The document discusses Square, an expert in global Apple deployments. It outlines their challenge of deploying and managing over 200 Macs across 6 locations in 3 continents with only 2 support specialists. Key considerations for the deployment included choosing servers for the JSS and distribution points, JSS setup, security, package replication, and imaging processes. Possible imaging workflows like pre-stage, quickadd, and custom quickadd are described. Next steps mentioned involve cloud storage and VM environment integration.
A stretched cluster connects data centers across different sites with shared storage and live migration capabilities. It provides both disaster avoidance and recovery benefits. Key requirements include low latency storage replication, sufficient network bandwidth for vMotion, and considerations for split-brain scenarios. While it improves availability during localized failures, a stretched cluster has limitations compared to independent disaster recovery sites. Additional sites or a traditional DR configuration provide multiple levels of protection.
This document discusses recommended architectures and best practices for deploying Hadoop on VMware vSphere. It recommends deploying Hadoop nodes across multiple virtualization hosts with 10Gb networking for high performance. The standard deployment places data nodes on shared storage and task trackers on local disks. It also discusses planning the cluster size, hardware requirements including CPU, memory, storage and networking considerations. Configuration recommendations include using NTP, proper virtual disk settings, enabling NUMA and avoiding overcommitting resources.
This document summarizes a presentation about extending Linux critical business services to dual-active NVMe-oF storage. It discusses using clustered MD RAID and shared logical volumes to achieve active-active NVMe-oF storage across data centers. It also covers challenges in maintaining high availability when network or storage failures occur and opportunities to improve cluster RAID10 and RAID5 support.
Brocade: Storage Networking For the Virtual Enterprise EMC
The document discusses storage networking technologies for virtualized environments. It summarizes Brocade's Fibre Channel fabrics for scaling SANs across data centers through technologies like In-Chassis Links (ICLs) and Ethernet fabrics for supporting protocols like FCoE, iSCSI, and NAS. It also discusses capabilities for improving metro connectivity, automating management through tools like Brocade Network Advisor, and enhancing performance for virtual desktop infrastructures (VDIs) and other emerging workloads.
Data center networks generally follow regular topologies, but these topologies can have various unique configurations, from a simple two-tier leaf and spine to a massive multi-tier scale-out model. The large amount of physical interconnections and the various patterns with which they connect introduce complexity into the management of the wiring plant. And this complexity can lead to errors during the physical build-out of the network.
Cumulus Networks created the Prescriptive Topology Manager (PTM) to give data center operators a new tool with which to perform a strict wiring validation and more. PTM introduces a software abstraction layer that ensures certain wiring rules are followed by doing a simple runtime verification of connectivity as determined by an operator’s specified wiring plan. This “prescriptive” layer dynamically ensures the desired logical topology and can take some defined actions based on the results of the topology verification, including running scripts and communicating with the Quagga routing protocol suite.
View webinar here: go.cumulusnetworks.com/ptm
The document provides information about virtual machine extensions (VMX) on Juniper Networks routers. It discusses hardware virtualization concepts including guest virtual machines running on a host machine. It then describes the different types of virtualization including fully virtualized, para-virtualized, and hardware-assisted. The rest of the document goes into details about the VMX product, architecture, forwarding model, and performance considerations for different use cases.
Medtronic had challenges virtualizing large workloads over 1Gb connections with vMotion failures in ESX 4.1. Upgrading to ESX 5.0 enabled features like multiple-NIC vMotion and Stun During Page-Send (SDPS) to improve performance for migrating large VMs. Using multiple 10Gb NICs for vMotion provided more bandwidth and reduced migration times. Quality of service (QoS) was important to prioritize traffic and avoid overwhelming switch interconnects when not using dedicated vMotion switches. Medtronic deployed a solution with UCS servers, Nexus 1000v switches, and four 10Gb FCoE NICs per host, achieving a 157:1 consolidation ratio while successfully
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
The document discusses routing on hosts using Cumulus Quagga. It provides an introduction and agenda, then covers using BGP between servers and leaf switches to advertise host routes. Several case studies are presented, including replacing MLAG, dual-attach servers to avoid vendor lock-in, and using routing on containers to improve performance over NAT. Configuration details and scaling are also discussed.
A stretched cluster connects data centers across different sites with shared storage and live migration capabilities. It provides both disaster avoidance and recovery benefits. Key requirements include low latency storage replication, sufficient network bandwidth for vMotion, and considerations for split-brain scenarios. While it improves availability during localized failures, a stretched cluster has limitations compared to independent disaster recovery sites. Additional sites or a traditional DR configuration provide multiple levels of protection.
This document discusses recommended architectures and best practices for deploying Hadoop on VMware vSphere. It recommends deploying Hadoop nodes across multiple virtualization hosts with 10Gb networking for high performance. The standard deployment places data nodes on shared storage and task trackers on local disks. It also discusses planning the cluster size, hardware requirements including CPU, memory, storage and networking considerations. Configuration recommendations include using NTP, proper virtual disk settings, enabling NUMA and avoiding overcommitting resources.
This document summarizes a presentation about extending Linux critical business services to dual-active NVMe-oF storage. It discusses using clustered MD RAID and shared logical volumes to achieve active-active NVMe-oF storage across data centers. It also covers challenges in maintaining high availability when network or storage failures occur and opportunities to improve cluster RAID10 and RAID5 support.
Brocade: Storage Networking For the Virtual Enterprise EMC
The document discusses storage networking technologies for virtualized environments. It summarizes Brocade's Fibre Channel fabrics for scaling SANs across data centers through technologies like In-Chassis Links (ICLs) and Ethernet fabrics for supporting protocols like FCoE, iSCSI, and NAS. It also discusses capabilities for improving metro connectivity, automating management through tools like Brocade Network Advisor, and enhancing performance for virtual desktop infrastructures (VDIs) and other emerging workloads.
Data center networks generally follow regular topologies, but these topologies can have various unique configurations, from a simple two-tier leaf and spine to a massive multi-tier scale-out model. The large amount of physical interconnections and the various patterns with which they connect introduce complexity into the management of the wiring plant. And this complexity can lead to errors during the physical build-out of the network.
Cumulus Networks created the Prescriptive Topology Manager (PTM) to give data center operators a new tool with which to perform a strict wiring validation and more. PTM introduces a software abstraction layer that ensures certain wiring rules are followed by doing a simple runtime verification of connectivity as determined by an operator’s specified wiring plan. This “prescriptive” layer dynamically ensures the desired logical topology and can take some defined actions based on the results of the topology verification, including running scripts and communicating with the Quagga routing protocol suite.
View webinar here: go.cumulusnetworks.com/ptm
The document provides information about virtual machine extensions (VMX) on Juniper Networks routers. It discusses hardware virtualization concepts including guest virtual machines running on a host machine. It then describes the different types of virtualization including fully virtualized, para-virtualized, and hardware-assisted. The rest of the document goes into details about the VMX product, architecture, forwarding model, and performance considerations for different use cases.
Medtronic had challenges virtualizing large workloads over 1Gb connections with vMotion failures in ESX 4.1. Upgrading to ESX 5.0 enabled features like multiple-NIC vMotion and Stun During Page-Send (SDPS) to improve performance for migrating large VMs. Using multiple 10Gb NICs for vMotion provided more bandwidth and reduced migration times. Quality of service (QoS) was important to prioritize traffic and avoid overwhelming switch interconnects when not using dedicated vMotion switches. Medtronic deployed a solution with UCS servers, Nexus 1000v switches, and four 10Gb FCoE NICs per host, achieving a 157:1 consolidation ratio while successfully
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
The document discusses routing on hosts using Cumulus Quagga. It provides an introduction and agenda, then covers using BGP between servers and leaf switches to advertise host routes. Several case studies are presented, including replacing MLAG, dual-attach servers to avoid vendor lock-in, and using routing on containers to improve performance over NAT. Configuration details and scaling are also discussed.
1) The document discusses how to configure port forwarding (virtual server) on various ASUS router models to allow remote access to network services and applications like BitTorrent that normally cannot be accessed from outside the local network due to NAT.
2) It provides examples of setting up port forwarding for BitTorrent on WL-5xx, WL-600g, WL-700gE, RX3041/SL200, and SL500/SL1000/SL1200 routers, with screenshots of the configuration pages and steps to configure the external and internal ports and the local server IP address.
3) In addition to BitTorrent, it lists many common network services, protocols, and applications along with their default TCP
This document summarizes the new features and changes in Cumulus Linux version 2.5.5, including support for new hardware platforms, enhancements to network virtualization functionality like LNV and VXLAN, a new management VRF, IPv6 resilient hashing, BFD enhancements, RMP enhancements, integration with Nutanix monitoring, and a new netshow troubleshooting tool.
CloudStack comes with a built-in SDN controller. One way of implementing SDN is to build overlay networks in the Data Center. This slideshow explains how CloudStack builds and maintains GRE tunnel overlays to provide scalable multi-tenant networking for cloud deployments
IBM Easy-Connect provides simplified networking capabilities for IBM PureFlex systems. It operates in either transparent mode or multi-chassis mode. Transparent mode makes the system appear as a "dumb" switch to the edge switch, eliminating the need for spanning tree protocol. Multi-chassis mode allows traffic consolidation across chassis. Easy-Connect supports both intra-chassis and inter-chassis switching for high performance without requiring complex network integration or configuration. Customer examples show how it can provide simple, redundant, or dedicated uplink connectivity for various workloads.
The document summarizes a webinar on network architecture for containers presented by JR Rivers of Cumulus Networks and Sasha Ratkovic of Apstra. It discusses how compute requirements continue growing, forcing enterprises to adopt techniques from web-scale companies like multi-tenancy, network virtualization, and automation. It then highlights how Cumulus Linux and Apstra work together to enable high-scale container deployments through IP fabrics, automation, and continuous monitoring. The webinar demonstrates defining network intent, automatic configuration of Cumulus Linux without deep knowledge, validating infrastructure deployments, and answering questions about the solution.
VRF (Virtual Routing and Forwarding) provides logical isolation of routing domains within a physical network. The document discusses VRF support in Linux kernels and Cumulus Linux. It provides examples of VRF configuration and management, including interface assignment, routing protocols, and troubleshooting tools. VRF allows multiple routing instances to operate on the same physical router or switch for improved network segmentation and security.
The document summarizes performance testing of database virtualization using Delphix. It describes:
1) Benchmarking OLTP and DSS workloads on original vs virtualized databases, finding similar performance.
2) Testing 2 concurrent original databases vs 2 virtualized databases sharing blocks, again with similar results.
3) Tools for monitoring database, storage, and network performance including scripts for Oracle I/O profiling (oramon.sh) and benchmarking disks and network throughput (fio.sh and netio).
This document discusses automating networking and compute with OpenStack using Cumulus Linux. It summarizes Cumulus Linux as a Linux distribution for open networking switches that allows disaggregation of networking hardware. It then provides an overview of OpenStack and its networking component Neutron, describing common implementations using VLANs, VXLAN, overlay controllers, and router VMs. It demonstrates how to set up MLAG and OpenStack automation under Cumulus Linux on switches and servers using tools like ONIE, ZTP, Puppet, and an out-of-band network for provisioning.
The document discusses NSX design and deployment considerations including:
1. Physical and logical infrastructure requirements for NSX including IP connectivity and MTU size.
2. Edge cluster design with options for collapsed or separated edge and infrastructure racks.
3. NSX manager and controller placement and sizing within management clusters.
4. Transport zone, VTEP, and VXLAN switching concepts which are fundamental to the NSX overlay architecture.
vPC techonology for full ha from dc core to baremetel server.Ajeet Singh
This document discusses a data center network design using Cisco Nexus switches in a leaf-spine topology with virtual port channels (vPCs) between the core, aggregation, and access layers for high availability. It includes configuration details for Cisco Nexus 5000 and 9500 series switches in the core and access layers with Cisco Nexus 2000 Fabric Extenders providing top-of-rack connectivity to bare-metal servers. vPCs are configured between the core switches, down to the access switches, and to the server ports for redundancy and load distribution.
The document discusses network virtualization techniques for data center networks. It begins with an overview of problems with legacy approaches such as limited VLAN span and lack of multi-tenancy support. It then covers various virtualization techniques including VXLAN, network overlays using hypervisors, and Contrail for L2/L3 overlays with multi-tenant VRF support. The presentation concludes with a demo overview of Contrail for virtual network configuration, control and management planes, and dynamic service insertion.
The document discusses four OpenSolaris projects - Network Auto-Magic, Clearview, Brussels, and Crossbow - that aim to simplify and enhance network administration on the Solaris platform. Network Auto-Magic seeks to automate basic network configuration. Clearview aims to unify and enhance features across different network interfaces. Brussels looks to simplify network interface configuration and tuning. Crossbow integrates network interface virtualization and resource management.
This document provides an overview of NPower Michigan's mission to help nonprofits use technology. It discusses various technology services NPower offers including technology assessments, workshops, and project work. It also covers topics such as local and wide area networks, internet connections, networking equipment, wireless networking, routers, switches, printers, file sharing solutions and best practices.
Marek discusses how his company Faelix uses MikroTik hardware and RouterOS at their network edges to route over 600k IPv4 and 30k IPv6 routes. While there were some initial issues, MikroTik has proven reliable and cost-effective. Marek then explains how Faelix implements firewalling with zero filter rules through a multi-step process. They use fail2ban to block brute force attacks, AMQP to share block lists across routers, and destination NAT misbehaving traffic. Most importantly, they leverage the "/ip route rule" feature to route blocked traffic to a separate routing table for easy isolation without complex firewall rules.
Keeping your rack cool with one "/IP route rule"Faelix Ltd
This document discusses how Faelix, an ISP, uses MikroTik hardware and RouterOS at their provider edge to route over 600k IPv4 routes and 30k IPv6 routes. They initially migrated from Quagga and BIRD on Linux servers to MikroTik due to its energy efficiency and affordable hardware. While there were some bugs experienced, MikroTik has proven reliable overall. The document then explains how Faelix is able to firewall traffic with zero filter rules using a single "/ip route rule" to mark and route traffic to a separate routing table based on address lists from fail2ban and AMQP. This allows blocking of attacking traffic at the provider edge across multiple data centers in a
Cloud Networking is not Virtual Networking - London VMUG 20130425Greg Ferro
Talking how and why virtual networking that we use today is not suitable for use in Cloud deployments. First I talk about the gap between "server" & "networks", then discuss the problems of virtual networking that we use today. Then into using software appliances instead of physical devices by highlighting the good & bad.
Then a brief overview of Software Defined Networking and how it will impact Cloud Networking in the next two years,
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPAPNIC
This document discusses implementing DNS Response Policy Zones (RPZ) to provide secure internet access for all users without requiring new hardware or client-side changes. It describes considerations for RPZ, how RPZ works to block malicious DNS resolutions, the components of a real-world implementation case study at a major Bangladeshi ISP, and monitoring results showing over 1.3 million queries to RPZ zones on the first day.
Over 91% percent malware uses DNS(As Cisco 2016 Annual Cyber security report).Nearly all the cryptominer stuffs uses DNS based C&C(As Cisco 2016 Annual Cyber security report)
RPZ allows a recursive server to control the behavior of responses to queries.Administrator to overlay custom information on
top of the global DNS to provide alternate responses to queries.
RPZ data is supplied as a DNS zone, and can be
loaded from a file or retrieved over the network by AXFR/IXFR.It works like firewall on cloud.DNS RPZ will block DNS resolution, machines connecting to the C&C via IP add
1) The document discusses how to configure port forwarding (virtual server) on various ASUS router models to allow remote access to network services and applications like BitTorrent that normally cannot be accessed from outside the local network due to NAT.
2) It provides examples of setting up port forwarding for BitTorrent on WL-5xx, WL-600g, WL-700gE, RX3041/SL200, and SL500/SL1000/SL1200 routers, with screenshots of the configuration pages and steps to configure the external and internal ports and the local server IP address.
3) In addition to BitTorrent, it lists many common network services, protocols, and applications along with their default TCP
This document summarizes the new features and changes in Cumulus Linux version 2.5.5, including support for new hardware platforms, enhancements to network virtualization functionality like LNV and VXLAN, a new management VRF, IPv6 resilient hashing, BFD enhancements, RMP enhancements, integration with Nutanix monitoring, and a new netshow troubleshooting tool.
CloudStack comes with a built-in SDN controller. One way of implementing SDN is to build overlay networks in the Data Center. This slideshow explains how CloudStack builds and maintains GRE tunnel overlays to provide scalable multi-tenant networking for cloud deployments
IBM Easy-Connect provides simplified networking capabilities for IBM PureFlex systems. It operates in either transparent mode or multi-chassis mode. Transparent mode makes the system appear as a "dumb" switch to the edge switch, eliminating the need for spanning tree protocol. Multi-chassis mode allows traffic consolidation across chassis. Easy-Connect supports both intra-chassis and inter-chassis switching for high performance without requiring complex network integration or configuration. Customer examples show how it can provide simple, redundant, or dedicated uplink connectivity for various workloads.
The document summarizes a webinar on network architecture for containers presented by JR Rivers of Cumulus Networks and Sasha Ratkovic of Apstra. It discusses how compute requirements continue growing, forcing enterprises to adopt techniques from web-scale companies like multi-tenancy, network virtualization, and automation. It then highlights how Cumulus Linux and Apstra work together to enable high-scale container deployments through IP fabrics, automation, and continuous monitoring. The webinar demonstrates defining network intent, automatic configuration of Cumulus Linux without deep knowledge, validating infrastructure deployments, and answering questions about the solution.
VRF (Virtual Routing and Forwarding) provides logical isolation of routing domains within a physical network. The document discusses VRF support in Linux kernels and Cumulus Linux. It provides examples of VRF configuration and management, including interface assignment, routing protocols, and troubleshooting tools. VRF allows multiple routing instances to operate on the same physical router or switch for improved network segmentation and security.
The document summarizes performance testing of database virtualization using Delphix. It describes:
1) Benchmarking OLTP and DSS workloads on original vs virtualized databases, finding similar performance.
2) Testing 2 concurrent original databases vs 2 virtualized databases sharing blocks, again with similar results.
3) Tools for monitoring database, storage, and network performance including scripts for Oracle I/O profiling (oramon.sh) and benchmarking disks and network throughput (fio.sh and netio).
This document discusses automating networking and compute with OpenStack using Cumulus Linux. It summarizes Cumulus Linux as a Linux distribution for open networking switches that allows disaggregation of networking hardware. It then provides an overview of OpenStack and its networking component Neutron, describing common implementations using VLANs, VXLAN, overlay controllers, and router VMs. It demonstrates how to set up MLAG and OpenStack automation under Cumulus Linux on switches and servers using tools like ONIE, ZTP, Puppet, and an out-of-band network for provisioning.
The document discusses NSX design and deployment considerations including:
1. Physical and logical infrastructure requirements for NSX including IP connectivity and MTU size.
2. Edge cluster design with options for collapsed or separated edge and infrastructure racks.
3. NSX manager and controller placement and sizing within management clusters.
4. Transport zone, VTEP, and VXLAN switching concepts which are fundamental to the NSX overlay architecture.
vPC techonology for full ha from dc core to baremetel server.Ajeet Singh
This document discusses a data center network design using Cisco Nexus switches in a leaf-spine topology with virtual port channels (vPCs) between the core, aggregation, and access layers for high availability. It includes configuration details for Cisco Nexus 5000 and 9500 series switches in the core and access layers with Cisco Nexus 2000 Fabric Extenders providing top-of-rack connectivity to bare-metal servers. vPCs are configured between the core switches, down to the access switches, and to the server ports for redundancy and load distribution.
The document discusses network virtualization techniques for data center networks. It begins with an overview of problems with legacy approaches such as limited VLAN span and lack of multi-tenancy support. It then covers various virtualization techniques including VXLAN, network overlays using hypervisors, and Contrail for L2/L3 overlays with multi-tenant VRF support. The presentation concludes with a demo overview of Contrail for virtual network configuration, control and management planes, and dynamic service insertion.
The document discusses four OpenSolaris projects - Network Auto-Magic, Clearview, Brussels, and Crossbow - that aim to simplify and enhance network administration on the Solaris platform. Network Auto-Magic seeks to automate basic network configuration. Clearview aims to unify and enhance features across different network interfaces. Brussels looks to simplify network interface configuration and tuning. Crossbow integrates network interface virtualization and resource management.
This document provides an overview of NPower Michigan's mission to help nonprofits use technology. It discusses various technology services NPower offers including technology assessments, workshops, and project work. It also covers topics such as local and wide area networks, internet connections, networking equipment, wireless networking, routers, switches, printers, file sharing solutions and best practices.
Marek discusses how his company Faelix uses MikroTik hardware and RouterOS at their network edges to route over 600k IPv4 and 30k IPv6 routes. While there were some initial issues, MikroTik has proven reliable and cost-effective. Marek then explains how Faelix implements firewalling with zero filter rules through a multi-step process. They use fail2ban to block brute force attacks, AMQP to share block lists across routers, and destination NAT misbehaving traffic. Most importantly, they leverage the "/ip route rule" feature to route blocked traffic to a separate routing table for easy isolation without complex firewall rules.
Keeping your rack cool with one "/IP route rule"Faelix Ltd
This document discusses how Faelix, an ISP, uses MikroTik hardware and RouterOS at their provider edge to route over 600k IPv4 routes and 30k IPv6 routes. They initially migrated from Quagga and BIRD on Linux servers to MikroTik due to its energy efficiency and affordable hardware. While there were some bugs experienced, MikroTik has proven reliable overall. The document then explains how Faelix is able to firewall traffic with zero filter rules using a single "/ip route rule" to mark and route traffic to a separate routing table based on address lists from fail2ban and AMQP. This allows blocking of attacking traffic at the provider edge across multiple data centers in a
Cloud Networking is not Virtual Networking - London VMUG 20130425Greg Ferro
Talking how and why virtual networking that we use today is not suitable for use in Cloud deployments. First I talk about the gap between "server" & "networks", then discuss the problems of virtual networking that we use today. Then into using software appliances instead of physical devices by highlighting the good & bad.
Then a brief overview of Software Defined Networking and how it will impact Cloud Networking in the next two years,
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPAPNIC
This document discusses implementing DNS Response Policy Zones (RPZ) to provide secure internet access for all users without requiring new hardware or client-side changes. It describes considerations for RPZ, how RPZ works to block malicious DNS resolutions, the components of a real-world implementation case study at a major Bangladeshi ISP, and monitoring results showing over 1.3 million queries to RPZ zones on the first day.
Over 91% percent malware uses DNS(As Cisco 2016 Annual Cyber security report).Nearly all the cryptominer stuffs uses DNS based C&C(As Cisco 2016 Annual Cyber security report)
RPZ allows a recursive server to control the behavior of responses to queries.Administrator to overlay custom information on
top of the global DNS to provide alternate responses to queries.
RPZ data is supplied as a DNS zone, and can be
loaded from a file or retrieved over the network by AXFR/IXFR.It works like firewall on cloud.DNS RPZ will block DNS resolution, machines connecting to the C&C via IP add
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014ozkan01
The document discusses network challenges and solutions for virtualized environments like OpenStack. It covers issues with traditional network approaches and limitations around scalability, programmability and multi-tenancy support. It then introduces Contrail as a network virtualization solution to address these issues by providing an L2/L3 overlay, network services insertion and centralized management of physical and virtual network functions.
GRX is the global private network where telecom network operators exchange GPRS roaming traffic of their users. It’s also used for all M2M networks where roaming is used, and that is the case from some company’s truck fleet management system down to intelligence GPS location spybug tracking system.
GPRS has been there from 2.5G GSM networks to the upcoming LTE Advanced networks, and is now quite widespread technology, along with its attacks. GRX has had a structuring role in the global telecom world at a time where IP dominance was beginning to be acknowledged. Now it has expanded to a lightweight structure using both IP technologies and ITU-originated protocols.
In this presentation, we’ll see how this infrastructure is protected and how it can be attacked. We’ll discover the issues with specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see the implications of this with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several vulnerabilities that we will be showing in this speech.
We will demo some of the attacks on a simulated “PS Domain” network, that it the IP part of the Telecom Core Network that transports customers’ traffic, and investigate its relationships with legacy SS7, SIGTRAN IP backbones, M2M private corporate VPNs and telecom billing systems. We will also seem how automation enable us to succeed at attacks which are hard to perform and will show how a “sentinel” attack was able to compromise a telecom Core Network during one penetration test.
Network Automation (Bay Area Juniper Networks Meetup)Alejandro Salinas
Network Automation provides three examples of network automation projects and their learnings:
1. A script to find a host and change its VLAN using Python showed that small, focused scripts are good starting points and don't require extensive systems.
2. Automating a new datacenter configuration using Python templates and YAML files helped manage crises by standardizing cabling and configurations. Permanently improving requires focusing on delivery over systems.
3. Exposing network data through a REST API allowed querying operational status, configurations, and security policies. Sharing information benefits teams and moves beyond just automating the network team's work.
The document discusses security issues with IPv6 and proposed mitigation techniques. It covers topics such as router advertisements, neighbor discovery protocol, and fragmentation. Specifically, it notes that router advertisements and neighbor solicitations are not authenticated by default, allowing for spoofing attacks. The document proposes several mitigation approaches including cryptographically generated addresses, router authorization, port access control lists, and host isolation to secure IPv6 networks.
Networking in CloudStack is full-featured, full of bells and whistles and by necessity complicated. This session will take cloud operators through the ins-and-outs of CloudStack Networking. Attendees will learn the motivations behind how CloudStack networking is architected, solutions to common networking requirements, gotchas, troubleshooting CloudStack networking and finally some future directions for theses features.
It is assumed that the audience will have some experience administering CloudStack clouds.
What CloudStackers Need To Know About LINSTOR/DRBDShapeBlue
Philipp explains the best performing Open Source software-defined storage software available to Apache CloudStack today. It consists of two well-concerted components. LINSTOR and DRBD. Each of them also has its independent use cases, where it is deployed alone. In this presentation, the combination of these two is examined. They form the control plane and the data plane of the SDS. We will touch on: Performance, scalability, hyper-convergence (data-locality for high IO performance), resiliency through data replication (synchronous within a site, 2-way, 3-way, or more), snapshots, backup (to S3), encryption at rest, deduplication, compression, placement policies (regarding failure domains), management CLI and webGUI, monitoring interface, self-healing (restoring redundancy after device/node failure), the federation of multiple sites (async mirroring and repeatedly snapshot difference shipping), QoS control (noisy neighbors limitation) and of course: complete integration with CloudStack for KVM guests. It is Open Source software following the Unix philosophy. Each component solves one task, made for maximal re-usability. The solution leverages the Linux kernel, LVM and/or ZFS, and many Open Source software libraries. Building on these giant Open Source foundations, not only saves LINBIT from re-inventing the wheels, it also empowers your day 2 operation teams since they are already familiar with these technologies.
Philipp Reisner is one of the founders and CEO of LINBIT in Vienna/Austria. He holds a Dipl.-Ing. (comparable to MSc) degree in computer science from Technical University in Vienna. His professional career has been dominated by developing DRBD, a storage replication software for Linux. While in the early years (2001) this was writing kernel code, today he leads a company of 30 employees with locations in Austria and the USA. LINBIT is an Open Source company offering enterprise-level support subscriptions for its Open Source technologies.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
Agenda
• IEC 62443 IACS standard
• Scope and why
• DHCP protocol and how it works
• DHCP’s Vulnerabilities
• Types of Cyber Attacks to DHCP
• Defense by network security DHCP Snooping
• Korenix products with advanced security features
This document provides guidance on setting up a Linux server at home. It discusses reasons you may need a home server, such as for storage, routing, or hosting personal projects. It then offers recommendations for hardware, distributions, partitioning, encryption, disabling unnecessary services, software updates, logging, security practices, network configuration, SSH hardening, configuration security, user setup, and kernel settings. The goal is to have a secure home server for various uses.
Session at ContainerDay Security 2023 on the 8th of March in Hamburg.
Cilium is the next generation, eBPF powered open-source Cloud Native Networking solution, providing security, observability, scalability, and superior performance. Cilium is an incubating project under CNCF and the leading CNI for Kubernetes. In this session we will introduce the fundamentals of Cilium Network Policies and the basics of application-aware and Identity-based Security. We will discuss the default-allow and default-deny approaches and visualize the corresponding ingress and egress connections. Using the Network Policy Editor we will be able to demonstrate how a Cilium Network Policy looks like and what they mean on a given Kubernetes cluster. Additionally, we will walk through different examples and demonstrate how application traffic can be observed with Hubble and show how you can use the Network Policy Editor to apply new Cilium Network Policies for your workloads. Finally, we’ll demonstrate how Tetragon provides eBPF-based transparent security observability combined with real-time runtime enforcement.
The document discusses the challenges of traditional physical network environments and proposes a software-defined networking (SDN) approach using virtual networks. Specifically, it proposes:
1. Implementing logical environments as classes of service on shared infrastructure using L2 overlay networks within an L3 network for developer environments.
2. Isolating the virtual networks from the physical infrastructure using Open vSwitch and STT tunneling with controllers from Nicira.
3. Routing the virtual networks out through perimeter firewalls to provide access similar to developers' desktops while keeping traffic isolated.
Similar to Square i minneapolis presentation v1.1 (20)
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
11. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
12. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
‣ Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
13. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
‣ Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
‣ International Apple Support Centres
14. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
‣ Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
‣ International Apple Support Centres
‣ 42 Square Design & Marketing Communications
17. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
18. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
‣ Only 2 Mac Support specialists based in London and New York
19. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
‣ Only 2 Mac Support specialists based in London and New York
‣ Being able to work with and re-purpose existing ‘standard’ packages
20. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
‣ Only 2 Mac Support specialists based in London and New York
‣ Being able to work with and re-purpose existing ‘standard’ packages
‣ 6 locations in 3 Continents - Distributing the Distribution Points!
24. Considerations
‣ Choice of the Server for the JSS
‣ Choice of the Server for the Distribution Point
25. Considerations
‣ Choice of the Server for the JSS
‣ Choice of the Server for the Distribution Point
‣ JSS setup
26. Considerations
‣ Choice of the Server for the JSS
‣ Choice of the Server for the Distribution Point
‣ JSS setup
‣ Security
27. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point
‣ JSS setup
‣ Security
28. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point ‣ Replication servers
‣ JSS setup
‣ Security
29. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point ‣ Replication servers
‣ JSS setup ‣ Imaging Process
‣ Security
30. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point ‣ Replication servers
‣ JSS setup ‣ Imaging Process
‣ Security ‣ What is Next? (In few words)
48. Network Setup
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
49. Network Setup
‣ Casper servers are clustered
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
50. Network Setup
‣ Casper servers are clustered
‣ Outside the LAN, managed devices
will check in from the dmz
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
51. Network Setup
‣ Casper servers are clustered ‣ Only one port transits from DMZ to LAN 3306
(MySQL)
‣ Outside the LAN, managed devices
will check in from the dmz
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
52. Network Setup
‣ Casper servers are clustered ‣ Only one port transits from DMZ to LAN 3306
(MySQL)
‣ Outside the LAN, managed devices
will check in from the dmz ‣ Change of the JSS database password
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
65. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
66. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
67. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
rsync via ssh tunnel
68. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
rsync via ssh tunnel
#rsync -avrpogz --delete -e ssh root@myjssserver:"Source" "Destination" >>yourlogfile
74. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
75. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
Computer is automatically imaged
76. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
Computer is automatically imaged
Computer is ready to be given to the end user
80. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
81. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
Computer is added to the inventory
82. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
Computer is added to the inventory
The policies are triggered automatically according to the network segment
86. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
87. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
88. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
Computer is added to the inventory
89. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
Computer is added to the inventory
The policies are triggered automatically according to the Extended attributes set by the user.