The document discusses cloud computing and platforms as a service (PaaS). It notes that PaaS can provide departments their own isolated environments while sharing hardware resources, reducing costs. Multi-tenancy in PaaS faces challenges around data and logic isolation, and security. Techniques for data isolation include separate databases/schemas and views, while access security uses trusted connections and secure database objects.
This document discusses migrating enterprises to cloud computing. It defines cloud computing as scalable IT capabilities provided as an on-demand service over the internet. There are three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). There are also four deployment models: public clouds, private clouds, hybrid clouds, and community clouds. Migrating to the cloud provides benefits like lower costs, faster innovation, and elastic resources, but also raises concerns around data security, privacy, and network performance.
Metasoft Solutions Pvt Ltd is an IT services and software company established in 2003 that provides end-to-end IT solutions including managed services, cloud services, and unified communications. The company offers hosting, data center infrastructure, server virtualization, private and public cloud services, video conferencing, and collaboration tools. Metasoft aims to be a leading provider of these services in India and the Middle East.
Le cloud microsoft - Présentation "fourre-tout" - BaseNicolas Georgeault
The document discusses Nicolas Georgeault's background and credentials as an expert in SharePoint and cloud computing. It then summarizes upcoming SharePoint user group events in France and provides information on Microsoft's cloud computing platforms like Windows Azure and Office 365. Finally, it discusses the benefits of cloud computing including elasticity, cost savings, and increased agility.
Making of a Successful Cloud Business:
Current Status & Future Requirements
Rajarshi Bhose and Sumit Kumar Bose
Infosys Technologies Limited
Delivered as part of Cloud symposium, at ACM Bangalore COmpute 2009.
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
The document discusses Novell's Compliance Management Platform and its extension for SAP environments. The platform provides integrated identity and security management through components like Identity Vault, Identity Manager, Sentinel, and Access Manager. The extension for SAP includes tools like a Role Mapping Administrator and enhanced SAP drivers. It aims to develop synergies between Identity Manager and SAP BusinessObjects Access Control for improved provisioning, access control, risk analysis, and monitoring capabilities. Three scenarios are presented showing how provisioning and access control can be integrated between the solutions.
Summer School Delivering On-Demand Shared Middleware ServicesWSO2
This document discusses delivering on-demand and shared middleware services through a Platform as a Service (PaaS) model. It describes how PaaS can provide services instead of servers, disrupt traditional IT topology and funding, and enable IT to operate as a business. It also discusses tenants, containers, partitioning, capacity planning, the Stratos architecture, and how PaaS can reduce total cost of ownership and increase project agility through development services. Finally, it suggests how businesses can offer their capabilities as a service through a PaaS-enabled ecosystem.
This document compares on-premises hosting, hosted infrastructure as a service (IaaS), and cloud platform as a service (PaaS). On-premises hosting gives complete control but requires upfront costs. IaaS provides infrastructure resources that are rented, with less control and responsibility than on-premises. PaaS offers scalable cloud resources on a pay-as-you-go model with software and runtimes managed by the vendor.
This document discusses Oracle's cloud strategy, which provides customers with complete choice in how they adopt cloud computing. Oracle offers private, public, and hybrid cloud solutions, as well as software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Oracle aims to give customers flexibility in their cloud adoption through consolidation, virtualization, clustering, and other technologies. The document outlines Oracle's various cloud offerings and how Oracle Consulting can help customers develop strategies for moving to the cloud.
This document discusses migrating enterprises to cloud computing. It defines cloud computing as scalable IT capabilities provided as an on-demand service over the internet. There are three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). There are also four deployment models: public clouds, private clouds, hybrid clouds, and community clouds. Migrating to the cloud provides benefits like lower costs, faster innovation, and elastic resources, but also raises concerns around data security, privacy, and network performance.
Metasoft Solutions Pvt Ltd is an IT services and software company established in 2003 that provides end-to-end IT solutions including managed services, cloud services, and unified communications. The company offers hosting, data center infrastructure, server virtualization, private and public cloud services, video conferencing, and collaboration tools. Metasoft aims to be a leading provider of these services in India and the Middle East.
Le cloud microsoft - Présentation "fourre-tout" - BaseNicolas Georgeault
The document discusses Nicolas Georgeault's background and credentials as an expert in SharePoint and cloud computing. It then summarizes upcoming SharePoint user group events in France and provides information on Microsoft's cloud computing platforms like Windows Azure and Office 365. Finally, it discusses the benefits of cloud computing including elasticity, cost savings, and increased agility.
Making of a Successful Cloud Business:
Current Status & Future Requirements
Rajarshi Bhose and Sumit Kumar Bose
Infosys Technologies Limited
Delivered as part of Cloud symposium, at ACM Bangalore COmpute 2009.
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
The document discusses Novell's Compliance Management Platform and its extension for SAP environments. The platform provides integrated identity and security management through components like Identity Vault, Identity Manager, Sentinel, and Access Manager. The extension for SAP includes tools like a Role Mapping Administrator and enhanced SAP drivers. It aims to develop synergies between Identity Manager and SAP BusinessObjects Access Control for improved provisioning, access control, risk analysis, and monitoring capabilities. Three scenarios are presented showing how provisioning and access control can be integrated between the solutions.
Summer School Delivering On-Demand Shared Middleware ServicesWSO2
This document discusses delivering on-demand and shared middleware services through a Platform as a Service (PaaS) model. It describes how PaaS can provide services instead of servers, disrupt traditional IT topology and funding, and enable IT to operate as a business. It also discusses tenants, containers, partitioning, capacity planning, the Stratos architecture, and how PaaS can reduce total cost of ownership and increase project agility through development services. Finally, it suggests how businesses can offer their capabilities as a service through a PaaS-enabled ecosystem.
This document compares on-premises hosting, hosted infrastructure as a service (IaaS), and cloud platform as a service (PaaS). On-premises hosting gives complete control but requires upfront costs. IaaS provides infrastructure resources that are rented, with less control and responsibility than on-premises. PaaS offers scalable cloud resources on a pay-as-you-go model with software and runtimes managed by the vendor.
This document discusses Oracle's cloud strategy, which provides customers with complete choice in how they adopt cloud computing. Oracle offers private, public, and hybrid cloud solutions, as well as software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Oracle aims to give customers flexibility in their cloud adoption through consolidation, virtualization, clustering, and other technologies. The document outlines Oracle's various cloud offerings and how Oracle Consulting can help customers develop strategies for moving to the cloud.
This document summarizes Citrix networking solutions for securely accessing centralized applications and desktops from branch offices. It discusses the Branch Repeater product for optimizing WAN performance, Citrix Access Gateway for providing secure remote access, and how NetScaler can be used to load balance traffic and provide high availability. It also briefly covers how these solutions help drive customer value through features like scalability, security, availability and optimization of XenApp and XenDesktop traffic.
The document discusses the Windows Azure platform, which provides infrastructure and platform services through Microsoft's global network of data centers. Key features of the platform include scalable compute and storage, a service bus for integration, and access control services. The platform aims to offer developers agility, innovation, and cost efficiency through a pay-as-you-go cloud model.
The document discusses Aras Corporation's approach to leveraging cloud computing. It provides background on cloud computing models and discusses some clear advantages as well as uncertainties. It then summarizes Aras' announcements around its Connected Cloud strategy and new product Aras Spectrum, a cloud-based PLM platform delivered as software or platform as a service on Microsoft Azure. Aras Spectrum is designed to provide scalability, universal access, reliability and eliminate lock-in while allowing for customization and updates.
Deja-Vu Solutions Limited has expertise in providing variety of services and solutions which includes web development, content development, data entry, and IT consulting under one roof.
Our vision focuses on customer satisfaction and provides our clients the competitive advantage through innovative use of technology and employee expertise. We thrive to achieve long-term relations with clients through success. We have time and again anticipated and exceeded customer expectations.
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
This document discusses extending your data center into AWS. It provides examples of using Amazon VPC to isolate projects, expand existing systems securely into the cloud without public exposure, and expose systems to the public while hosted in the cloud. It also discusses using VPC for branch office access. The document outlines models for isolated projects, expanding existing systems into the cloud without public access, and expanding systems into the cloud with public internet access. It introduces AWS Virtual Private Cloud and describes some of its networking capabilities. Finally, it provides examples of companies using EC2 and discusses strategies for migrating applications to the cloud.
The document discusses cyber defense for service-oriented architecture (SOA) and representational state transfer (REST) using the Oracle Service Bus Appliance (OSBA). It provides an overview of OSBA, including its easy deployment and configuration, DMZ-class security features, and performance benefits. Examples of OSBA use cases for security, performance, customization, and monitoring of SOA and REST applications are also presented.
This document discusses Oracle's cloud computing strategy and solutions. It begins by defining cloud computing and outlining Oracle's approach, which includes private and public cloud solutions. It then discusses Oracle Exadata and Exalogic systems, which provide the foundation for building private Platform as a Service (PaaS) clouds. Finally, it outlines Oracle's complete cloud offerings, including applications, platforms, infrastructure, and management capabilities for developing and running applications in the cloud.
This presentation will help you better understand:
- The Oracle Embedded Value Proposition
- The Oracle Service Bus (OSB) Value Proposition
- The Challenge Of The Extended Enterprise
- Introducing the OSB Appliance (OSBA)
MPX improves server scalability and client responsiveness for StarTeam. It uses a message broker to establish publish/subscribe messaging between StarTeam servers and clients. This pushes notifications and updates to clients rather than having them poll the server. It can also use cache agents to store and distribute file contents locally, improving checkout speeds especially for remote users. Major benefits include reduced server load, faster updates and checkouts, better performance for remote users, and support for larger deployments.
This document summarizes the launch of Veritas Storage Foundation 6.0 and related products. It provides resilient private clouds by enabling pooled, elastic, resilient storage and business services across existing infrastructure. Key features include storage optimization through deduplication and compression, intelligent reporting and remediation through Veritas Operations Manager, and a new core-based pricing model. The launch delivers a holistic solution for building private clouds from existing IT investments.
comparative study of Cloud computing tools Aditya Trivedi
The document provides information on Nimbus, an open-source toolkit that focuses on providing Infrastructure-as-a-Service capabilities to the scientific community. It enables resource providers to build private and community IaaS clouds, and users to use IaaS clouds. It also enables developers to extend, experiment, and customize IaaS. The document then discusses OpenNebula, an open-source project aimed at building the industry standard open source cloud computing tool to manage the complexity and heterogeneity of distributed data center infrastructures. It was designed with principles of openness, adaptability, interoperability, stability, and to prevent vendor lock-in.
This document describes a company's remote infrastructure management (RIM) services. It offers remote server monitoring, network monitoring, database administration, patch management, and backup/disaster recovery. Using offshore resources allows 50-60% cost savings while maintaining productivity. A case study shows how the company streamlined a web services client's processes, providing integrated infrastructure monitoring and 40% reduced costs. RIM services provide proactive support and oversight of IT resources.
The document discusses Aras Corporation's announcements about leveraging cloud computing for product lifecycle management (PLM). It introduces Aras Spectrum, a new cloud-based PLM product that provides PLM software and platform services via Microsoft's Azure cloud. Aras Spectrum is designed to offer scalability, universal access, reliability, and elimination of lock-in concerns. It also allows for customizations and controls over updates/upgrades while leveraging connected cloud services from other vendors.
KVH Customer Case Study - Aplix CorporatinKVH Co. Ltd.
Since the founding of Aplix Corporation, a competitive edge in software development technology has been the core of their business. Pursuing business innovation based on high technological capabilities, software development, server expansion, capacity expansion resulted in increased stress on their developers.
In addition, during office relocation due to business expansion, it was essential to have flexibility and short lead time for network construction in order to reduce the down time of critical systems. KVH was selected as a valued network service provider with dedicated pre-sales engineers and specially assigned field engineers consistently offering extensive support from the start of the project, through network design, construction, and all the way through project delivery. KVH offered a dedicated leased line connection to AWS through which it was possible to shorten the down time of critical internal systems.
This document discusses federated cloud computing and key challenges. It defines cloud computing according to NIST and describes essential characteristics, service models, and deployment models. The document outlines challenges around scalability, resource utilization, vendor lock-in, quality of service, security, and compliance. It proposes that open source platforms and standards can help address these challenges by enabling interoperability across cloud offerings. The document provides examples of open source cloud middleware like OpenStack and describes standards like OVF and SCIM that can help with portability and identity management.
The document is a specification sheet for the Motorola RFS 4000 Series 802.11n Integrated Services Controller. It integrates wired, wireless and security networking features into a compact form factor. Key features include:
1) True convergence of wired and wireless services for branch offices with mesh capabilities and dual radio access points.
2) Provides reliable and survivable branch networking with features like SMART RF, clustering, and 3G failover.
3) Offers built-in applications such as locationing, hotspot services, and VoIP as well as security features like IDS/IPS and firewall protection.
Not all SOA Gateways are created equal. Each one behaves differently, which can affect your total cost of ownership, and more importantly, the success of your project.
This document introduces platform-as-a-service (PaaS) as a solution to common IT challenges faced by organizations. Traditional IT approaches require extensive manual work to deploy and manage applications, making it difficult for development and operations teams to collaborate effectively. PaaS aims to streamline the application development lifecycle by automating infrastructure provisioning and management so that developers can focus on coding while operations ensures reliable environments. By providing preconfigured development platforms and automatically scaling applications, PaaS allows organizations to innovate faster and be more agile in responding to business needs.
This document discusses securing single-page applications (SPAs) with OAuth 2.0. It describes how SPAs work by loading a single HTML page and dynamically updating content without page reloads. It outlines two issues with using OAuth in SPAs: client authentication and exposing access tokens to users. It proposes using the implicit grant type to address these by enabling single sign-on without exposing credentials to the SPA. It also describes using an OAuth proxy to further improve security by encrypting tokens in cookies and routing all API calls through the proxy.
The document discusses API security patterns and practices. It covers topics like API gateways, authentication methods like basic authentication and OAuth 2.0, authorization with XACML policies, and securing APIs through measures like TLS, JWTs, and throttling to ensure authentication, authorization, confidentiality, integrity, non-repudiation, and availability. Key points covered include the gateway pattern, direct vs brokered authentication, JSON web tokens for self-contained access tokens, and combining OAuth and XACML for fine-grained access control.
Thailand Business with the Cloud ServiceIMC Institute
This document discusses cloud computing trends and opportunities in Thailand. It predicts that large enterprises will implement private clouds while internet data centers and telcos will provide public infrastructure as a service. Small and medium enterprises will host servers on public or international infrastructure platforms. There will be no prominent platform as a service providers locally, so most developers will use international platforms like Microsoft Azure. Software as a service demand will increase due to growing smartphone and tablet use, supported by expanding 3G services. More local software companies will offer software as a service, while Salesforce, Google Apps, and Microsoft Office 365 will be major vendors in Thailand.
This document summarizes Citrix networking solutions for securely accessing centralized applications and desktops from branch offices. It discusses the Branch Repeater product for optimizing WAN performance, Citrix Access Gateway for providing secure remote access, and how NetScaler can be used to load balance traffic and provide high availability. It also briefly covers how these solutions help drive customer value through features like scalability, security, availability and optimization of XenApp and XenDesktop traffic.
The document discusses the Windows Azure platform, which provides infrastructure and platform services through Microsoft's global network of data centers. Key features of the platform include scalable compute and storage, a service bus for integration, and access control services. The platform aims to offer developers agility, innovation, and cost efficiency through a pay-as-you-go cloud model.
The document discusses Aras Corporation's approach to leveraging cloud computing. It provides background on cloud computing models and discusses some clear advantages as well as uncertainties. It then summarizes Aras' announcements around its Connected Cloud strategy and new product Aras Spectrum, a cloud-based PLM platform delivered as software or platform as a service on Microsoft Azure. Aras Spectrum is designed to provide scalability, universal access, reliability and eliminate lock-in while allowing for customization and updates.
Deja-Vu Solutions Limited has expertise in providing variety of services and solutions which includes web development, content development, data entry, and IT consulting under one roof.
Our vision focuses on customer satisfaction and provides our clients the competitive advantage through innovative use of technology and employee expertise. We thrive to achieve long-term relations with clients through success. We have time and again anticipated and exceeded customer expectations.
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
This document discusses extending your data center into AWS. It provides examples of using Amazon VPC to isolate projects, expand existing systems securely into the cloud without public exposure, and expose systems to the public while hosted in the cloud. It also discusses using VPC for branch office access. The document outlines models for isolated projects, expanding existing systems into the cloud without public access, and expanding systems into the cloud with public internet access. It introduces AWS Virtual Private Cloud and describes some of its networking capabilities. Finally, it provides examples of companies using EC2 and discusses strategies for migrating applications to the cloud.
The document discusses cyber defense for service-oriented architecture (SOA) and representational state transfer (REST) using the Oracle Service Bus Appliance (OSBA). It provides an overview of OSBA, including its easy deployment and configuration, DMZ-class security features, and performance benefits. Examples of OSBA use cases for security, performance, customization, and monitoring of SOA and REST applications are also presented.
This document discusses Oracle's cloud computing strategy and solutions. It begins by defining cloud computing and outlining Oracle's approach, which includes private and public cloud solutions. It then discusses Oracle Exadata and Exalogic systems, which provide the foundation for building private Platform as a Service (PaaS) clouds. Finally, it outlines Oracle's complete cloud offerings, including applications, platforms, infrastructure, and management capabilities for developing and running applications in the cloud.
This presentation will help you better understand:
- The Oracle Embedded Value Proposition
- The Oracle Service Bus (OSB) Value Proposition
- The Challenge Of The Extended Enterprise
- Introducing the OSB Appliance (OSBA)
MPX improves server scalability and client responsiveness for StarTeam. It uses a message broker to establish publish/subscribe messaging between StarTeam servers and clients. This pushes notifications and updates to clients rather than having them poll the server. It can also use cache agents to store and distribute file contents locally, improving checkout speeds especially for remote users. Major benefits include reduced server load, faster updates and checkouts, better performance for remote users, and support for larger deployments.
This document summarizes the launch of Veritas Storage Foundation 6.0 and related products. It provides resilient private clouds by enabling pooled, elastic, resilient storage and business services across existing infrastructure. Key features include storage optimization through deduplication and compression, intelligent reporting and remediation through Veritas Operations Manager, and a new core-based pricing model. The launch delivers a holistic solution for building private clouds from existing IT investments.
comparative study of Cloud computing tools Aditya Trivedi
The document provides information on Nimbus, an open-source toolkit that focuses on providing Infrastructure-as-a-Service capabilities to the scientific community. It enables resource providers to build private and community IaaS clouds, and users to use IaaS clouds. It also enables developers to extend, experiment, and customize IaaS. The document then discusses OpenNebula, an open-source project aimed at building the industry standard open source cloud computing tool to manage the complexity and heterogeneity of distributed data center infrastructures. It was designed with principles of openness, adaptability, interoperability, stability, and to prevent vendor lock-in.
This document describes a company's remote infrastructure management (RIM) services. It offers remote server monitoring, network monitoring, database administration, patch management, and backup/disaster recovery. Using offshore resources allows 50-60% cost savings while maintaining productivity. A case study shows how the company streamlined a web services client's processes, providing integrated infrastructure monitoring and 40% reduced costs. RIM services provide proactive support and oversight of IT resources.
The document discusses Aras Corporation's announcements about leveraging cloud computing for product lifecycle management (PLM). It introduces Aras Spectrum, a new cloud-based PLM product that provides PLM software and platform services via Microsoft's Azure cloud. Aras Spectrum is designed to offer scalability, universal access, reliability, and elimination of lock-in concerns. It also allows for customizations and controls over updates/upgrades while leveraging connected cloud services from other vendors.
KVH Customer Case Study - Aplix CorporatinKVH Co. Ltd.
Since the founding of Aplix Corporation, a competitive edge in software development technology has been the core of their business. Pursuing business innovation based on high technological capabilities, software development, server expansion, capacity expansion resulted in increased stress on their developers.
In addition, during office relocation due to business expansion, it was essential to have flexibility and short lead time for network construction in order to reduce the down time of critical systems. KVH was selected as a valued network service provider with dedicated pre-sales engineers and specially assigned field engineers consistently offering extensive support from the start of the project, through network design, construction, and all the way through project delivery. KVH offered a dedicated leased line connection to AWS through which it was possible to shorten the down time of critical internal systems.
This document discusses federated cloud computing and key challenges. It defines cloud computing according to NIST and describes essential characteristics, service models, and deployment models. The document outlines challenges around scalability, resource utilization, vendor lock-in, quality of service, security, and compliance. It proposes that open source platforms and standards can help address these challenges by enabling interoperability across cloud offerings. The document provides examples of open source cloud middleware like OpenStack and describes standards like OVF and SCIM that can help with portability and identity management.
The document is a specification sheet for the Motorola RFS 4000 Series 802.11n Integrated Services Controller. It integrates wired, wireless and security networking features into a compact form factor. Key features include:
1) True convergence of wired and wireless services for branch offices with mesh capabilities and dual radio access points.
2) Provides reliable and survivable branch networking with features like SMART RF, clustering, and 3G failover.
3) Offers built-in applications such as locationing, hotspot services, and VoIP as well as security features like IDS/IPS and firewall protection.
Not all SOA Gateways are created equal. Each one behaves differently, which can affect your total cost of ownership, and more importantly, the success of your project.
This document introduces platform-as-a-service (PaaS) as a solution to common IT challenges faced by organizations. Traditional IT approaches require extensive manual work to deploy and manage applications, making it difficult for development and operations teams to collaborate effectively. PaaS aims to streamline the application development lifecycle by automating infrastructure provisioning and management so that developers can focus on coding while operations ensures reliable environments. By providing preconfigured development platforms and automatically scaling applications, PaaS allows organizations to innovate faster and be more agile in responding to business needs.
This document discusses securing single-page applications (SPAs) with OAuth 2.0. It describes how SPAs work by loading a single HTML page and dynamically updating content without page reloads. It outlines two issues with using OAuth in SPAs: client authentication and exposing access tokens to users. It proposes using the implicit grant type to address these by enabling single sign-on without exposing credentials to the SPA. It also describes using an OAuth proxy to further improve security by encrypting tokens in cookies and routing all API calls through the proxy.
The document discusses API security patterns and practices. It covers topics like API gateways, authentication methods like basic authentication and OAuth 2.0, authorization with XACML policies, and securing APIs through measures like TLS, JWTs, and throttling to ensure authentication, authorization, confidentiality, integrity, non-repudiation, and availability. Key points covered include the gateway pattern, direct vs brokered authentication, JSON web tokens for self-contained access tokens, and combining OAuth and XACML for fine-grained access control.
Thailand Business with the Cloud ServiceIMC Institute
This document discusses cloud computing trends and opportunities in Thailand. It predicts that large enterprises will implement private clouds while internet data centers and telcos will provide public infrastructure as a service. Small and medium enterprises will host servers on public or international infrastructure platforms. There will be no prominent platform as a service providers locally, so most developers will use international platforms like Microsoft Azure. Software as a service demand will increase due to growing smartphone and tablet use, supported by expanding 3G services. More local software companies will offer software as a service, while Salesforce, Google Apps, and Microsoft Office 365 will be major vendors in Thailand.
WSO2 produces open source identity and access management software. Through Google Summer of Code, WSO2 has mentored 11 projects implementing key identity standards like UMA, SAML, and OAuth. These standards, developed by organizations like OASIS and IETF, provide frameworks for identity federation, SSO, provisioning, and access control. Formats include SAML for SSO, SCIM for provisioning using REST, and XACML for fine-grained authorization control. WSO2 contributes implementations of these standards to help users manage identity and access securely across domains.
This document provides API security best practices and guidelines. It discusses defining APIs and who may access them, such as employees, partners, customers or the general public. Authentication can be direct, using credentials, or brokered, using a third party. Best practices include using TLS, strong credentials, short-lived tokens, and throttling access. The guidelines aim to prevent attacks like CSRF, authorization code interception, and brute force attacks through measures like state parameters, PKCE, and long random tokens.
This document discusses the opportunities and benefits of cloud computing for public sector organizations. It outlines various cloud service models including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). SaaS provides simplified software access, PaaS enables rapid application development on scalable platforms, and IaaS offers virtualized infrastructure resources. The document suggests public entities assess moving infrastructure to IaaS for cost savings, develop new apps on PaaS to generate revenue, and leverage cloud services to reduce IT workload. Overall it promotes cloud computing as a way for governments to reduce costs, increase flexibility and revenue, and better deliver IT services.
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
The document provides an overview of Novell Cloud Security Services (NCSS). NCSS allows organizations to extend their internal identity and security policies to manage a multi-SaaS environment consistently. It discusses how NCSS works, including its architecture and deployment options for small, medium, and large implementations. NCSS uses security brokers and a secure bridge to connect enterprises to SaaS applications while enforcing consistent identity management policies.
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
This session will help you understand what cloud security is and how to implement it in your enterprise. It will discuss the technical aspects of cloud security and how we can help you secure the cloud while ensuring sensitive information always remains behind the firewall.
BayThreat Why The Cloud Changes EverythingCloudPassage
Subtitle: How I Learned to Stop Worrying and Get DevOps to Love Security
These slides are from a talk delivered by Rand Wacker at BayThreat 2011.
ABSTRACT: Take a look around, you might be surprised who is running servers in the cloud; you might be even more surprised about what they are running. Unfortunately, these people rarely if ever thought to tell the security teams, and that means big problems for us all. Securing servers in the cloud is different, very different, than in a traditional data center, but all the same risks are there. Lets start by understanding who is using the cloud, why it is so different, and what works and doesn't work from our typical security toolbox. Then lets try to solve some of those problems and come up with some best practices to help us and those we work with do what they need…securely.
Hybrid clouds are quickly forming on the horizon, and they are transforming the way that organizations do business. Join David Butler, SVP of Marketing at Eucalyptus, Judith Hurwitz, President and CEO, and Marcia Kaufman, COO and partner, of Hurwitz & Associates and co-authors of “Hybrid Cloud For Dummies” to learn what this new cloud deployment model is all about.
Hybrid clouds are quickly forming on the horizon, and they are transforming the way that organizations do business. Join David Butler, SVP of Marketing at Eucalyptus, Judith Hurwitz, President and CEO, and Marcia Kaufman, COO and partner, of Hurwitz & Associates and co-authors of “Hybrid Cloud For Dummiesto learn what this new cloud deployment model is all about.
The Move to the Cloud for Regulated Industriesdirkbeth
The document discusses the move to cloud computing for regulated industries like pharmaceutical, biotech, and medical device companies. It notes that while 95% of people claim they don't use the cloud, they actually do for online banking, shopping, social media, and storing photos and music. The cloud provides benefits like high reliability, unlimited storage, easy sharing, and supporting enterprise software. However, regulated industries have additional requirements for cloud applications around authentication, encryption, compliance, auditing, and platform qualifications. Examples of potential cloud uses in pharma include drug discovery, clinical data collection, gene sequencing, and collaboration with partners. The future includes benefits like global accessibility, availability, and collaborative environments.
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
This document discusses using SharePoint 2010 to collaborate with external partners through an extranet. It covers:
1) The benefits of an extranet for security isolation and partner collaboration.
2) SharePoint 2010's improved support for claims-based authentication and multiple authentication providers to better support extranets.
3) Various architecture options for extranet implementations, including scenarios where extranet and internal users are separated across farms or forests with different levels of access and security isolation.
This document provides an overview of cloud computing and Microsoft's Windows Azure platform. It discusses key cloud concepts like infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). It also covers the different types of roles in Windows Azure, including web roles, worker roles, and virtual machine roles. The document explains the Windows Azure architecture and how roles are deployed and configured using service definition and configuration files.
The document discusses cloud computing and compares on-premise IT infrastructure to using cloud platforms like Microsoft Azure. It begins with definitions of cloud computing from NIST including essential characteristics and service models. The rest analyzes factors in deciding between on-premise and cloud options, provides a case study of using Azure for endpoint backup, and demonstrates the EVault solution running in Azure. It concludes with next steps and resources for learning more about Azure and cloud computing.
The document provides an overview of CloudPassage and its Halo security product. Halo is a SaaS-delivered security and compliance automation solution for public, private, and hybrid cloud servers. It offers capabilities like dynamic cloud firewall automation, system integrity monitoring, and server vulnerability scanning to help customers securely adopt cloud technologies and comply with industry standards. CloudPassage aims to simplify cloud security by putting highly automated controls directly on customer's cloud servers.
Patterns of Cloud Applications Using Microsoft Azure Services PlatformDavid Chou
The document describes Microsoft's Azure Services Platform, which provides IT services through a global network of Microsoft data centers. It offers infrastructure, platform, and private cloud services that are managed at different levels, from fully managed platform services to customer-managed private infrastructure. Key services include compute, data, networking, development platforms, identity management, and more. It also provides high availability, security, and usage-based pricing. The platform supports various application patterns including cloud web applications and composite services applications built with Azure services.
The Azure Services Platform provides a set of building blocks and extensible components for developing rich social applications and consumer experiences in the cloud. It includes services for user and application data storage, identity management, presence, communication, search, and more. Developers can access these services through a uniform RESTful programming model and client libraries. The platform also provides capabilities for compute, storage, messaging, access control, workflows, and databases to enable simple and scalable cloud application architectures.
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
Smartronix specializes in cybersecurity, infrastructure services, and application development. They are an AWS partner and have over 50 AWS specialists. They have experience migrating large government websites to AWS, including Treasury.gov and Recovery.gov. When building applications on AWS, security is a shared responsibility between AWS and the customer. AWS is responsible for security of the cloud infrastructure, while customers are responsible for security in their operating systems, applications, network configuration and more. Smartronix can help customers implement security best practices and leverage AWS security features.
This document discusses a seminar on cloud computing security and forensics. It covers topics like cloud security risks, risk assessment, and cloud forensics. The seminar aims to help people understand security issues in cloud computing and how to address them.
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012Eric D. Boyd
This document discusses moving web applications to the cloud using Windows Azure. It defines cloud computing and outlines the benefits such as pay-as-you-go pricing and scalability. The document demonstrates migrating an existing web application to Windows Azure by moving the database to SQL Azure and authentication to claims-based authentication. It provides recommendations for assessing applications for cloud migration and factors to consider like costs and returns. Resources for the Windows Azure SDK and tools are also referenced.
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
This document discusses collaborating with extranet partners on SharePoint 2010. It begins by covering why organizations implement extranets and the authentication options in SharePoint 2010. It then presents six sample extranet architecture scenarios with varying levels of security isolation between internal and external users. The document also discusses claims-based authentication, the Forefront Unified Access Gateway for external access, and using Forefront Identity Manager for identity management in an extranet.
This document discusses whether Windows Azure is the right cloud platform. It covers why cloud computing is beneficial as a utility service model, why Microsoft is well-positioned in the cloud with its breadth of offerings across platforms, and what types of scenarios are well-suited for the Windows Azure platform, such as applications with changing loads or seasonal usage patterns. It also addresses some challenges with cloud like data security and outlines steps to evaluate and adopt cloud computing like identifying opportunities, calculating total cost of ownership, and conducting proof of concepts.
This document discusses security in microservices architectures. It begins by comparing monolithic and microservices approaches. It then covers edge security using API gateways and OAuth 2.0 authorization. Other topics include service-to-service security using TLS mutual authentication, JSON Web Tokens (JWTs), and SPIFFE/SPIRE for identity management. Patterns like JWTs, nested JWTs, and token exchange are presented for secure communication between services. The document also discusses access control and policy evaluation using approaches like embedded policy decision points and the Open Policy Agent (OPA) framework.
This document discusses Cloud Native Identity Management using SPIFFE (Secure Production Identity Framework for Everyone) and SPIRE (SPIFFE Runtime Environment). It provides an overview of SPIFFE and SPIRE, including how they address identity management challenges in cloud-native environments. It then summarizes how SPIRE implements the SPIFFE specifications through a node attestation and workload attestation process where a SPIRE agent authenticates to a server, retrieves selectors to verify workloads, and issues signed identity documents when a workload matches the selectors.
This document provides guidelines for securing managed APIs. It discusses defining an API's audience and whether they are direct users or relying parties. It also covers bootstrapping trust either directly through user credentials or brokerd through a third party. The document then discusses various OAuth 2.0 grant types and federated access scenarios. It emphasizes using TLS, strong credentials, short-lived tokens, and access control to secure APIs and their communication.
This document discusses trends in identity and access management. It notes that identity standards like OpenID Connect are rising while others like SAML are fading. Authentication methods are shifting from traditional multi-factor authentication to continuous adaptive authentication. Privacy and centralized identity systems are concerns driving interest in self-sovereign identity models using blockchain and decentralized identifiers. Large countries are implementing national digital identity systems and blockchain may help improve transparency. The role of mobile identity is growing as phone numbers become integral identifiers.
This document discusses security considerations for microservices architectures. It covers edge security using API gateways, service-to-service authentication using TLS and JWT, access control using centralized and embedded policy decision points, deployment models like Docker and Kubernetes, and the use of sidecars and service meshes like Istio for security. Key challenges with microservices include a broader attack surface, performance issues, and complexity in deployment and observability across services.
The document discusses OAuth 2.0 security threats including session injection with CSRF, token leakage, token reuse/misuse, and token export. It provides details on the threats, victims, and best practices for mitigation. These include using short-lived authorization codes, TLS, proof-key-for-code-exchange, limiting grant types by client, white-listing redirect URIs, token binding, and enforcing throttle limits to prevent token misuse. The presentation encourages attendees to review their OAuth 2.0 implementations against these threats and ensure authorization servers follow security best practices.
This document provides an overview of the General Data Protection Regulation (GDPR) for identity architects. It discusses GDPR requirements such as data protection impact assessments, data processing records that must be maintained by controllers and processors, and data subject's rights. It also discusses principles of identity and access management design and best practices related to GDPR compliance. Finally, it includes links to Facebook and Google's cookie and data use policies.
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
This document discusses self-sovereign identity and decentralized identifiers (DIDs). It provides an overview of identity evolution from centralized to user-centric models. Self-sovereign identity allows individuals to control their digital identities across systems without relying on centralized authorities. DIDs are a new type of identifier that can be registered on a distributed ledger without a centralized registration authority. The document outlines the goals and components of DID specifications and describes how DIDs and verifiable claims work on networks like Sovrin to enable self-sovereign identity.
This document summarizes OAuth 2.0 threat landscapes and best practices for mitigation. It discusses threats such as CSRF, session injection, token leakage, IDP mix-up, and token reuse/misuse. Recommended mitigations include using the state parameter, PKCE, short-lived tokens, TLS, white-listing callback URLs, scoped tokens, audience restriction, OpenID Connect, and throttling. The document provides technical details on various OAuth 2.0 flows and threats as well as references to relevant IETF draft specifications.
Prabath Siriwardena is an expert in identity management who has authored books and articles on the topic. This document discusses key concepts in identity management including identity landscapes, federation, provisioning, access control, and governance. It also provides an overview of the speaker and describes various identity management demonstrations that will be shown, such as single sign-on, provisioning, access control, and securing APIs with OAuth.
Enterprise API adoption has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed.
This session focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question - and you need to deal with it quite carefully to identify and isolate the tradeoffs. Security is not an afterthought. It has to be an integral part of any development project - so as for APIs. API security has evolved a lot in last five years. This talk covers best practices in building an API Security Ecosystem with OAuth 2.0, UMA, SCIM, XACML and LDAP.
The document discusses the role of an identity broker and its key functions. An identity broker acts as a centralized hub that can connect to multiple identity providers and service providers in a protocol-agnostic manner. It allows for identity federation across different protocols and systems. The broker supports important identity management capabilities like claim transformation, home realm discovery, multi-factor authentication, adaptive authentication, identity mapping, attribute aggregation, and just-in-time provisioning in a centralized manner. Fifteen fundamentals of the identity broker pattern are described. The document also discusses the concept of an identity mediation language and seven fundamentals of future identity and access management.
Connected business is a very dynamic and complex environment. Your desire is to reach out to your customers, partners, distributors and suppliers and create more and more business interactions and activities, that will generate more revenue. The goal here is not just integrate technological silos, in your enterprise – but also make your business more accessible and reactive. The ability to propagate identities across borders in a protocol-agnostic manner is a core ingredient in producing a connected business environment.
SAML, OpenID, OpenID Connect, WS-Federation all support identity federation – cross domain authentication. But, can we always expect all the parties in a connected environment to support SAML, OpenID or OpenID Connect ? Most of the federation systems we see today are in silos. It can be a silo of SAML federation, a silo of OpenID Connect federation or a silo of OpenID federation.
Even in a given federation silo how do you scale with increasing number of service providers and identity providers? Each service provider has to trust each identity provider and this leads into the Spaghetti Identity anti-pattern.
Federation Silos and Spaghetti Identity are two anti-patterns that needs to be addressed in a connected environment.
This talk will present benefits, risks and challenges in a connected identity environment
The document outlines the evolution of internet identity from 1997 to the present, listing key events, technologies, and standards. It starts with early services like Hotmail and Yahoo in 1997 and continues through the development of platforms and standards like OpenID, OAuth, SAML, and newer initiatives for decentralized identity. The timeline shows the ongoing progression of identity management online from the first webmail services to current innovations in user-centric identity and authentication.
This document discusses next generation applications with Internet of Things (IoT) and cloud technologies. It notes that the number of devices connected to the internet exceeded the world's population in 2008 and will reach 50 billion devices connected by 2020. These devices will generate zetabytes of data. IoT applications are built on tiers including devices, integration, analytics and presentation layers facilitated through APIs. The document outlines WSO2's reference architecture for IoT and application development, as well as an app store and publisher components for a connected enterprise.
The document discusses various patterns for securing APIs in different enterprise scenarios. It outlines 12 different problem statements involving securing APIs that can only be accessed by employees via web/mobile applications, ensuring authentication and authorization, and integrating with identity providers while supporting single sign-on. The patterns cover securing APIs within and across departments, supporting third-party partners, non-repudiation of API calls, and securing APIs without changing the APIs or clients.
Prabath Siriwardena is the Director of Security Architecture at WSO2 and an Apache Axis2 PMC member. He maintains a blog on security and identity and has authored several books. The document then outlines the evolution of key identity standards and providers from Yahoo and Hotmail in the 1990s to the development of SAML, OpenID, OAuth and their adoption by major tech companies from the mid-2000s to the present.
This document discusses securing systems from security threats. It covers topics like perception of security, the CIA triad of confidentiality, integrity and availability. Examples of attacks are given like RSA in 2011, Adobe in 2013, and Target in 2013. The document discusses defense in depth using the LA airport as an example. Insider threats such as WikiLeaks and NSA are mentioned. Software security focuses on secure coding practices. Other security topics covered include operating system security, firewalls, intrusion detection systems, and the Heartbleed vulnerability.
This document summarizes the key features of an open source identity and entitlement management server. It provides authentication using LDAP, AD, JDBC and single sign-on using SAML2, Kerberos, WS-Fed and passive protocols. It also supports provisioning using SCIM and SPML and role based access control using XACML policies. The server allows for federation between identity providers and service providers.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
6. As
a
Service
?
Pay
per
use
Resource
Sharing
Self
service
provisioning
Unlimited
Resource
7. • In
public
– IaaS,
PaaS,
SaaS
available
on
the
Internet
– Use
one
of
the
cloud
service
providers
– Information
is
stored
and
managed
by
provider
under
SLA
• In
Private
– Have
a
cloud,
in-‐house
– IaaS
provides
by
hardware
on
your
data
centers
– PaaS
running
on
your
IaaS
– SaaS
executing
on
your
PaaS
• Or
use
both
– Hybrid
Cloud
11. • Public
Cloud
– Fast
time
to
market
– Makes
it
easier
to
write
scalable
code
• Private
Cloud
– Give
each
team
their
own
instant
infrastructure
– Govern
centrally
but
code
and
deploy
by
team
– Automated
governance,
registry,
identity
– Instant
BAM
12.
13. • Distributed
/
Dynamically
Wired
(works
properly
in
the
cloud)
– Finds
services
across
applications
– Reuse
services
from
other
departments
e.g.
People
information
required
by
all
of
Finance,
Engineering
and
Sales
• Elastic
(uses
the
cloud
efficiently)
– Scales
up
and
down
as
needed
– Some
departments
might
want
varying
resources
with
varying
bandwidth
with
varying
priority
• Multi-‐tenant
(only
costs
when
you
use
it)
– Virtual
isolated
instances
to
facilitate
isolation
between
departments
etc.
– e.g.
Sales
vs.
Finance
tenants.
Finance
want
complete
isolation
for
some
sensitive
services
• Self-‐service
(in
the
hands
of
users)
– De-‐centralized
creation
and
management
of
tenants
– No
need
to
come
to
IT
department
to
gain
access
–
served
via
portal
–
no
need
to
be
on
the
queue
or
waiting
list
• Granularly
Billed
and
Metered
(pay
for
just
what
you
use)
– Allocate
costs
to
exactly
who
uses
them
– Bill
and
cost
various
departments
per
use
– Get
rid
of
the
situations
where
unused
computing
assets
lying
in
one
department
while
the
other
departments
are
starving
for
the
same
• Incrementally
Deployed
and
Tested
(supports
seamless
live
upgrade)
– Not
disrupt
other
operations
14.
15.
16. Provider
IAAS
N
F
Application
N
F
Middleware
N
F
Guest
OS
F
N
Hypervisor
F
N
Storage
F
N
Hardware
Organization
F
N
Network
17. Provider
PAAS
M
L
Application
M
L
Middleware
F
N
Guest
OS
F
N
Hypervisor
F
N
Storage
F
N
Hardware
Organization
F
N
Network
18. Provider
SAAS
M
L
Application
F
N
Middleware
F
N
Guest
OS
F
N
Hypervisor
F
N
Storage
F
N
Hardware
Organization
F
N
Network
19. IaaS
PaaS
SaaS
Data
Organization
Organization
Organization
Applications
Organization
Shared
Service
Provider
Systems
Service
Provider
Service
Provider
Service
Provider
Storage
Service
Provider
Service
Provider
Service
Provider
Network
Service
Provider
Service
Provider
Service
Provider
21. Private
Public
Compliance
Organization
Service
Provider
Governance
Organization
Service
Provider
Security
Organization
Service
Provider
Operations
Organization
Service
Provider
Risk
Organization
Shared
Cloud
Owner
Organization
Service
Provider
or
leased
Use
limited
to
Organization
Public
27. • Can
be
used
to
give
departments
their
own
PaaS
world
to
operate
in
• Yet
all
share
same
hardware
resources
– Not
all
departments
need
resources
at
the
same
time
– Really
pay
per
use
– Opportunity
to
unify
departmental
level
small
server
pools
• Drastically
reduce
admin/management
costs
– One
software
installation
to
maintain
• Use
differentiated
QoS
28. Multi-‐tenancy
¡ Three
possible
ways
§ Machine
per
tenant
§ VM
per
tenant
§ Share
machine/VM
across
tenants
¡ Challenges
§ Data
isolation
§ Logic
isolation
§ Security
43. • Controls
over
identity
information
Identity
Management
• Strong
Identity
Management
system
for
cloud
personnel
• Large
scale
needs
for
authenticating
cloud
tenants
and
users
• Federated
Identity
• Audits
for
legal
activities
• Identity
Recycle?
• Means
to
verify
assertions
of
identity
by
cloud
provider
personnel
44. • Cloud
personnel
shall
have
restricted
access
to
Access
Management
the
customer
data
• Multifactor
authentication
for
highly
privileged
operations
• Large
scale
needs
for
authenticating
cloud
tenants
and
users
• Least
privileged
principal
and
RBAC
• White-‐listed
IPs
for
remote
access
by
cloud
personnel
45. • Encryption
the
key
to
protect
data
in
transit
and
at
rest
Key
Management
• All
keys
secured
properly
• Effective
procedures
to
recover
from
compromised
keys
• Effective
procedures
for
key
revocation
46. System
&
Network
Auditing
• All
security
related
events
must
be
recorded
with
all
relevant
information
• Generated
audit
events
must
be
logged
in
near
real-‐time
manner
• Integrity
&
confidentiality
of
audit
logs
should
be
protected
• Audit
logs
needs
to
be
securely
archived
47. • Generation
of
alerts
in
recognition
of
a
critical
Security
Monitoring
security
breach
• Delivery
of
security
alerts
in
deferent
means
securely
• Cloud
wide
intrusion
and
anomaly
detection
• Periodic
checks
to
make
sure
monitoring
system
runs
healthy
48. • Well
defined
set
of
security
test
cases
• Separate
environments
for
development,
Security
Testing
testing,
staging
and
production
• Patch
management
49. System
&
Network
Controls
• Should
be
implemented
for
infrastructure
systems
• Network
isolation
in
between
different
functional
areas
in
the
cloud
• Assure
the
integrity
of
OSes,
VM
images
and
infrastructure
applications
• Isolation
between
different
VMs
50. • Abuse
&
nefarious
use
of
cloud
computing
• Password/key
cracking,
DDOS,
CAPTCH
solving
farms,
building
rainbow
tables
• Insecure
interfaces
and
APIs
• Malicious
insiders
• Shared
technology
issues
• Data
loss
and
leakage
• Account
or
service
hijacking
• Unknown
risk
profile