Cloud infrastructure have changed both the way the attacks are made both the methodologies for its protection. In this workshop gave at OpenStack day Italy, Giuseppe Paternò, CTO at GARL, explores the components of OpenStack security and other measures to protect both the infrastructure itself and the applications hosted
This summary provides an overview of the key points from the OpenStack security document:
1. OpenStack is an open source cloud computing platform consisting of several interrelated components like Nova, Swift, Keystone, etc. Each component has its own REST API and is responsible for a certain functionality like compute, storage, identity, etc.
2. The document discusses various security aspects and pain points related to different OpenStack components like authentication tokens, message buses, REST APIs, volumes, and intrusion detection.
3. It also covers strategies for incident response, forensics, and reporting vulnerabilities in OpenStack. Maintaining chain of custody for evidence and providing forensic access to tenants are highlighted.
4. Finally, the
OpenStack security is a huge topic. In these slides I presented at the OpenStack Day, I analyzed cloud security the network to the application layer, going through specific layers, some in common between OpenStack itself and the applications.
Symantec is building a consolidated cloud platform using OpenStack to host its SaaS applications. It is analyzing and improving OpenStack's security posture. Key security concepts for OpenStack's Grizzly release include centralized management, network segmentation, token/PKI authentication, distributed policy management, and auditing/compliance. Areas of focus for securing an OpenStack deployment include message queuing, database security, certificate management, distribution verification, and two-factor authentication.
Holistic Security for OpenStack CloudsMajor Hayden
Nothing clears out a conference room faster than a discussion around information security. Securing complex computer systems, such as OpenStack clouds, is extremely difficult. To make matters worse, attackers can make many mistakes without consequences. A defender’s single mistake could lead to a breach.
Don't let fear rule the discussion around security.
Operators need a simple and scalable method for securing OpenStack clouds. That starts with grouping components into compartments and then looking at how those compartments interact with each other. Those interactions form the backbone of security policies and technical controls.
In this vendor-neutral talk, Major Hayden, principal architect at Rackspace, will break down the complexity of securing OpenStack clouds using real-world scenarios. Attendees will learn how to:
Divide OpenStack deployments into compartments
Analyze the interactions between each component
Develop security policies and apply technical controls
This is a slideshow I made for my Systems Modeling & Simulation class. The presention is intended to be a visual aid in giving a lesson on IPsec and Authentication Headers.
Intro to the FIWARE Lab: Setting Up Your Virtual Infrastructure Using FIWARE Lab Cloud, by Fernando López.
1st FIWARE Summit, Málaga, Dec. 13-15, 2016.
This document provides an overview of Cisco IPsec technology:
- IPsec provides security at the IP layer, enabling encryption and authentication for both IPsec-aware and non-IPsec aware applications. It can be implemented in routers and firewalls to secure all network traffic.
- The Internet Key Exchange (IKE) protocol handles security association and key management for IPsec. Certificates can also be used for authentication.
- VPN Solutions Center uses templates to generate customized Cisco IOS configuration files that can be applied to edge devices along with the standard VPNSC configuration during service provisioning.
HP Helion Webinar #5 - Security Beyond FirewallsBeMyApp
Giuseppe Paternò is an IT security expert who has worked with many large companies. He discussed security issues with OpenStack and cloud applications. Neutron provides software-defined networking and security groups for network segmentation. Keystone handles identity management. APIs must be secured to protect resources and authentication tokens. Continuous security practices like automated testing and monitoring help harden the cloud platform.
This summary provides an overview of the key points from the OpenStack security document:
1. OpenStack is an open source cloud computing platform consisting of several interrelated components like Nova, Swift, Keystone, etc. Each component has its own REST API and is responsible for a certain functionality like compute, storage, identity, etc.
2. The document discusses various security aspects and pain points related to different OpenStack components like authentication tokens, message buses, REST APIs, volumes, and intrusion detection.
3. It also covers strategies for incident response, forensics, and reporting vulnerabilities in OpenStack. Maintaining chain of custody for evidence and providing forensic access to tenants are highlighted.
4. Finally, the
OpenStack security is a huge topic. In these slides I presented at the OpenStack Day, I analyzed cloud security the network to the application layer, going through specific layers, some in common between OpenStack itself and the applications.
Symantec is building a consolidated cloud platform using OpenStack to host its SaaS applications. It is analyzing and improving OpenStack's security posture. Key security concepts for OpenStack's Grizzly release include centralized management, network segmentation, token/PKI authentication, distributed policy management, and auditing/compliance. Areas of focus for securing an OpenStack deployment include message queuing, database security, certificate management, distribution verification, and two-factor authentication.
Holistic Security for OpenStack CloudsMajor Hayden
Nothing clears out a conference room faster than a discussion around information security. Securing complex computer systems, such as OpenStack clouds, is extremely difficult. To make matters worse, attackers can make many mistakes without consequences. A defender’s single mistake could lead to a breach.
Don't let fear rule the discussion around security.
Operators need a simple and scalable method for securing OpenStack clouds. That starts with grouping components into compartments and then looking at how those compartments interact with each other. Those interactions form the backbone of security policies and technical controls.
In this vendor-neutral talk, Major Hayden, principal architect at Rackspace, will break down the complexity of securing OpenStack clouds using real-world scenarios. Attendees will learn how to:
Divide OpenStack deployments into compartments
Analyze the interactions between each component
Develop security policies and apply technical controls
This is a slideshow I made for my Systems Modeling & Simulation class. The presention is intended to be a visual aid in giving a lesson on IPsec and Authentication Headers.
Intro to the FIWARE Lab: Setting Up Your Virtual Infrastructure Using FIWARE Lab Cloud, by Fernando López.
1st FIWARE Summit, Málaga, Dec. 13-15, 2016.
This document provides an overview of Cisco IPsec technology:
- IPsec provides security at the IP layer, enabling encryption and authentication for both IPsec-aware and non-IPsec aware applications. It can be implemented in routers and firewalls to secure all network traffic.
- The Internet Key Exchange (IKE) protocol handles security association and key management for IPsec. Certificates can also be used for authentication.
- VPN Solutions Center uses templates to generate customized Cisco IOS configuration files that can be applied to edge devices along with the standard VPNSC configuration during service provisioning.
HP Helion Webinar #5 - Security Beyond FirewallsBeMyApp
Giuseppe Paternò is an IT security expert who has worked with many large companies. He discussed security issues with OpenStack and cloud applications. Neutron provides software-defined networking and security groups for network segmentation. Keystone handles identity management. APIs must be secured to protect resources and authentication tokens. Continuous security practices like automated testing and monitoring help harden the cloud platform.
Keystone provides unified identity management for OpenStack. It offers authentication, a centralized token service, and policy management. Key capabilities include user/tenant models with role-based access control and pluggable backends. Keystone allows integration with existing authentication systems and provides a service catalog of available APIs and their endpoints.
This document provides instructions for setting up site-to-site IPsec virtual private networks (VPNs) between multiple locations. It explains that IPsec is a common network security standard used to create secure VPN tunnels between networks over public networks. The document then gives step-by-step directions for configuring IPsec VPN connections between two sites, and later expands the configuration to include a third site. The goal is to demonstrate how to securely connect multiple branch office networks through IPsec VPNs.
IPSec VPN provides secure communication over insecure networks using encryption, integrity checks, authentication, and anti-replay features. It uses IKE to establish security associations between peers, exchanging proposals and keys. IKE then uses ESP or AH to encrypt packets and verify integrity using hashes or signatures to prevent tampering. Digital certificates or pre-shared keys authenticate the origins of data through public key infrastructure or shared secrets.
This document provides an overview of IP Security (IPSec) including its architecture, protocols, and concepts. IPSec provides authentication, confidentiality, and key management for IP packets across local area networks, private and public wide area networks, and the Internet. It operates below the transport layer, making it transparent to applications. IPSec uses security associations, security policy databases, and authentication header and encapsulating security payload protocols to secure IP traffic. While useful, it has some challenges with network address translation devices.
Site-to-site IPSec VPN tunnels securely transmit data between two network sites using encryption. ISAKMP and IPSec are used to establish and encrypt the VPN tunnel. ISAKMP phase 1 creates an initial secure tunnel, then phase 2 creates the data transmission tunnel using encryption algorithms. Configuring IPSec requires defining ISAKMP and transform sets, access lists, crypto maps, and applying crypto maps to interfaces.
IP Security (IPSec) provides authentication and confidentiality for IP packets. It uses security associations to define how packets are processed and secured. IPSec supports two main modes - transport mode for host-to-host traffic and tunnel mode for gateway-to-gateway VPNs. It uses the Authentication Header (AH) or Encapsulating Security Payload (ESP) to authenticate packets and optionally provide confidentiality through encryption. However, IPSec faces challenges working through Network Address Translation devices which are common on the Internet.
This document summarizes a research paper that proposes a system to detect Distributed Denial of Service (DDoS) attacks on OpenStack cloud servers using XenServer virtualization and select appropriate countermeasures. The system uses Snort for intrusion detection on target virtual machines. When an attack is detected, algorithms generate an ID and select the most severe alert. Another algorithm then chooses the best countermeasure based on the attack type. The full paper provides details on implementation using tools like XenServer, OpenStack, Snort and Metasploit, as well as descriptions of the proposed detection and countermeasure selection algorithms.
This document provides a quick reference guide for Linux security that includes definitions of common security terms, general security tips, and Linux security resources. It defines terms like buffer overflow, cryptography, denial of service, and port scanning. It offers tips such as using automatic package managers to update software, configuring firewalls and intrusion detection, and enforcing strong password policies. The document also lists various security-related websites, books, and open source tools that can aid in hardening Linux systems.
This document provides an overview of IP Security (IPsec). It discusses how IPsec provides authentication, confidentiality, and key management at the IP layer to secure network traffic. It describes the main components of IPsec including security associations, the security association database, security policy database, and the two main protocols - Authentication Header and Encapsulating Security Payload. It also discusses how IPsec can be used to secure network routing and provides applications of IPsec.
The document provides instructions for setting up virtual infrastructure on FIWARE Lab Cloud. It discusses the basic functionalities including identity services, compute services, storage services and network services. It also covers extended functionalities for deploying applications using blueprint templates which allow defining tiers, software, and network topology and launching blueprint instances.
IPSec is an open standard protocol suite that provides security services like data confidentiality, integrity, and authentication for IP communications. It operates at the network layer and can be used to secure communication between hosts, network devices, and between hosts and devices. The key components of IPSec include Internet Key Exchange (IKE) for setting up Security Associations (SA), the Authentication Header (AH) for data integrity and authentication, and the Encapsulating Security Payload (ESP) for confidentiality, integrity, and authentication.
This document provides instructions for configuring an IPsec VPN using Strongswan on Ubuntu 12.04. It describes setting up connections using pre-shared keys, certificates, and hardware tokens for authentication. The steps include installing Strongswan and dependencies, configuring the ipsec.conf, ipsec.secrets, and strongswan.conf files for each authentication method, and testing the VPN connection. Configuration of the ipsec.conf and ipsec.secrets files varies based on the authentication method, while strongswan.conf requires adding a plugins block when using hardware tokens.
This document discusses IPSec and SSL/TLS as approaches to securing network communications at different layers of the protocol stack. It provides an overview of how IPSec operates at the network/IP layer using techniques like AH and ESP to provide authentication and encryption of IP packets. It also summarizes how SSL/TLS works at the transport layer to establish a secure connection and protect communications between applications using ciphersuites, handshaking, and record layer encryption. The document outlines some strengths and weaknesses of each approach.
The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
IKE and IPsec are used to establish secure VPN tunnels between peers. IKE negotiates IKE Security Associations (SAs) to securely exchange encryption keys. It then uses these keys to protect the negotiation of IPsec SAs. IPsec SAs define the encryption and authentication methods used to secure traffic flows between peers. Crypto maps bind these components together by defining the peer, traffic to secure, encryption transforms, and IKE profiles to use. Show commands display the status of IKE SAs, IPsec SAs and active VPN tunnels for troubleshooting.
IS Unit 8_IP Security and Email SecuritySarthak Patel
This document discusses IP security and email security. It provides an overview of IPSec, including its architecture, services like authentication and encryption, and key management. It also describes how IPSec uses security associations and can operate in transport or tunnel mode. For email security, it discusses PGP and S/MIME, covering how they provide confidentiality, authentication, integrity and non-repudiation for email messages. PGP is described in more detail, outlining its use of public key encryption, digital signatures, compression and encoding for secure email transmission.
This document provides an overview of IPSec, including:
- IPSec aims to secure IP communications by providing authentication, integrity, and confidentiality. It operates in transport and tunnel modes.
- The Internet Key Exchange (IKE) negotiates and establishes security associations to secure communications between two endpoints.
- IPSec policy defines which encryption, hashing, and authentication methods apply to different network traffic using protection suites and proposals.
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
OpenStack Identity Service (Keystone) seminar.
Distributed Systems course at Engineering and Computer Science (ECS), University of Messina.
By Lorenzo Carnevale and Silvio Tavilla.
Seminar’s topics
❖ OpenStack Identity - Keystone (liberty)
❖ Installation and first configuration of Keystone
❖ Identity service configuration
➢ Identity API protection with RBAC
➢ Use Trusts
➢ Certificates for PKI
❖ Hierarchical Projects
❖ Identity API v3 client example
This document provides an overview of an OpenStack workshop held at Kalasalingam Institute of Technology on September 26th 2015. It defines cloud computing and the different cloud models (IaaS, PaaS, SaaS). It then discusses the core OpenStack components like Compute (Nova), Identity (Keystone), Networking (Neutron), Image (Glance), Block Storage (Cinder), Object Storage (Swift), Orchestration (Heat), and Telemetry (Ceilometer). It also covers concepts like hypervisors, security groups, public/private/hybrid clouds. Finally, it provides examples of commands to manage resources using different OpenStack services.
Workshop - Openstack, Cloud Computing, VirtualizationJayaprakash R
This document provides an overview of an OpenStack workshop held at Kalasalingam Institute of Technology on September 26th 2015. It defines cloud computing and the different cloud models (IaaS, PaaS, SaaS). It then discusses the core OpenStack components like Compute (Nova), Identity (Keystone), Networking (Neutron), Image (Glance), Block Storage (Cinder), Object Storage (Swift), Orchestration (Heat), and Telemetry (Ceilometer). It also covers concepts like hypervisors, security groups, networking, and provides examples of CLI commands for interacting with the different services.
Keystone provides unified identity management for OpenStack. It offers authentication, a centralized token service, and policy management. Key capabilities include user/tenant models with role-based access control and pluggable backends. Keystone allows integration with existing authentication systems and provides a service catalog of available APIs and their endpoints.
This document provides instructions for setting up site-to-site IPsec virtual private networks (VPNs) between multiple locations. It explains that IPsec is a common network security standard used to create secure VPN tunnels between networks over public networks. The document then gives step-by-step directions for configuring IPsec VPN connections between two sites, and later expands the configuration to include a third site. The goal is to demonstrate how to securely connect multiple branch office networks through IPsec VPNs.
IPSec VPN provides secure communication over insecure networks using encryption, integrity checks, authentication, and anti-replay features. It uses IKE to establish security associations between peers, exchanging proposals and keys. IKE then uses ESP or AH to encrypt packets and verify integrity using hashes or signatures to prevent tampering. Digital certificates or pre-shared keys authenticate the origins of data through public key infrastructure or shared secrets.
This document provides an overview of IP Security (IPSec) including its architecture, protocols, and concepts. IPSec provides authentication, confidentiality, and key management for IP packets across local area networks, private and public wide area networks, and the Internet. It operates below the transport layer, making it transparent to applications. IPSec uses security associations, security policy databases, and authentication header and encapsulating security payload protocols to secure IP traffic. While useful, it has some challenges with network address translation devices.
Site-to-site IPSec VPN tunnels securely transmit data between two network sites using encryption. ISAKMP and IPSec are used to establish and encrypt the VPN tunnel. ISAKMP phase 1 creates an initial secure tunnel, then phase 2 creates the data transmission tunnel using encryption algorithms. Configuring IPSec requires defining ISAKMP and transform sets, access lists, crypto maps, and applying crypto maps to interfaces.
IP Security (IPSec) provides authentication and confidentiality for IP packets. It uses security associations to define how packets are processed and secured. IPSec supports two main modes - transport mode for host-to-host traffic and tunnel mode for gateway-to-gateway VPNs. It uses the Authentication Header (AH) or Encapsulating Security Payload (ESP) to authenticate packets and optionally provide confidentiality through encryption. However, IPSec faces challenges working through Network Address Translation devices which are common on the Internet.
This document summarizes a research paper that proposes a system to detect Distributed Denial of Service (DDoS) attacks on OpenStack cloud servers using XenServer virtualization and select appropriate countermeasures. The system uses Snort for intrusion detection on target virtual machines. When an attack is detected, algorithms generate an ID and select the most severe alert. Another algorithm then chooses the best countermeasure based on the attack type. The full paper provides details on implementation using tools like XenServer, OpenStack, Snort and Metasploit, as well as descriptions of the proposed detection and countermeasure selection algorithms.
This document provides a quick reference guide for Linux security that includes definitions of common security terms, general security tips, and Linux security resources. It defines terms like buffer overflow, cryptography, denial of service, and port scanning. It offers tips such as using automatic package managers to update software, configuring firewalls and intrusion detection, and enforcing strong password policies. The document also lists various security-related websites, books, and open source tools that can aid in hardening Linux systems.
This document provides an overview of IP Security (IPsec). It discusses how IPsec provides authentication, confidentiality, and key management at the IP layer to secure network traffic. It describes the main components of IPsec including security associations, the security association database, security policy database, and the two main protocols - Authentication Header and Encapsulating Security Payload. It also discusses how IPsec can be used to secure network routing and provides applications of IPsec.
The document provides instructions for setting up virtual infrastructure on FIWARE Lab Cloud. It discusses the basic functionalities including identity services, compute services, storage services and network services. It also covers extended functionalities for deploying applications using blueprint templates which allow defining tiers, software, and network topology and launching blueprint instances.
IPSec is an open standard protocol suite that provides security services like data confidentiality, integrity, and authentication for IP communications. It operates at the network layer and can be used to secure communication between hosts, network devices, and between hosts and devices. The key components of IPSec include Internet Key Exchange (IKE) for setting up Security Associations (SA), the Authentication Header (AH) for data integrity and authentication, and the Encapsulating Security Payload (ESP) for confidentiality, integrity, and authentication.
This document provides instructions for configuring an IPsec VPN using Strongswan on Ubuntu 12.04. It describes setting up connections using pre-shared keys, certificates, and hardware tokens for authentication. The steps include installing Strongswan and dependencies, configuring the ipsec.conf, ipsec.secrets, and strongswan.conf files for each authentication method, and testing the VPN connection. Configuration of the ipsec.conf and ipsec.secrets files varies based on the authentication method, while strongswan.conf requires adding a plugins block when using hardware tokens.
This document discusses IPSec and SSL/TLS as approaches to securing network communications at different layers of the protocol stack. It provides an overview of how IPSec operates at the network/IP layer using techniques like AH and ESP to provide authentication and encryption of IP packets. It also summarizes how SSL/TLS works at the transport layer to establish a secure connection and protect communications between applications using ciphersuites, handshaking, and record layer encryption. The document outlines some strengths and weaknesses of each approach.
The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
IKE and IPsec are used to establish secure VPN tunnels between peers. IKE negotiates IKE Security Associations (SAs) to securely exchange encryption keys. It then uses these keys to protect the negotiation of IPsec SAs. IPsec SAs define the encryption and authentication methods used to secure traffic flows between peers. Crypto maps bind these components together by defining the peer, traffic to secure, encryption transforms, and IKE profiles to use. Show commands display the status of IKE SAs, IPsec SAs and active VPN tunnels for troubleshooting.
IS Unit 8_IP Security and Email SecuritySarthak Patel
This document discusses IP security and email security. It provides an overview of IPSec, including its architecture, services like authentication and encryption, and key management. It also describes how IPSec uses security associations and can operate in transport or tunnel mode. For email security, it discusses PGP and S/MIME, covering how they provide confidentiality, authentication, integrity and non-repudiation for email messages. PGP is described in more detail, outlining its use of public key encryption, digital signatures, compression and encoding for secure email transmission.
This document provides an overview of IPSec, including:
- IPSec aims to secure IP communications by providing authentication, integrity, and confidentiality. It operates in transport and tunnel modes.
- The Internet Key Exchange (IKE) negotiates and establishes security associations to secure communications between two endpoints.
- IPSec policy defines which encryption, hashing, and authentication methods apply to different network traffic using protection suites and proposals.
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
OpenStack Identity Service (Keystone) seminar.
Distributed Systems course at Engineering and Computer Science (ECS), University of Messina.
By Lorenzo Carnevale and Silvio Tavilla.
Seminar’s topics
❖ OpenStack Identity - Keystone (liberty)
❖ Installation and first configuration of Keystone
❖ Identity service configuration
➢ Identity API protection with RBAC
➢ Use Trusts
➢ Certificates for PKI
❖ Hierarchical Projects
❖ Identity API v3 client example
This document provides an overview of an OpenStack workshop held at Kalasalingam Institute of Technology on September 26th 2015. It defines cloud computing and the different cloud models (IaaS, PaaS, SaaS). It then discusses the core OpenStack components like Compute (Nova), Identity (Keystone), Networking (Neutron), Image (Glance), Block Storage (Cinder), Object Storage (Swift), Orchestration (Heat), and Telemetry (Ceilometer). It also covers concepts like hypervisors, security groups, public/private/hybrid clouds. Finally, it provides examples of commands to manage resources using different OpenStack services.
Workshop - Openstack, Cloud Computing, VirtualizationJayaprakash R
This document provides an overview of an OpenStack workshop held at Kalasalingam Institute of Technology on September 26th 2015. It defines cloud computing and the different cloud models (IaaS, PaaS, SaaS). It then discusses the core OpenStack components like Compute (Nova), Identity (Keystone), Networking (Neutron), Image (Glance), Block Storage (Cinder), Object Storage (Swift), Orchestration (Heat), and Telemetry (Ceilometer). It also covers concepts like hypervisors, security groups, networking, and provides examples of CLI commands for interacting with the different services.
OpenStack - Security Professionals Information ExchangeCybera Inc.
This document provides an introduction to OpenStack and discusses infrastructure as a service (IaaS). It outlines the OpenStack architecture including object storage, image service, and compute components. It also covers OpenStack security fundamentals like keypairs, security groups, and floating IPs. The document discusses IaaS security best practices and OpenStack vulnerability management. It lists some OpenStack projects and other related technologies.
OpenStack Neutron Havana Overview - Oct 2013Edgar Magana
Presentation about OpenStack Neutron Overview presented during three meet-ups in NYC, Connecticut and Philadelphia during October 2013 by Edgar Magana from PLUMgrid
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
OpenStack Identity Service (Keystone) seminar.
Distributed Systems course at Engineering and Computer Science (ECS), University of Messina.
By Lorenzo Carnevale and Silvio Tavilla.
Seminar’s topics
❖ OpenStack Identity - Keystone (kilo)
❖ Installation and first configuration of Keystone
❖ Workshop
❖ Identity service configuration
➢ Identity API protection with RBAC
➢ Use Trusts
➢ Certificates for PKI
❖ Hierarchical Projects
❖ Identity API v3 client example
Using Ansible Tower to implement security policies and telemetry streaming fo...Joel W. King
Network analytics provides insight to the traffic flow between applications and endpoints. Telemetry data is streamed in real-time from software sensors and network devices to big-data clusters. Implementing the policy to create a whitelist-based segmentation and zero-trust model requires automation when dealing with tens of thousands of workloads and complex rules.
This session examines how Cisco Tetration Analytics provides an accurate inventory of devices, software packages and version information to detect software vulnerabilities and implement a zero-trust policy model on network fabrics, firewalls and application delivery controllers.
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
Network engineers increasingly must view the network as one big software system, which streams telemetry data from software sensors and network devices to an analytics engine.
To implement the whitelist-based segmentation and zero-trust policy model generated from the data analysis, automation is a requirement when dealing with tens of thousands of workloads and complex rules.
This session examines how Cisco Tetration Analytics combined with automation can be used to implement a zero-trust policy model on multi-vendor network fabrics, firewalls and application delivery controllers.
The software-defined data center paradigm (in all its parts: computing, networking, storage, etc. ) might bring agility and efficiency increasing in an IT organization.
In order to improve operational efficiency we will show how to enable IT departments to deploy, configure and manage virtual resources by code. In particular, we will show how to operate with OpenStack, the most important open source cloud project, using Openstack4J, a Java OpenStack client SDK which allows provisioning and control of an OpenStack deployment.
New and smart way to develop microservice for istio with micro profileEmily Jiang
The new and smart way to develop microservices for Istio - Eclipse MicroProfile
Focus on MicroProfile and demonstrate 8 MicroProfile specifications with some overview on Istio
This document provides an overview and hands-on for OpenStack. It outlines the agenda which includes an OpenStack overview, introducing core and optional projects like Nova, Neutron, Glance, and Horizon, and hands-on for installing CentOS and RDO using Packstack. Key steps for the hands-on include setting up CentOS, installing RDO repository and Packstack, generating an answer file, and running Packstack for installation. Administration tasks like creating networks and instances are also mentioned.
Keystone is the identity service for OpenStack. It provides user management, authentication, and a service catalog. Keystone has four main internal services - Identity, Token, Catalog, and Policy. It uses a pluggable backend architecture that allows different storage backends. Keystone provides centralized authentication and authorization for all OpenStack services.
This document provides an overview of OpenStack Neutron, the networking component of OpenStack. It describes Neutron's architecture and components, how it uses Linux networking and Open vSwitch, and how network packets flow through the Neutron distributed virtual router architecture. Key concepts covered include Neutron plugins, agents, GRE tunnels, Linux network namespaces, and east-west vs north-south traffic flows in a DVR configuration.
The document provides information about installing and configuring OpenStack including:
1) It describes the hardware, software and networking requirements for the control and compute nodes when installing OpenStack.
2) It explains the different deployment options for OpenStack including all-in-one, multiple control and compute nodes, and different options for separating services.
3) It provides steps for installing OpenStack using Packstack, including generating SSH keys, editing the answer file and starting the deployment.
4) It gives an overview of the message broker services used by OpenStack and describes how to configure RabbitMQ or Qpid as the message broker.
How APIs are Transforming Cisco Solutions and Catalyzing an Innovation EcosystemCisco DevNet
This document discusses how APIs are transforming Cisco solutions and catalyzing an innovation ecosystem. It outlines Cisco's DevNet strategy of making the developer the customer and accelerating market opportunities through a vibrant developer ecosystem built on programmable platforms and APIs. It describes how network programmability, APIs, cloudification, new applications and experiences, developer tools, and open source collaboration are driving network innovation and helping developers build solutions.
Keystone is the OpenStack identity service that provides user, project and service catalog management. It implements the OpenStack Identity API. Keystone has four internal services - Identity, Token, Catalog and Policy. It uses a pluggable backend architecture that allows different storage backends. Keystone provides authentication for users and services in OpenStack and maps users to their authorized projects and roles.
Interop Tokyo 2014 SDI (Software Defined Infrustructure) ShowCase Seminoar Presentation. The presentation covers Neutron API models (L2/L3 and Advanced Network services), Neutron Icehouse Update and Juno topics.
GDL OpenStack Community - Openstack IntroductionVictor Morales
OpenStack is an open source software platform for building private and public clouds. It allows companies to build their own clouds that provide infrastructure as a service. The software controls large pools of compute, storage, and networking resources throughout a datacenter, all managed through APIs. DevStack is a tool that developers use to quickly deploy OpenStack locally for testing their code changes before they are reviewed. It builds a complete OpenStack development environment on a single node.
Similar to Openstack: security beyond firewalls (20)
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Mind map of terminologies used in context of Generative AI
Openstack: security beyond firewalls
1. OpenStack: Security beyond firewalls
MAKING THE CLOUD A SAFER SPACE
Giuseppe “Gippa” Paternò, Network & Security NERD
30th May 2014 * OpenStackDay Italy
Twitter: @gpaterno - Website: www.gpaterno.com
2. About me
IT security products and virtualization services focused on identity protection on the Cloud, as the user is
became the ultimate perimeter of a never ending distributed model.
HQ based in Switzerland and whose servers are located in Switzerland.
User privacy is protected by strict Swiss privacy regulations, no UE or US exceptions allowed.
IT Architect and Security Expert with background in Open Source.
Former Network and Security architect for Canonical, RedHat, Wind/
Infostrada, Sun Microsystems and IBM and Visiting Researcher at the
University of Dublin Trinity College.
Past projects: standard for J2ME Over-The-Air (OTA) provisioning along with
Vodafone, the study of architecture and standards for the delivery of MHP
applications for the digital terrestrial television (DTT) on behalf of DTT Lab
(Telecom Italia/LA7) and implementation of HLR for Vodafone landline services.
Lot of writings, mainly on computer security.
CTO and Director of GARL, a multinational company based in Switzerland and
UK, owner of SecurePass and SecureData.
TM
Secure
Data beta
BANK OF
PASSWORDS
3. 62%
Increase
breaches in 2013(1)
1 in 5
Organizations have
experienced an APT
attack (4)
3 Trillion$
Total global impact of
cybercrime(3)
8 months
Is the average time an
advanced threat goes
unnoticed on victim’s
network(2)
2,5 billion
Exposed records as
results of a data
breach in the past 5
years(5)
1,3,5: Increased cyber security can save global economy trillions, McKinsey/World Economic Forum, January 2014 2: M-Trends 2013: attack the security gap, Mandiant, March
2013 4: ISACA’s 2014 APT study, ISACA, April 2014. Source: ISACA Cyber Security Nexus
Too many threats
6. Linux Namespaces
Used in OpenStack, widely adopted in
Neutron, it was Originally created for Linux
Control Groups (aka cgroups)
PID namespaces
isolate the process ID number
space so that processes in
different PID namespaces can
have the same PID
Network
namespaces
provide isolation of the
system resources
associated with networking
User namespaces
isolate the user and group ID
number spaces.
Mount namespaces
isolate the set of filesystem
mount points seen by a
group of processes.
Mentioning:
IPC and Unix Time-Sharing
(UTS) namespaces
7. Neutron Server runs on
Controller, expose APIs,
enforce network model,
pass to Neutron Plugin
Neutron Plugin runs on
Controller, implements
APIs, every vendor can
create its own
“implementation” (ex:
Cisco, Juniper, ...)
Plugin Agent, run on
each compute node and
connect instances to the
virtual network
Default implementation
based on OpenVSwitch
OpenFlow to be set as
fundamental open
protocol for building SDN
OpenStack Neutron
Software-Defined Network in
OpenStack, it answer RESTful APIs.
Still no “industry” standard for encapsulating VLANs over L3, VXLANs set to be a
preferred choice but any vendor has its choice (ex: Juniper has MPLS over IP)
8. Namespaces enables
multiple instances of a
routing table to co-exist
within the same Linux box
Network namespaces
make it possible to
separate network
domains (network
interfaces, routing tables,
iptables) into completely
separate and independent
virtual datacenters
Advantage of
namespaces
implementation in
Neutron is that tenants
can create overlapping IP
addresses and
independent routing
schema
The neutron-l3-agent is
designed to use network
namespaces to provide
multiple independent
virtual routers per node.
OpenStack Neutron and Network
Namespaces
9. List Namespaces
Show firewall rules in a virtual router
Example of Network Namespaces
# ip netns
qrouter-a88f89b6-5505-4bc2-8993-57ae1f010895
qdhcp-bebd6bc8-2bd0-4bdd-890c-9657faf80444
# ip netns exec qrouter-a88f89b6-5505-4bc2-8993-57ae1f010895
iptables -L -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 neutron-l3-agent-INPUT all -- * *
0.0.0.0/0 0.0.0.0/0
11. OpenStack Neutron FWaaS
Firewall as a Service in Neutron
Different from the
Security Groups in the
instance
Default to IPtables
support into tenant’s ip
NameSpace
12. OpenStack Neutron VPNaaS
Neutron has capability to handle per-tenant VPNs, named VPN-as-a-Service
Based on IPSec, just implementing IKE with “PSK” authentication mode rather
than using certificates
Suited for site-to-site VPNs
and provide Hybrid cloud
Implemented on top of IP NameSpaces (“ip netns add vpn”)
Draft exists on bringing OpenVPN to Neutron
Not suited for “roadwarriors”, i.e. clients connection
15. APIsApplication
APIs
APIs are your point of contact
from external world,
you must make them highly secure
Firewall are not enough!
Anything can be sent over HTTP/
HTTPS.
REST, XML-RPC, ...
Web-based APIs
16. Usernames and passwords, session tokens and API keys must never
appear in the URL (Proxy caching and logging)
Allow only selected HTTP methods
Protect privileged actions and sensitive resource collections
Validate inputs and enforce typing of values
Validate incoming Content-Type and other headers
Encrypt data in transit
Validation also apply to payload: JSON, XML or whatsoever
General APIs best practices
17. OpenStack APIs
All OpenStack software is based on
APIs, consumed from End customers
and tools to access the platform
programmatically
Among OpenStack components, is a
way of decoupling components
implementations
Easily from
“curl” tools
OpenStack
Command
Line tools
REST clients
OpenStack
Software
Development
Kit (SDK)
RESTFUL API
19. 1. Obtain a Token
curl -d '{"auth":{"tenantName": "customer-x", "passwordCredentials":
{"username": "joeuser", "password": "secrete"}}}' -H "Content-type:
application/json" http://localhost:35357/v2.0/tokens
2. Consume the API (through the obtained token):
curl -i -X GET http://localhost:35357/v2.0/tenants -H "User-Agent:
python-keystoneclient" -H "X-Auth-Token: token"
OpenStack APIs Workflow
20. The token request will reveal the endpoints URLs: Compute/Nova, S3,Image/
Glance, Volume/Cinder, EC2, Identity/Keystone
Revealing the EndPoints
21. Isolate API endpoint
processes, especially
those that reside within
the public security
domain should be
isolated as much as
possible. API endpoints
should be deployed on
separate hosts for
increased isolation.
Apply Defense-in-Depth
concept: configure
services, host-based
firewalls, local policy
(SELinux or AppArmor),
and optionally global
network policy.
Use Linux namespaces
to assign processes into
independent domains
Use network ACLs and
IDS technologies to
enforce explicit point to
point communication
between network
services (ex: wire-level
ACLs in L3 switches)
OpenStack APIs best practices
22. Isolate API endpoint processes from each other and other processes
on a machine.
Use Mandatory Access Controls (MAC) on top of Discretionary
Access Controls to segregate processes, ex: SE-Linux
Objective: containment and escalation of API endpoint security
breaches.
Use of MACs at the OS level severely limit access to resources and
provide earlier alerting on such events.
Mandatory Access Control in APIs
23. RESTful APIs, mixture of POST (in
request) and JSON (in response),
Channel encrypted with TLS high
cypher, Based on APP ID and APP
Secret
Example: /api/v1/users/info
Ex: SecurePass NG (Dreamliner) APIs Security
in functionalities, APP ID
read-only or read-write
in network, APP ID can be
limited to a given IPv4/IPv6
in domain, APP ID is linked
to only a specific realm/
domain
25. User management: keep tracks
of users, roles and permissions
Service catalog: Provide a
catalog of what services are
available and where the
OpenStack APIs EndPoint are
located
OpenStack Keystone
Provides Identity, Token, Catalog
and policy services for uses
inside the OpenStack family and
implements OpenStack’s
Identity APIs
26. Users
A user represent a
human user and has
associated information
such as username,
password and e-mail
Tenants
A tenant can represent
a customer,
organization or a group.
Roles
A role is what
operations a user is
permitted to perform in
a given tenant
OpenStack Identity Management
Keystone permit the following back-ends for IDMs:
SQL Backend (SQLAlchemy, it’s python), PAM, LDAP and custom plugins
27. Catching username and
passwords means reveal the
whole OpenStack infrastructure
and control it!
$ curl -d '{"auth":{"tenantName":
"customer-x",
"passwordCredentials":
{"username": "joeuser",
"password": "secrete"}}}' -H
"Content-type: application/json"
http://localhost:35357/v2.0/
tokens
OpenStack Keystone
28. 10 millionsof victims of identity
theft in USA in 2008
(Javelin Strategy and Research,
2009)
221 billions $lost every year due to identity
theft (Aberdeen Group)
35 billioncorporate and government
records compromised in 2010
(Aberdeen Group)
2 years
of a working resource to
correct damages due to
identity theft (ITRC Aftermath Study,
2004)
2 billions $damages reported in Italy in
2009 (Ricerca ABI)
The victims of identity theft
29. Security must be
simple and
transparent to the
end user, otherwise
it will be
circumvented!
Identity best practices in applications
Strong authentication of the users
GeoIP
Patches, patches and patches!
Secure application programming
31. <Directory /srv/www/myapp>
AllowOverride None
Order allow,deny
allow from all
AuthType CAS
require spgroup mygroup@company.com
</Directory>
Example of Web identity protection
Require access
through
the SecurePass
SSO portal
with 2FA
Restrict to a
dynamic group
(with GeoIP)
33. My accountant has his desktop computer broken, he
has no time to change it, need something “always
available” and in a restricted budget
He needs Windows for his accounting software
He has no office and works from home sometimes, he
needs to access his desktop from ideally from his TV
He wants to connect from his customers’, but not
always a computer available for him
He need emergency way of accessing the desktop from
customers’ or from Internet Cafes (ex: on holidays)
Must provide a secure access as he holds very
confidential data
Case Study: Overview & Requirements
34. From home, access the platform with
an Android Mini-PC on existing HDMI
TV, keyboard and a VPN with Mikrotik
device
(Equipment ~120 EUR)
When at customer, access the platform
with the existing Samsung Android
tablet. Added bluetooth Keyboard +
Mouse and OpenVPN
(K+M ~60 EUR)
Emergency access provided with an
RDP HTML5 gateway
OpenStack as the operational platform
SecurePass as a security mechanism to
protect access to his virtual desktop
Case Study: Solution
Virtualize his existing desktop system