The last 3 years have seen a major shift in how Hollywood film studios view public cloud usage. WIth an increased awareness and generally acceptance of the security and scalability these clouds offers to the VFX and animation vendors creating pre-release content, the focus has now shifted to ensuring best practices implementation.
Speaker: Adrian Graham, Google
Building Highly Scalable Immersive Media Solutions on AWSETCenter
Immersive media content such as 360 degree video places a unique set of demands on cloud-based infrastructure from a complete end to end solution point of view. A key goal for any solution of this nature is to keep costs low while not impacting availability, scale and compute performance. In this talk we will look at how to solve ingest, processing, storage and delivery of live and on-demand content for immersive media delivery, and present a reference design for 360 degree streaming using best-practice architectural patterns.
Speakers: Konstantin Wilms, Principal Solutions Architect M&E, AWS and Chad Schmutzer, Specialist Solutions Architect SPOT, AWS
Cloud Transition Patterns for Media EnterprisesETCenter
On one hand media enterprises using workflows involving thick apps and traditional server based workflows have business opportunities of lifting and shifting from on-prem infrastructure to off-prem cloud or centralized data centers. On the other hand, cloud native micro-services architectures and web apps provide options to implement new services and apps rapidly and dynamically. This talk provides insights into the different hosting patterns observed from these media enterprises, and discusses a common framework provided by Avid’s Media Central Platform to realize the business opportunities under the different hosting models.
Speaker : Shailendra Mathur, VP Architecture, AVID
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Amazon Web Services
Deep dive into how Amazon ECS can enable secure, natively addressable, and highly performant network interfaces for containers using the recently launched the awsvpc task networking mode. In this session, we focus on how CNI plugins were integrated with the Amazon ECS container agent and discuss the backend changes necessary to enable elastic network interface provisioning for tasks. Shakeel Sorathia, VP of engineering at FOX Digital, discusses best practices for working with Amazon ECS to enable such use cases as network isolation and IP-based routing for service discovery.
"Microservices for Startups: Implementation Patterns with Amazon ECS" by Donnie Prakoso, AWS Technology Evangelist, ASEAN presented as part of Container Conference 2018
"Container technology provides unparalleled improvements in efficiency and agility of packaging and deploying applications, and hence are becoming the de-facto method for deploying microservices. However, using containers for running services at scale has required that operations team handle complex, dynamically changing infrastructure requirements, or run the risk or under/over-provisioning infrastructure. Let's explore together best practices for developing microservices with containers on AWS services while running them at scale."
URL: www.containerconf.in
MAE405_Build a 360° Immersive Media Video Solution on AWSAmazon Web Services
In this workshop, participants will learn how to build and deploy a solution capable of ingest and delivery of live 360 degree immersive video. We will build infrastructure using Amazon EC2 Spot Instances, Amazon S3, and Amazon CloudFront, and learn how video can be transcoded for adaptive bitrate-based OTT streaming. We will also record the live video and transcode it using Amazon Elastic Transcoder along with Amazon S3 event notifications. Finally, we will host and deploy an HTML5 web player capable of displaying and panning the 360 degree content. Bring a laptop, and have an AWS account with IAM admin privileges that includes full access to Amazon EC2, EC2 Spot Instances, AWS CloudFormation, Amazon S3 and Amazon CloudFront. An Android or iOS tablet is optional.
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...Amazon Web Services
This session examines AWS’ approach to security for digital content. It examines the key security issues with regard to data at rest and in motion as well as the portfolio of services that AWS provides to address these issues. The presentation outlines the shared security model for customers to understand their responsibilities and explains AWS’ alignment to the MPAA security guidelines.
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...Amazon Web Services
Matt Garman, Vice President of AWS Compute Services, will introduce the latest innovations in the Compute space. At this session, we will be announcing new Compute capabilities, as well as insights into some of the underlying thinking of what makes the AWS Compute business unique. This session will cover new announcements around capabilities for EC2 instances, EC2 networking, EC2 Spot Instances, Amazon Lightsail, Containers and Serverless. Matt will also be joined by executives from our customers and partners, including GE CTO Chris Drumgoole, Heroku CEO Adam Gross, and Autodesk Chief of Product and Cloud Security Reeny Sondhi, who will share valuable success stories of how Amazon EC2 has helped their journey to digital transformation.
Building Highly Scalable Immersive Media Solutions on AWSETCenter
Immersive media content such as 360 degree video places a unique set of demands on cloud-based infrastructure from a complete end to end solution point of view. A key goal for any solution of this nature is to keep costs low while not impacting availability, scale and compute performance. In this talk we will look at how to solve ingest, processing, storage and delivery of live and on-demand content for immersive media delivery, and present a reference design for 360 degree streaming using best-practice architectural patterns.
Speakers: Konstantin Wilms, Principal Solutions Architect M&E, AWS and Chad Schmutzer, Specialist Solutions Architect SPOT, AWS
Cloud Transition Patterns for Media EnterprisesETCenter
On one hand media enterprises using workflows involving thick apps and traditional server based workflows have business opportunities of lifting and shifting from on-prem infrastructure to off-prem cloud or centralized data centers. On the other hand, cloud native micro-services architectures and web apps provide options to implement new services and apps rapidly and dynamically. This talk provides insights into the different hosting patterns observed from these media enterprises, and discusses a common framework provided by Avid’s Media Central Platform to realize the business opportunities under the different hosting models.
Speaker : Shailendra Mathur, VP Architecture, AVID
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Amazon Web Services
Deep dive into how Amazon ECS can enable secure, natively addressable, and highly performant network interfaces for containers using the recently launched the awsvpc task networking mode. In this session, we focus on how CNI plugins were integrated with the Amazon ECS container agent and discuss the backend changes necessary to enable elastic network interface provisioning for tasks. Shakeel Sorathia, VP of engineering at FOX Digital, discusses best practices for working with Amazon ECS to enable such use cases as network isolation and IP-based routing for service discovery.
"Microservices for Startups: Implementation Patterns with Amazon ECS" by Donnie Prakoso, AWS Technology Evangelist, ASEAN presented as part of Container Conference 2018
"Container technology provides unparalleled improvements in efficiency and agility of packaging and deploying applications, and hence are becoming the de-facto method for deploying microservices. However, using containers for running services at scale has required that operations team handle complex, dynamically changing infrastructure requirements, or run the risk or under/over-provisioning infrastructure. Let's explore together best practices for developing microservices with containers on AWS services while running them at scale."
URL: www.containerconf.in
MAE405_Build a 360° Immersive Media Video Solution on AWSAmazon Web Services
In this workshop, participants will learn how to build and deploy a solution capable of ingest and delivery of live 360 degree immersive video. We will build infrastructure using Amazon EC2 Spot Instances, Amazon S3, and Amazon CloudFront, and learn how video can be transcoded for adaptive bitrate-based OTT streaming. We will also record the live video and transcode it using Amazon Elastic Transcoder along with Amazon S3 event notifications. Finally, we will host and deploy an HTML5 web player capable of displaying and panning the 360 degree content. Bring a laptop, and have an AWS account with IAM admin privileges that includes full access to Amazon EC2, EC2 Spot Instances, AWS CloudFormation, Amazon S3 and Amazon CloudFront. An Android or iOS tablet is optional.
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...Amazon Web Services
This session examines AWS’ approach to security for digital content. It examines the key security issues with regard to data at rest and in motion as well as the portfolio of services that AWS provides to address these issues. The presentation outlines the shared security model for customers to understand their responsibilities and explains AWS’ alignment to the MPAA security guidelines.
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...Amazon Web Services
Matt Garman, Vice President of AWS Compute Services, will introduce the latest innovations in the Compute space. At this session, we will be announcing new Compute capabilities, as well as insights into some of the underlying thinking of what makes the AWS Compute business unique. This session will cover new announcements around capabilities for EC2 instances, EC2 networking, EC2 Spot Instances, Amazon Lightsail, Containers and Serverless. Matt will also be joined by executives from our customers and partners, including GE CTO Chris Drumgoole, Heroku CEO Adam Gross, and Autodesk Chief of Product and Cloud Security Reeny Sondhi, who will share valuable success stories of how Amazon EC2 has helped their journey to digital transformation.
If you want to deliver videos to all consumers on all devices, building such workloads is complex, time consuming, and expensive. Now, it is fast and easy to implement video-on-demand workflows on AWS and distribute video content to a global audience. Companies, small or large and in various industries, can deliver streaming video without complex professional video tools. In this session, learn how to build complex video workflows entirely in code using AWS services.
Network design considerations when connecting to a public cloud service like AWS or Azure.
How does an AWS Direct Connect work, when to use the Internet and when to use a more guaranteed performance environment like a Private IP Network / MPLS network.
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
Your application is exposed to a variety of threats from common distributed attacks to sophisticated zero-day vectors. Learn how to architect beyond the region and take advantage of the AWS Edge Network and upgrade your security posture with easy to deploy solutions that scale. At this session you will learn how to I ensure your application will withstand malicious threats and DDoS attacks, what role does architecture play in your security posture, and how professional services and partners like Flux7 can help.
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Amazon Web Services
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and manage the encryption keys used to encrypt your data. In this session, we will dive deep into best practices learned by implementing AWS KMS at AWS’ largest enterprise clients. We will review the different capabilities described in the AWS Cloud Adoption Framework (CAF) Security Perspective and how to implement these recommendations using AWS KMS. In addition to sharing recommendations, we will also provide examples that will help you protect sensitive information on the AWS Cloud.
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Amazon Web Services
This session focuses on best practices for connectivity between many virtual private clouds (VPCs), including the Transit VPC. We review how the Transit VPC works and use cases for centralization, network security, and connectivity. We include best practices for multiple accounts, multiple regions, and designing for scale. In addition, we also review some of the variants and extensions to the Transit VPC, including how to customize your own.
Build end-to-end video experiences with Azure Media ServicesKen Cenerelli
In this presentation you will see how to use Microsoft Azure Media Services to upload, package, secure, distribute and view your videos. Presented November 15, 2014 at the London Azure Camp hosted by the London .NET Developers group in London, Ontario, Canada.
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Amazon Web Services
If you ask 10 teams why they migrated to containers, you will likely get answers like ‘developer productivity’, ‘cost reduction’, and ‘faster scaling’. But teams often find there are several other ‘hidden’ benefits to using containers for their services. In this talk, Franziska Schmidt, Platform Engineer at Mapbox and Yaniv Donenfeld from AWS will discuss the obvious, and not so obvious benefits of moving to containerized architecture. These include using Docker and ECS to achieve shared libraries for dev teams, separating private infrastructure from shareable code, and making it easier for non-ops engineers to run services.
Preparing for AWS Certification & Advanced Security TrainingAmazon Web Services
by Stuart Elston, Business Development Manager, AWS Training & Certification
An overview of more in-depth AWS certification and training available to help you further your career, with an expert Q&A session.
The session covers how Cisco SD-WAN can be used to extend the WAN connectivity to AWS. We show how the Viptela-based SD-WAN solution accelerates the path to cloud migration while maintaining the application SLA using the policy-based app fabric model. We cover Viptela's cloud-first network management, orchestration, and overlay technologies with industry-leading routing platforms, services, and SD-WAN capabilities from Cisco. We also cover how a customer deployed Cisco SD-WAN and the benefits they achieved, how a customer extended Cisco SD-WAN fabric to AWS, and the benefits of consistent security and segmentation, policy, network visibility, and connectivity options across branch, campus, data center, and cloud. This session is brought to you by AWS Partner, Cisco.
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017Amazon Web Services
VMWare Cloud on AWS allows your teams to migrate existing assets to the AWS Cloud quickly by using tools you are already familiar with. VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. This session uses practical, real world customer deployment examples to dives deep on hybrid cloud network connectivity, data protection best practices, and AWS native service integrations. Attendees will walk away with practical guidance and tips on getting the best of both worlds with VMware and AWS hybrid cloud solution.
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
End users expect to be able to view static, dynamic, and streaming content anytime, anywhere, and on any device. Amazon CloudFront is a web service that accelerates delivery of your websites, APIs, video content, or other web assets to end users around the globe with low latency, high data transfer speeds, and no commitments. In this session, learn what a content delivery network (CDN) such as Amazon CloudFront is and how it works, the benefits it provides, common challenges and needs, performance, recently released features and examples of how customers are using CloudFront. You will also learn about recustomizing content delivery through AWS Lambda@Edge - a serverless compute service that lets you execute functions to customize the content delivered through CloudFront.
If you want to deliver videos to all consumers on all devices, building such workloads is complex, time consuming, and expensive. Now, it is fast and easy to implement video-on-demand workflows on AWS and distribute video content to a global audience. Companies, small or large and in various industries, can deliver streaming video without complex professional video tools. In this session, learn how to build complex video workflows entirely in code using AWS services.
Network design considerations when connecting to a public cloud service like AWS or Azure.
How does an AWS Direct Connect work, when to use the Internet and when to use a more guaranteed performance environment like a Private IP Network / MPLS network.
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
Your application is exposed to a variety of threats from common distributed attacks to sophisticated zero-day vectors. Learn how to architect beyond the region and take advantage of the AWS Edge Network and upgrade your security posture with easy to deploy solutions that scale. At this session you will learn how to I ensure your application will withstand malicious threats and DDoS attacks, what role does architecture play in your security posture, and how professional services and partners like Flux7 can help.
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Amazon Web Services
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and manage the encryption keys used to encrypt your data. In this session, we will dive deep into best practices learned by implementing AWS KMS at AWS’ largest enterprise clients. We will review the different capabilities described in the AWS Cloud Adoption Framework (CAF) Security Perspective and how to implement these recommendations using AWS KMS. In addition to sharing recommendations, we will also provide examples that will help you protect sensitive information on the AWS Cloud.
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Amazon Web Services
This session focuses on best practices for connectivity between many virtual private clouds (VPCs), including the Transit VPC. We review how the Transit VPC works and use cases for centralization, network security, and connectivity. We include best practices for multiple accounts, multiple regions, and designing for scale. In addition, we also review some of the variants and extensions to the Transit VPC, including how to customize your own.
Build end-to-end video experiences with Azure Media ServicesKen Cenerelli
In this presentation you will see how to use Microsoft Azure Media Services to upload, package, secure, distribute and view your videos. Presented November 15, 2014 at the London Azure Camp hosted by the London .NET Developers group in London, Ontario, Canada.
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Amazon Web Services
If you ask 10 teams why they migrated to containers, you will likely get answers like ‘developer productivity’, ‘cost reduction’, and ‘faster scaling’. But teams often find there are several other ‘hidden’ benefits to using containers for their services. In this talk, Franziska Schmidt, Platform Engineer at Mapbox and Yaniv Donenfeld from AWS will discuss the obvious, and not so obvious benefits of moving to containerized architecture. These include using Docker and ECS to achieve shared libraries for dev teams, separating private infrastructure from shareable code, and making it easier for non-ops engineers to run services.
Preparing for AWS Certification & Advanced Security TrainingAmazon Web Services
by Stuart Elston, Business Development Manager, AWS Training & Certification
An overview of more in-depth AWS certification and training available to help you further your career, with an expert Q&A session.
The session covers how Cisco SD-WAN can be used to extend the WAN connectivity to AWS. We show how the Viptela-based SD-WAN solution accelerates the path to cloud migration while maintaining the application SLA using the policy-based app fabric model. We cover Viptela's cloud-first network management, orchestration, and overlay technologies with industry-leading routing platforms, services, and SD-WAN capabilities from Cisco. We also cover how a customer deployed Cisco SD-WAN and the benefits they achieved, how a customer extended Cisco SD-WAN fabric to AWS, and the benefits of consistent security and segmentation, policy, network visibility, and connectivity options across branch, campus, data center, and cloud. This session is brought to you by AWS Partner, Cisco.
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017Amazon Web Services
VMWare Cloud on AWS allows your teams to migrate existing assets to the AWS Cloud quickly by using tools you are already familiar with. VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. This session uses practical, real world customer deployment examples to dives deep on hybrid cloud network connectivity, data protection best practices, and AWS native service integrations. Attendees will walk away with practical guidance and tips on getting the best of both worlds with VMware and AWS hybrid cloud solution.
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
End users expect to be able to view static, dynamic, and streaming content anytime, anywhere, and on any device. Amazon CloudFront is a web service that accelerates delivery of your websites, APIs, video content, or other web assets to end users around the globe with low latency, high data transfer speeds, and no commitments. In this session, learn what a content delivery network (CDN) such as Amazon CloudFront is and how it works, the benefits it provides, common challenges and needs, performance, recently released features and examples of how customers are using CloudFront. You will also learn about recustomizing content delivery through AWS Lambda@Edge - a serverless compute service that lets you execute functions to customize the content delivered through CloudFront.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and how you can inherit controls from the rich compliance and accreditation programs maintained by AWS.
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...Amazon Web Services
Autonomous cars need to identify road signs in real time, drones need to recognize objects with or without network connectivity. In this breakout session, you will learn what is machine learning (ML) inference at the edge and why it matters. We will show you how to use AWS Greengrass to locate cloud trained machine learning models, deploy them to your Greengrass devices, enable access to on-device GPU or FPGA, and apply the models to locally generated data without a need for connection to the cloud.
My SACON.IO conference presentation about how to architect secure IaaS/PaaS services.
Presentation mostly uses AWS examples, but relevant also to Azure / GCE and similar services.
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
Customers who want their data encrypted on AWS increasingly take advantage of AWS services that allow them to encrypt data and manage access to the encryption keys. This session discusses how your data is encrypted in transit and at rest in AWS services like Amazon EC2, Amazon S3, and Elastic Load Balancing. Learn about the AWS key management options available, such as AWS KMS, CloudHSM, and ACM. The session also covers some of the security controls that AWS uses to minimize risk of compromise by unauthorized users as it works to keep your data safe.
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments. Level 200
Find out how the Xero Cloud Security team deals with the accelerated pace of security brought about by cloud innovation occurring at Xero as they migrate “all-in” into the AWS cloud. Xero will share the Cloud Security team’s journey to the cloud, key success and learning points, as well as how they worked with Bulletproof to implement automated, repeatable and on-demand security with AWS that works at any scale. You will leave this session with actionable real-world knowledge & how to achieve AWS security posture best practices at minimal cost while delivering high value.
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
Healthcare organizations are rapidly adopting container technology to drive innovation. In this session, join Horizon Blue Cross Blue Shield of New Jersey and ClearDATA to learn about how to integrate Amazon ECS into your deployment pipeline while maintaining compliance for healthcare workloads, how to harden container environments for sensitive workloads, and how to leverage AWS tooling and microservices to provide new views and analysis for data stored in on-premises data centers.
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Amazon Web Services
Over the past decade, Verizon built significant investments in on-premises technology. Migrating legacy applications and IT systems takes time, so architecting a secure and performant hybrid architecture is essential to Verizon’s cloud adoption. In this session, you see how Verizon operationalized their existing on-premises IT infrastructure with AWS while providing the flexibility needed for both modern and legacy applications. Verizon solved extremely challenging enterprise constraints. Learn from Verizon’s cloud experience, and see the resulting architectures designed to meet strict security and compliance requirements while delivering faster application and system migration.
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...Amazon Web Services
This is a 400 level session that will discuss how customers can use Amazon FreeRTOS on microcontrollers with Greengrass at the edge. It will walk through connecting your devices running Amazon FreeRTOS, how to connect devices to Greengrass, and how these two services can work together to solve customer use cases. We will also cover security and authorization across Amazon FreeRTOS and Greengrass.
by Brad Dispensa, Sr. Solutions Architect, AWS
Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session we will cover how you can use secure configuration and automation to monitor, audit, and enforce your security policies within an AWS environment. Level 200
How broadcasters can get in the VR game with sportsETCenter
With new distribution deals from the NFL on Twitter to ESPN on Sling how we watch TV is now driven by the consumer demand to do more while we watch tune in to watch our favorite team. Enter virtual reality. VR is the first truly transformative technology for sports broadcasting in years – to date, the biggest improvements we've seen have been HD (just better picture) and ""the yellow line."" With VR, we can actually take you to the game, like you're sitting courtside or on the 50year line, while still being able to check their Twitter, trash talk and follow their team in realtime.
Speakers : Saswat Panda, CTO, Livelikevr and Michael Davies, SVP Fox Sports
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...ETCenter
How will artificial intelligence and machine learning help drive efficiency throughout the M&E Industry? In this talk, John Motz will explore the future of machine learning and how it is enabling companies to automate manual workflows to become more efficient and more productive.
Speaker : John Motz, CTO, GrayMeta
he practical use of computational linguistics for story adaptation and project development. A short case study on the use of natural language processing techniques to support the screenplay adaptation of a popular young-adult novel series. Rather than trying to ‘crack the code’, Double Bishop supports development strategies by revealing hidden insights and bridging interpretive feedback with objective analysis and recommendations.
Speaker : Anton Andreacchio, Managing Director, Double Bishop/JumpgateVR
Cloud Apps for Media Processing: IMF Packaging-on-DemandETCenter
This talk will address how IMF can benefit a facility where versions matter. It will briefly consider how IMF works and then look at use cases of where automation can be used to ensure optimal handling of titles both at the point of creation and also over time as versions are created, managed and distributed. Developed as an effort to reduce complexity and costs for multi-version content publishing for production, post-production and program preparation workflows, the Dalet xN IMF Maker service will be presented as an example.
Speaker : Eric Carson, Senior Business Development Manager, Dalet
Using IP technologies to replace traditional video transmission for remote event production has opened up a world of possibilities for increased production values and richer content exchange. This tech can bring improvements to productions, large and small.
Speaker : Michael Harabin, V.P., Technology, Engineering & Media Management, Pac-12 Networks
The distributive aspect of cloud on the digital worldETCenter
The shift to digital is requiring all types of companies to implement new commerce and collaboration models to engage customers, partners and employees, and support new connectivity and data models for analytics, IoT, and other digital services. To sustainably survive digital disruption, traditional organizations in media and entertainment are transforming their business architectures and IT delivery architectures together. Jason will highlight some specific customer case studies in media and entertainment and talk about how preparing for this shift is of paramount importance to the industry.
Speaker : Jason Sherwood, Sr. Manager, Equinix Global Solutions Architects, Equinix
Hacking IoT: the new threat for content assetsETCenter
Connected devices play an important role in creating and consuming both theatrical and broadcast content, ranging from smart TVs, to connected cameras, to wireless routers, and more. However, these same devices also introduce new security risk, and new attack surfaces against which malicious adversaries can launch their campaigns. Presented by the elite security research group behind esteemed hacking concepts such as IoT Village, this session examines data-based industry trends, the ways in which connected devices are compromised, and what to do about it.
Speaker : Ted Harrington, ISE
The global system behind a viewer’s transaction of watching a movie or TV show impacts viewers and show creators every day. What if all stakeholders had the same facts – Writers, Producers, Directors, Unions, Studios, Networks, Distributors, Theaters, Broadcasters, Cable Providers, Satellite providers, OTT providers and viewers? Blockchains offer precisely this opportunity. In this article we are going to explore new methods for enabling accountability in pre-production, production, post production, distribution, consumption and reporting with a secure chain of custody and metadata to be accessed, including key social attributes such as viewing method, display usage, rights compliance, and digital rights management.
Speaker : Steve Wong, HPE
A look at Federated Identity: A linked electronic identity and attributes used across distinct access systems. And potential next steps of the ETC security group.
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABCETCenter
The mission of the project and grantee is to explore changing technology in narrative form on a studio driven project. The 2015 short film and technical, test will further evaluate network based workflows with a focus on Metadata and High Dynamic Range. We have also added a VR component.
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...ETCenter
Next generation applications address more sophisticated questions that go beyond 'What happened?' by using Machine Learning/Statistical modelling to answer 'Why?' and 'What will happen next? Data insights can be easily deployed and rapidly delivered to the decision makers via cloud based applications. This framework focuses on technologies available for the entire data workflow from ingestion and modeling to cloud deployment; Hadoop, MADlib, Python, R, CloudFoundry, etc. This presentation will also include examples of how this framework and innovative Data Science techniques have been applied across diverse business units within Media, including pricing analyses for ad optimization and predicting viewership.
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USCETCenter
Domain-specific Insight Graph (DIG) is a technology that harvests and harmonizes millions of Web pages to extract key elements of knowledge (e.g., entities and relations). It integrates corporate databases with the extracted data across sources and modalities encoding implicit and purposefully obfuscated relationships. It offers a faceted content search interface and visualizations to support analysis.
An Introduction to Data Gravity by John Tkaczewski of FileCatalystETCenter
You're probably familiar with the concept of data gravity, even if you’ve never heard the term before. The emerging term and its concept are becoming increasingly popular as file sizes continue to grow at exponential rates, and cloud storage popularity becomes mainstream. This session will introduce the concept of data gravity, the factors at play, and how file transfer will play a role in the future.
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...ETCenter
While the benefits of cloud technology are undeniable—from improved business agility to economies of scale—concerns still exist around security and performance in multi-tenant environments versus dedicated private deployments. Multi-tenant environments introduce additional parties to the trust model and additional factors to the performance mix. This presentation covers the benefits of transitioning media workflows to the cloud and how to overcome obstacles related to security and performance using real world successes as examples.
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...ETCenter
OpenStack is in the process of revolutionizing video delivery through virtualization, software defined networking and storage abstraction. OpenStack’s ability to rapidly deploy video ecosystems and dynamically scale them based on resource requirements is enabling service providers to offer new services faster, more robustly, and at lower cost. We’ll review TV Everywhere cloud deployment requirements and why the marriage of TV Everywhere and OpenStack is so compelling.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
5. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
On-premise infrastructure
Render Farm
Nodes
Local
Workstations
On-premise infrastructure
6. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
On-premise infrastructure
Render Farm
Nodes
File Server
Local
Workstations
On-premise infrastructure
7. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
On-premise infrastructure
Render Farm
Nodes
File Server
Local
Workstations
License Server
On-premise infrastructure
8. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
On-premise infrastructure
Render Farm
Nodes
File Server
Local
Workstations
License Server
Render
Workers
Render
Workers
Render
Workers
On-premise infrastructure
9. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
On-premise infrastructure
Render Farm
Nodes
File Server
Local
Workstations
Queue
Manager
License Server
Render
Workers
Render
Workers
Render
Workers
On-premise infrastructure
10. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
On-premise infrastructure
Asset Mgmt Render Farm
Nodes
File Server
Local
Workstations
Queue
Manager
License Server
Render
Workers
Render
Workers
Render
Workers
On-premise infrastructure
12. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud infrastructure
Rendering VMs
Compute Engine
Data ingress/egress
13. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud infrastructure
Rendering VMs
Compute Engine
Assets
Cloud Storage
Data ingress
Data ingress/egress
14. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud infrastructure
Rendering VMs
Compute Engine
Assets
Cloud Storage
NFS File
Server
Data ingress
Data ingress/egress
15. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud infrastructure
Rendering VMs
Compute Engine
Assets
Cloud Storage
Read-through
Cache
NFS File
Server
Data ingress
Data ingress/egress
16. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud infrastructure
Rendering VMs
Compute Engine
Assets
Cloud Storage
NFS File
Server
Cloud-based
License Server
Data ingress
Data ingress/egress
On-prem licenses
Read-through
Cache
17. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud infrastructure
Rendering VMs
Compute Engine
Assets
Cloud Storage
Read-through
Cache
Users
Cloud IAM
NFS File
Server
Cloud-based
License Server
Data ingress
Data ingress/egress
On-prem licenses
LDAP sync
18. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud infrastructure
Rendering VMs
Compute Engine
Assets
Cloud Storage
Read-through
Cache
Users
Cloud IAM
NFS File
Server
Cloud-based
License Server
Stackdriver
LoggingData ingress
Data ingress/egress
On-prem licenses
LDAP sync
20. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Connecting to cloud
Render Farm
Nodes
Render
Workers
Render
Workers
On-premise infrastructure
21. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Connecting to cloud
Render Farm
Nodes
Render
Workers
Render
Workers
On-premise infrastructure
Cloud
VPN
VPN
Gateway
22. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Connecting to cloud
Render Farm
Nodes
Render
Workers
Render
Workers
On-premise infrastructure
Cloud
VPN
VPN
Gateway
Cloud
Router
23. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Connecting to cloud
Render Farm
Nodes
Render
Workers
Render
Workers
On-premise infrastructure
Cloud
Interconnect
Cloud
VPN
VPN
Gateway
Cloud
Router
24. Proprietary + ConfidentialProprietary + Confidential
Proprietary + Confidential
Hybrid infrastructure
(better put on your glasses for this next slide…)
25. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Hybrid infrastructure
On-premise infrastructure
Asset Mgmt dB Render Farm
Nodes
File Server
Local
Workstations
Queue
Manager
Physical Cache
License Server
Cloud
Interconnect
Cloud
VPN
Read-through
Cache
Rendering VMs
Compute Engine
Assets
Cloud Storage
Users
Cloud IAM
NFS File
Server
VPN
Gateway
Cloud
Router
Cloud-based
License Server
Stackdriver
Logging
26. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Hybrid infrastructure
On-premise infrastructure
Asset Mgmt dB Render Farm
Nodes
File Server
Local
Workstations
Queue
Manager
Physical Cache
License Server
Cloud
Interconnect
Cloud
VPN
Read-through
Cache
Rendering VMs
Compute Engine
Assets
Cloud Storage
Users
Cloud IAM
NFS File
Server
Users &
Admins
Users &
Admins
Cloud Directory
Sync
VPN
Gateway
Cloud
Router
Cloud-based
License Server
Stackdriver
Logging
27. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Hybrid infrastructure
On-premise infrastructure
Asset Mgmt dB Render Farm
Nodes
APIs: gcloud, gsutil,
ssh, rsync, etc
File Server
Local
Workstations
Queue
Manager
Physical Cache
License Server
Accelerated
UDP Transfer
Cloud
Interconnect
Cloud
VPN
Read-through
Cache
Rendering VMs
Compute Engine
Assets
Cloud Storage
Users
Cloud IAM
NFS File
Server
Users &
Admins
Users &
Admins
Cloud Directory
Sync
Project data I/O
License requests
Queue Manager dispatching
Project database communication
VPN
Gateway
Cloud
Router
Cloud-based
License Server
Stackdriver
Logging
29. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Cloud Platform resource hierarchy
30. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Projects and access
Granting access Manage your organization's identities with G Suite.
Implement Google Cloud Directory Sync.
gcloud SDK,
Compute Engine API
Authentication is performed by the SDK itself.
Credentials are picked up by the API client libraries.
Automating
security checks
Implement Forseti Security to run periodic checks
for policy compliance.
https://github.com/GoogleCloudPlatform/forseti-security
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
31. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Controlling user access
Cloud IAM Create and manage permissions at multiple levels.
Service accounts Access Google services and resources programmatically.
Access scopes Set permissions at the resource level.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
32. Proprietary + Confidential
#NABShow
Identity & Access Management
Who
(principal)
User Service Accounts
Group Domain
Can do
what
Roles: collection of permissions
Authorization Tokens
On which
resource
Project VM, bucket…
Resource folder
Cloud IAM unifies access control
under a single system.
Create and manage permissions at the
organization, project and resource
levels.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
33. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Encryption key management
Cloud storage All data is encrypted at rest using either AES128 or AES256 encryption.
Data is always encrypted before it's written to disk.
Cloud KMS Store encryption keys centrally in the cloud, for use by cloud services.
Let Google manage your keys, or manage keys yourself.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
34. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Network security
Networks and
subnetworks
Isolate resources on separate networks to add an extra level of security.
Subnetworks are created automatically, one for each compute zone.
Firewall rules Rules apply to the entire network.
To allow incoming traffic, you must create 'allow' firewall rules.
External IP
addresses
Ability to disable the assignment of an external IP on instance creation.
The instance will then only be visible over VPN, or from within the network.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
35. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Disk images
Public Compute Engine offers many preconfigured public images.
Each OS image has been configured to work closely with
Google Cloud Platform services and resources.
Custom Use your own custom image, but ensure you comply with
security best practices.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
36. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Connectivity
Google Cloud
VPN
Regardless of how you're connected to Google, you must
secure your connection with a Virtual Private Network (VPN).
Direct peering Connect directly to a Google PoP. This is typically the fastest option.
Cloud
interconnect
Connect to Google using a service provider.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
37. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
File systems
Object-based Encrypted, localized, available worldwide.
Pipeline implications, however.
POSIX-compliant Known as Persistent Disk (PD) on GCP.
The security features of object-based storage, available as an NFS server.
Other filesystems Clustered or caching filesystems are also available,
however they are not under the management of IAM or
other Google security mechanisms.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
38. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Encryption
Storage security Security features are consistent across storage classes.
By default, Google manages encryption keys.
When is data
encrypted?
Both at rest and in-transit.
If using VPN (which you should), data is encrypted before leaving on-prem.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
39. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Transferring data
SDK and API gsutil, gcloud, rsync, ssh can be used, but we recommend
gsutil for anything less than 10Gb in size.
UDP-based Aspera, Tervela Cloud FastPath, BitSpeed Velocity or FDT are all options,
however they're all third-party services and are not managed by Google.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
40. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Logging
Stackdriver Can be used as a secure logging server for a variety of pipelines.
Able to ingest thousands of concurrent log streams.
Audit logging Monitor project-based admin activity.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
41. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Other considerations
Queue
management
Use the gcloud command to communicate with Google Cloud, rather than via ssh.
Consider running your queue system entirely on Google Cloud Platform.
Custom software There are a number of client libraries available for use by third-party software API.
Each library provides methods for OAuth2.0 authorization.
Licensing Use your own on-prem license server across a VPN.
Running a license server in the cloud.
Projects and
access
Controlling
user access
Encryption
key mgmt
Network
security
Disk images Connectivity File systems Encryption
Transferring
data
Logging Other
42. Proprietary + Confidential
#NABShow
Best Practices for Enterprise Organizations
Google Infrastructure Security Design Overview
Encryption at Rest in Google Cloud Platform
Securely Connecting to VM Instances
Google Security Whitepaper
Using IAM Securely
Configuring Imported Images
Further reading
43. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem
Proprietary + Confidential
#NABShow
Questions?