CONFiden...

Marco Balduzzi

Using Your Network as a Sensor for Enhanced Visibility and Security

Lancope, Inc.

Хакеро-машинный интерфейс

Positive Hack Days

Introduction to Mod security session April 2016

Rahul

VMworld 2013: Security Automation Workflows with NSX

ASA Firepower NGFW Update and Deployment Scenarios

Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...

Hacking IoT with EXPLIoT Framework

Priyanka Aash

Preventing Today's Malware

David Perkins

How to Test High-Performance Next-Generation Firewalls

Ixia

Sourcefire Webinar - NEW GENERATION IPS

mmiznoni

What's hot (20)

Mod Security

Cisco amp for meraki

Cisco umbrella overview

Web Application Firewall

Equifax cyber attack contained by containers

TechWiseTV Workshop: OpenDNS and AnyConnect

Cloud Native Security: New Approach for a New Reality

Pxosys Webinar Amplify your Security

VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...

Behind the scene of malware operators. Insights and countermeasures. CONFiden...

Using Your Network as a Sensor for Enhanced Visibility and Security

Хакеро-машинный интерфейс

Introduction to Mod security session April 2016

VMworld 2013: Security Automation Workflows with NSX

ASA Firepower NGFW Update and Deployment Scenarios

Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...

Hacking IoT with EXPLIoT Framework

Preventing Today's Malware

How to Test High-Performance Next-Generation Firewalls

Sourcefire Webinar - NEW GENERATION IPS

Viewers also liked

See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...

PLUMgrid

Open Source Means Upstream First

Indonesia Honeynet Chapter

Nuts & Bolts of the Dynamic Attack Chain

IBM Security

With significant breaches of personal and corporate data being announced regularly, there is even more value in understanding how the dynamic attack chain really works in addition to what tools your organization can use to disrupt it. From break-in to ex-filtration, you will be taken through a "real-world" scenario to understand how easy it is for attackers to infiltrate your network and steal sensitive data. We will review the technologies you can use to combat these threats and contain the impact of a breach as well as determine what protection strategy you should adopt to avoid being the next headline. Join this live webinar, presented by Christopher Beier, IBM Security Senior Product Marketing Manager, to: - Experience a "real world" step-by-step scenario from break-in to ex-filtration - Learn in detail how the dynamic attack chain works - Understand which network and endpoint protections your organization should have in place View the on-demand recording: http://securityintelligence.com/events/nuts-bolts-dynamic-attack-chain/

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...

Luigi Delgrosso

Crack the Code

InnoTech

InduSoft System security webinar 2012

AVEVA

Amien Harisen - APT1 Attack

Security best practices

AVEVA

The Anatomy of a Data Breach

David Hunt

In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are. In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:

Openstack meetup: NFV and Openstack

Marie-Paule Odini

Nfv

Ahmad Hijazi

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...

Knowledge Group

Viewers also liked (12)

See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...

Open Source Means Upstream First

Nuts & Bolts of the Dynamic Attack Chain

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...

Crack the Code

InduSoft System security webinar 2012

Amien Harisen - APT1 Attack

Security best practices

The Anatomy of a Data Breach

Openstack meetup: NFV and Openstack

Nfv

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...

Similar to Inherent Security Design Patterns for SDN/NFV Deployments

Web Application Security for Continuous Delivery Pipelines

Avi Networks

Watch on-demand webinar: https://info.avinetworks.com/webinars/web-application-security-continuous-delivery-pipelines Applications today have evolved into containers and microservices deployed in fully automated and distributed environments across data centers and clouds. Application services such as load balancing, security, and analytics become critical for continuous delivery. To secure modern web applications, security policies including SSL/TLS, ACLs, IP Reputation, and WAF need to be applied quickly. We will share a reference implementation from Avi Networks. Join this webinar to learn: - CI/CD in the web application security context - Challenges and solutions integrating a modern web application firewall (WAF) into the application development pipeline - How to create processes that support both security and development requirements

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.

Scalar Decisions

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

Rik Ferguson

CloudExpoEurope

.conf Go Zurich 2022 - Security Session

Splunk

Resume | Vijay Navgire

Vijay Νavgire

AWS live hack: Atlassian + Snyk OSS on AWS

Eric Smalling

Crush Cloud Complexity, Simplify Security - Shield X

Prime Infoserv

The session will be focusing how cloud-native security platform can continuously discovers workloads, identifies risk, and enforces security policies in any multi-cloud environment. Additionally it will also cover the Automated policy generation through agent-less security controls makes protecting data and applications the easiest thing to do in the cloud. The Speaker of the session will be Dr. Ratinder Paul Singh Ahuja, Founder and Chief Research and Development Officer, Shield X, USA Dr. Ratinder leads ShieldX and its mission as its central pivot point. Drawing from a career as a successful serial entrepreneur and corporate leader, he brings his unique blend of business acumen, industry network and deep technical knowledge. At his previous start-ups, Internet Junction, Webstacks and Reconnex he served as Chief Technology Officer and Vice President of the Mobile and Network Security Business Units. His knowledge of innovation and emerging trends in networking, network security, and data-loss prevention are derived from years of industry experience. Dr. Ahuja holds a BS in Electronics & Electrical Engineering from Thapar University, in India, and a Masters and Ph.D. in Computer Engineering from Iowa State University. Dr. Ahuja has been granted 61 patents for security-based technologies, and has presented in many public forums, including the Content Protection Summit, IC3, IEEE Computer Society, McAfee FOCUS, and the Cloud Expo.

CyberCrime in the Cloud and How to defend Yourself Alert Logic

CSS 17: NYC - Realities of Security in the Cloud

Managed security services

manoharparakh

Protecting microservices using secure design patterns 1.0

Trupti Shiralkar, CISSP

VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...

CSS17: Atlanta - Realities of Security in the Cloud

Cloudflare_Everywhere_Security_Solution_Brief (1).pdf

petchphumsanit40

CSO CXO Series Breakfast

CSO_Presentations

chapitre1-cloud security basics-23 (1).pptx

GhofraneFerchichi2

Symantec Best Practices for Cloud Security: Insights from the Front Lines

Symantec

Regulated Reactive - Security Considerations for Building Reactive Systems in...

Ryan Hodgin

Data Center Server security

xband

Similar to Inherent Security Design Patterns for SDN/NFV Deployments (20)

Web Application Security for Continuous Delivery Pipelines

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.

Azure 101: Shared responsibility in the Azure Cloud

Rik Ferguson

.conf Go Zurich 2022 - Security Session

Resume | Vijay Navgire

AWS live hack: Atlassian + Snyk OSS on AWS

Crush Cloud Complexity, Simplify Security - Shield X

CyberCrime in the Cloud and How to defend Yourself

CSS 17: NYC - Realities of Security in the Cloud

Managed security services

Protecting microservices using secure design patterns 1.0

VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...

CSS17: Atlanta - Realities of Security in the Cloud

Cloudflare_Everywhere_Security_Solution_Brief (1).pdf

CSO CXO Series Breakfast

chapitre1-cloud security basics-23 (1).pptx

Symantec Best Practices for Cloud Security: Insights from the Front Lines

Regulated Reactive - Security Considerations for Building Reactive Systems in...

Data Center Server security

More from OPNFV

How to Reuse OPNFV Testing Components in Telco Validation Chain

Morgan Richomme, Orange OPNFV provides lots of tooling that can be adopted and adapted to Service providers solution. These solutions are OpenStack based but not necessarily OPNFV solutions. This session will detail how some components developed in OPNFV have been introduced in Orange Integration Center, an OpenStack based vendor solution including Contrail SDN controller and third party elements. The best practices learned in OPNFV were used to design and build a CI chain including jenkins, functest, yardstick, the test API and the Test DB.

Energy Audit aaS with OPNFV

Morgan Richomme, Orange Power consumption is a key driver of NFV. However very few projects deal with this aspect. This session will detail a prototype realized in OPNFV Orange labs aiming to track power consumption during CI operations. We could imagine that, if we generalize the information colelction to the Pharos community, we may get significative figures to establish power consumption profiles and why not try to get even deeper and get applicative profile using statistical tools

Hands-On Testing: How to Integrate Tests in OPNFV

Storage Performance Indicators - Powered by StorPerf and QTIP

Yujun Zhang, ZTE Corporation, Mark Beierl, Dell EMC StorPerf uses heat to create VMs with attached cinder volumes. The volumes are used *without* a file system (ie target=/dev/vdb). The FIO workload is run and stats collected every minute. When we get 10 samples in a row that fit within a certain range and slope, we say it is a valid measurement. This avoids false numbers due to Ceph balancing or other warm up. The metrics can be read after job completes, and there is an indicator to state if the volume metrics stabilized or not. Storage QPI will be calculated based on the test results from storperf by QTIP. It aims to be a comparable indicator for storage performance among different platforms.

Big Data for Testing - Heading for Post Process and Analytics

Yujun Zhang, ZTE Corporation, Donald Hunter, Cisco, Trevor Cooper, Intel The testing community created tens of testing projects, hundreds of testing cases, thousands of testing jobs. Huge amount of testing data has been produced. What comes next, then? The testing community puts in place tools and procedures to declare testcases/projects, normalize and upload results. These tools and procedures have been adopted so we now have lots of data covering lots of scenarios, hardware, installers. In this presentation, we shall discuss the stakes and challenges of result post processing. * How analytics can provide valuable inputs to the community, end users or upstream projects. * How can we produce accurate indicators, reports and graphs, focus on interpreting / consuming test results. * How can we get the best of breeds of our result mine?

Testing, CI Gating & Community Fast Feedback: The Challenge of Integration Pr...

Jose Lausuch, Ericsson, Nikolas Hermanns, Ericsson How can we make sure that new code in OPNFV does not break or stop CI? How can we ensure quick feedback for each patch-set? With the new way to snapshot a virtual deployment it is now possible to get virtual clouds up and running in about 2 min. In addition, through low amount of disk/cpu consumption and isolation of the networking it is possible to have a very high number of virtual deployments co-existing in the same bare-metal server.

How Many Ohs? (An Integration Guide to Apex & Triple-o)

Dan Radez, Red Hat, Tim Rozet, Red Hat The OPNFV ecosystem is made up of projects that need to integrate with each other. Project Apex uses Triple-o under the covers which most people usually need some assistance to integrate with. Come and spend a session with the Apex development team learning the ins and outs of Triple-o. In this session participants will learn about the deployment process that is run when an Apex/Triple-o deployment is executed and how to assign services to nodes and generate networking configurations withing Triple-o to successfully integrate and deploy a new component in OpenStack. Come learn how to untangle the learning curve presented when integrating and using Triple-o and simplify your future development and deployment endeavors with a new found intimate knowledge of the Apex & Triple-o platform.

Being Brave: Deploying OpenStack from Master

Fatih Degirmenci, Ericsson, Yolanda Robla Mota, RedHat, Markos Chandras, SUSE OPNFV has been working with the communities such as OpenStack, OpenDaylight, and fd.io as part of its Cross Community CI (XCI) effort in order to provide means for the developers to work with the latest versions of upstream components, cutting the time it takes to develop new features significantly and testing them on the OPNFV Infrastructure. Apart from developing and testing new features, OPNFV XCI will enable developers to identify bugs earlier, issue fixes faster, and get feedback on a daily basis. This is a prerequisite for OPNFV in its CD & DevOps journey. OPNFV aims to run XCI by reusing what other communities developed such as bifrost and openstack-ansible. While doing this, OPNFV intends to develop, maintain, and evolve OPNFV Infrastructure like how the other OPNFV projects do; upstream first. Whatever missing functionality and issues we identify in the components we use as part of our infrastructure and CI/CD toolchain, we strive to fix them directly upstream. During this session, we will talk about the progress we have made so far, contributions we made to our upstream communities, and share our experiences. We will also highlight the key benefits of XCI for the community in order for developers to utilize the mechanisms, work with OpenStack master to implement new features and fix bugs using the toolchain XCI established.

Upstream Testing Collaboration

Jose Lausuch, Ericsson OPNFV provides different test frameworks which help developers to write new test cases. Those frameworks also borrow and integrate a variety of testing tools from other open source communities (OpenStack, OpenDaylight, Open-O, ...). This session will go through all the tools that have been integrated so far in OPNFV and the cross community collaboration that has already started in Danube time frame.

Enabling Carrier-Grade Availability Within a Cloud Infrastructure

Aaron Smith, Red hat, Pasi Vaananen, Red Hat Carrier-Grade Cloud Infrastructure (Aaron Smith, Pasi Vaananen, Red Hat): The move from vertically integrated hardware and software to distributed execution in a cloud complicates the delivery of highly available services. Vertically integrated systems enabled all system layers required to communicate and participate in the support of availability of the service to be under control of single system vendor. With NFV, the cloud philosophy of infrastructure and application decoupling requires new open interfaces to support the necessary flow of information between layers and clear separation of the fault and availability management responsibilities between the infrastructure and application SW subsystems. Even in the cloud environment, traditional availability concepts such as fast detection, correlation, and fault notification still apply. A fast, low-latency fault management platform will be presented that allows cloud-based services to achieve 5NINES of availability and service continuity. Performance measurements from a prototype of the system will be presented along with a demo of the operation of a service requiring 50 ms fault remediation.

Learnings From the First Year of the OPNFV Internship Program

Ray Paik, Linux Foundation, Serena Feng, ZTE OPNFV launched its Internship program in Q1'2016, and there have been more than 10 interns around the world contributing to different OPNFV activities ranging from cross community CI, documentation, infrastructure, testing, etc. In this talk, there will be an overview of the OPNFV internship program that is different from more traditional internship programs and a discussion on areas for improvement that were identified. A community member who mentored two interns will also share her experience managing interns remotely and her advice for future interns & mentors. Finally, OPNFV interns will give a quick lightening round talk on their internship projects highlighting their contributions to the community. [NOTE: This is designed as a 60-minute session with interns' lightening round talks as 6-8 interns could be attending the OPNFV Summit. Presentations from Serena/Ray is expected to take about 20-25 minutes]

OPNFV and OCP: Perfect Together

Juha Kosonen, Nokia, Mika Rautakumpu, Nokia The Open Compute Project (OCP) is a collaborative community focused on redesigning hardware technology to efficiently support the growing demands on compute infrastructure. The designs have been optimized to lower cost of infrastructure and operations e.g. by removing non-essential components, disaggregating rack level solution with common resources, and simplifying server serviceability. OpenStack provides the foundation for the NFVI and MANO components within OPNFV. OPNFV releases Colorado and recent Danube have been successfully integrated to OCP hardware and running smoothly. Also hardware acceleration is supported. The concept itself has gained a lot of interest from mobile operators, some of them are running OPNFV on top of OCP hardware in their test laboratories too. This presentation will introduce how OpenStack, OCP and OPNFV open source projects fits perfectly together.

The Return of QTIP, from Brahmaputra to Danube

Improving POD Usage in Labs, CI and Testing

Fatih Degirmenci, Ericsson, Jack Morgan, Intel The OPNFV community relies on our community labs, CI and testing projects to ensure we release quality code. The current strategies to use hardware resources in OPNFV community labs will not be able to sustain its current growth. New strategies need to be implemented to allow for new OPNFV projects. The presenters will look at the current lab usage model and discuss ways already being worked in OPNFV community labs through the POD descriptor file. In our CI process through Dynamic CI, Cross Community CI and other initiatives. In our testing projects use of hardware resources and its importance in the release process. The presenters will show current tools used to track usage such as the Bitergia dashboard.

Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...

Zhiqiang Yu, China Mobile, Huabin Tang, China Mobile Open Data Center Committee (ODCC) is co-founded by Baidu, Tencent, Alibaba, China Telecom, China Mobile, Intel, China Academy of Information and Communications Technology (CAICT). It is a non-profit industrial organization, focusing on researching open hardware such as server, data center and open network technologies to meet the growing demand on hardware in Chinese market. Scorpio Multi-node Server is an ODCC project sponsored by China Mobile. It is a 4U size server chassis with 8 compute nodes or 4 storage nodes in maximum. It can also be mixture of different kind of servers, like 4 compute nodes and 2 storage nodes. Compared with traditional ATCA or Blade server, Multi-node Server's advantages include: 1.It is easier and cheaper to extend. 2.It has more choices for compute and storage nodes combination. 3.It is easier to maintain by engineers. 4. Even higher density. 5. 4U is more flexible than 10~14U Blade server. OPNFV develops an integrated and tested open source platform that can be used to build NFV functionality. We are running OPNFV releases Colorado on Scorpio Multi-node smoothly and will try recent Danube on it in China Mobile’s Novonet (Next Generation Network) laboratory. This presentation will introduce how OPNFV and Scorpio Multi-node server fit perfectly together. It's a fully open implementation of open software and open hardware.

Distributed vnf management architecture and use-cases

Sridhar Pothuganti, NXP, Trinath Somanchi, NXP Telco operators are on journey to discover what virtualization means for the network. Markets have believed that NFV architecture elements: NFVI and VIM, hold the complete responsibility in providing virtualized networks with carrier grade properties. Telco operators have reached to a conclusion that VNFs must take their fair share of responsibility to realize NFV goals while meeting carrier-grade behavior in the entire NFV architecture. While the trend moves on, Cloud native VNFs are emerging best citizens of the cloud. Thus communication from EMS to VNFM is blurred and eventually may disappear in the future. This requires better understanding of, and agreement over the role of VNFMs and EMS for VNFs. This presentation describes the evolution of Distributed VNF management, Architectural design considerations and Use-case scenarios. The following proposal is based on a comprehensive study on evolving cloud native VNF management.

Software-defined migration how to migrate bunch of v-ms and volumes within a...

Kentaro Matsumoto, KDDI Corporation, Hyde Sugiyama, Red Hat, Inc As telecom career, we KDDI have been managing thousands of physical servers and run various kinds of workloads. In our operation of such a huge environment, We are frequently required to shut down our servers for maintenance, but it is not easy to negotiate with our tenant users to allow downtime. To make it easier, we are developing the structure called "Zone Migration", using the framework of OpenStack project "Watcher". "Zone Migration" makes it possible to migrate tenants’ workloads from compute nodes and storage devices we want to maintain (source zone) to new blank ones (destination zone) efficiently, automatically, and with minimum downtime. These requirements as follows are realized. -A lot of VMs and volumes should be migrated within a limited time frame -Operations should be automated, but also can be controlled manually -Time and load of migration should be under control so that tenants’ systems will not be affected We are proceeding with the project in cooperation with NEC and Red Hat, and developing this structure on Red Hat OpenStack Platform.

Securing your nfv and sdn integrated open stack cloud- challenges, use-cases ...

Sridhar Pothuganti, NXP, Trinath Somanchi, NXP Network security and reliability are the most challenging tasks in any cloud. With NFV and SDN in place, Network Functions are virtualzied and network traffic is managed in separated control and data planes. Thus reducing the operational and capital expenditure. Virtualized Network Functions are tied with Software Defined Networks to boost the power of virtualization. This itself is challenging when Network services and security is a concern. While OpenStack is the best opted solution for IaaS, many service provides are moving towards best solutions to deal with service delivery and security challenges in SDN and NFV integrated OpenStack Cloud. The Presentation outlines the challenges and proposes probable solutions for NFV and SDN integrated OpenStack Cloud.

My network functions are virtualized, but are they cloud-ready

Ulas Kozat, Huawei, Yaoguang Wang, Huawei In the first phase of telco-cloud vision, the physical network functions are targeted for virtualization and became Virtual Network Functions (VNF) decoupled from the specific hardware platform. As we dive into the second phase of the cloud era, the core need is to provide VNF implementations that can take advantage of what cloud has to offer in terms of utility based computing (a.k.a. scaling), availability, data durability, etc. To this end, we have been developing a VNF Performance Modeling framework for automatic characterization of a particular VNF implementation in terms of its cloud-readiness and its bottlenecks towards cloud-readiness. We will present the details of our performance modeling framework and show its utility based on the existing open source VNF implementations. The next frontier of telco-cloud vision is to develop cloud-native network functions and services. Thus, in the last part of our talk, we will cover the future evolution of the framework and discuss the needs, requirements, potential metrics for evaluating the cloud-nativeness of network functions.

Challenge in asia region connecting each testbed and poc of distributed nfv ...

Shuya Nakama, Okinawa Open Laboratory / NEC Solution Innovators, Eric Chang, Institute for Information Industry, Hideyasu Hayashi, Okinawa Open Laboratory and NEC Solution Innovators, Torii Takashi, NEC Corporation and Okinawa Open Laboratory There are many countries in Asia region those have the motivation to innovate their telecom system and educate new technologies to young engineers. It is important how to encourage and involve these countries to OPNFV communities, and also educate to contribute to open source activities. In these session, we will introduce our trial to the issue. Okinawa Open Laboratories (OOL) in Japan and Institute for Information Industry (III) in Taiwan, have been doing joint research activities in these years about SDN/NFV area, and this year, we have connected each testbed using OPNFV. Over the distributed testbed, we have started our POC of NFV use cases such as vEPC, vCPE etc. We also have communication with several research and academic organization in Asia region, so we would like to connect each country’s testbed and expand our testbed to Asia region. There are many challenges, and we have learned from our experience, so in the session we will share the lessons learned from our trial. That will be good example for the whole community, and help progressing collaboration of global eco system.

More from OPNFV (20)

How to Reuse OPNFV Testing Components in Telco Validation Chain

Energy Audit aaS with OPNFV

Hands-On Testing: How to Integrate Tests in OPNFV

Storage Performance Indicators - Powered by StorPerf and QTIP

Big Data for Testing - Heading for Post Process and Analytics

Testing, CI Gating & Community Fast Feedback: The Challenge of Integration Pr...

How Many Ohs? (An Integration Guide to Apex & Triple-o)

Being Brave: Deploying OpenStack from Master

Upstream Testing Collaboration

Enabling Carrier-Grade Availability Within a Cloud Infrastructure

Learnings From the First Year of the OPNFV Internship Program

OPNFV and OCP: Perfect Together

The Return of QTIP, from Brahmaputra to Danube

Improving POD Usage in Labs, CI and Testing

Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...

Distributed vnf management architecture and use-cases

Software-defined migration how to migrate bunch of v-ms and volumes within a...

Securing your nfv and sdn integrated open stack cloud- challenges, use-cases ...

My network functions are virtualized, but are they cloud-ready

Challenge in asia region connecting each testbed and poc of distributed nfv ...

Recently uploaded

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Free Complete Python - A step towards Data Science

RinaMondal9

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

The Metaverse and AI: how can decision-makers harness the Metaverse for their...

Jen Stirrup

The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives? How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance Osaka Seminar: Overview.pdf

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf