Take a sprinkling of Windows 7, add Windows Server 2008 R2, IPv6 and IPsec and you have a solution that will allow direct access to your corporate network without the need for VPNs. Come to these demo-rich sessions and learn how to integrate DirectAccess into your environment. In Part 1 learn about IPv6 addressing, host configuration and transitioning technologies including 6to4, ISATAP, Teredo and IPHTTPS. Through a series of demos learn how to build an IPv6 Network and interoperate with IPv4 networks and hosts. In Part 2 we add the details of IPSec, and components that are only available with Windows 7 and Windows Server 2008 R2 to build the DirectAccess infrastructure. Learn how to control access to corporate resources and manage Internet connected PCs through group policy. Part 1 is highly recommended as a prerequisite for Part 2.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.Louis Göhl
Take a sprinkling of Windows 7, add Windows Server 2008 R2, IPv6 and IPsec and you have a solution that will allow direct access to your corporate network without the need for VPNs. Come to these demo-rich sessions and learn how to integrate DirectAccess into your environment. In Part 1 learn about IPv6 addressing, host configuration and transitioning technologies including 6to4, ISATAP, Teredo and IPHTTPS. Through a series of demos learn how to build an IPv6 Network and interoperate with IPv4 networks and hosts. In Part 2 we add the details of IPSec, and components that are only available with Windows 7 and Windows Server 2008 R2 to build the DirectAccess infrastructure. Learn how to control access to corporate resources and manage Internet connected PCs through group policy. Part 1 is highly recommended as a prerequisite for Part 2.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.Louis Göhl
Take a sprinkling of Windows 7, add Windows Server 2008 R2, IPv6 and IPsec and you have a solution that will allow direct access to your corporate network without the need for VPNs. Come to these demo-rich sessions and learn how to integrate DirectAccess into your environment. In Part 1 learn about IPv6 addressing, host configuration and transitioning technologies including 6to4, ISATAP, Teredo and IPHTTPS. Through a series of demos learn how to build an IPv6 Network and interoperate with IPv4 networks and hosts. In Part 2 we add the details of IPSec, and components that are only available with Windows 7 and Windows Server 2008 R2 to build the DirectAccess infrastructure. Learn how to control access to corporate resources and manage Internet connected PCs through group policy. Part 1 is highly recommended as a prerequisite for Part 2.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
Transparant werken met Direct Access. De mogelijkheden van Direct Access
Het nieuwe werken. Thuis, onderweg, bij een klant of op de zaak. Overal waar u bent wilt u dezelfde gebruikerservaring hebben. Met Direct Access is uw laptop met internetvoorziening altijd onderdeel van uw bedrijfsnetwerk. Zo kunt u altijd bij uw bestanden en behoort de complexiteit van VPN connecties tot het grijze verleden! Deze oplossing is perfect voor iedere bedrijfsgrootte, van klein-MKB tot grote enterprise ondernemingen.
Presentation at Networkshop46.
Putting the "network" in Networkshop46, this session contains the lessons we've learned over the past year in operating campus networks. What has gone wrong, what has gone right, and wondering how it ever worked in the first place.
Construction, disruption and fibre moves, by Mark Franklin, University of Sheffield.
IPv6 @ the STFC, by Philip Garrad, Science and Technology Facilities Council (STFC).
Reprocuring a large campus network, part one, by Sam Wilson, University of Edinburgh.
NAT (network address translation) & PAT (port address translation)Netwax Lab
Network Address Translation (NAT) is designed for IP address conservation. It enables private IP
networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router,
usually connecting two networks together, and translates the private (not globally unique) addresses in
the internal network into legal addresses, before packets are forwarded to another network.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
You may have hoped to retire before IPv6 became a reality, but unfortunately the IPv4 address exhaustion came too fast. For the rest of us, we’re going to bite off a small piece of the 15-year old IPv6 pie and talk about how to get started!
• Address format refresher
• IPv4 and IPv6 protocol comparison
• IPv6 neighbor discovery and auto-configuration
• Current migration and coexistence strategies
• ICMPv6, DHCPv6, and DNSv6
• How to get started at home
Transparant werken met Direct Access. De mogelijkheden van Direct Access
Het nieuwe werken. Thuis, onderweg, bij een klant of op de zaak. Overal waar u bent wilt u dezelfde gebruikerservaring hebben. Met Direct Access is uw laptop met internetvoorziening altijd onderdeel van uw bedrijfsnetwerk. Zo kunt u altijd bij uw bestanden en behoort de complexiteit van VPN connecties tot het grijze verleden! Deze oplossing is perfect voor iedere bedrijfsgrootte, van klein-MKB tot grote enterprise ondernemingen.
Presentation at Networkshop46.
Putting the "network" in Networkshop46, this session contains the lessons we've learned over the past year in operating campus networks. What has gone wrong, what has gone right, and wondering how it ever worked in the first place.
Construction, disruption and fibre moves, by Mark Franklin, University of Sheffield.
IPv6 @ the STFC, by Philip Garrad, Science and Technology Facilities Council (STFC).
Reprocuring a large campus network, part one, by Sam Wilson, University of Edinburgh.
NAT (network address translation) & PAT (port address translation)Netwax Lab
Network Address Translation (NAT) is designed for IP address conservation. It enables private IP
networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router,
usually connecting two networks together, and translates the private (not globally unique) addresses in
the internal network into legal addresses, before packets are forwarded to another network.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
You may have hoped to retire before IPv6 became a reality, but unfortunately the IPv4 address exhaustion came too fast. For the rest of us, we’re going to bite off a small piece of the 15-year old IPv6 pie and talk about how to get started!
• Address format refresher
• IPv4 and IPv6 protocol comparison
• IPv6 neighbor discovery and auto-configuration
• Current migration and coexistence strategies
• ICMPv6, DHCPv6, and DNSv6
• How to get started at home
To setup the simplest IPv6 network you just have to boot up a host o.pdfaptexx
To setup the simplest IPv6 network you just have to boot up a host or two with a IPv6 enabled
operating system such as Ubuntu. Open a terminal and type:
\"ip -6 address list\"
You should see output similar to the following:
1
2
3
4
5
6
1: lo: mtu 65536
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500
qlen 1000 inet6 fe80::922b:34ff:fe7b:6ff1/64 scope link
valid_lft forever preferred_lft forever,multicast,up,lower_up>,up,lower_up>
IPv6 link local addresses have been assigned automatically to any interfaces that you have. The
IPv6 localhost address (IPv4 127.0.0.1) is ::1/128. You can do the same on another host to gets it
IPv6 link local address and then do a IPv6 ping with \"ping6\" - note the 6.
1
ping6 fe80::922b:34ff:fe7b:6ff1
The fe80::/64 network prefix is the link local network as explained in the table above. It should
be the only IPv6 network address you will see across different physical networks. In fact every
host on an IPv6 network must have an link local address (fe80::/64).
Host Identifier Generation
The host identifier portion of the link local address, the remaining 64 bits, is generated from the
mac address with a algorithm applied to extend the 48 bit mac address to the 64 bit host address
required for IPv6. See EUI64 for the algorithm used. The host identifier may also be manually
assigned by the system administrator. This introduces the risk of duplicate IP addresses being
assigned, so IPv6 has a duplicate address detection protocol that allows hosts to determine if
there is a conflict before assigning itself an address.
IPv6 configuration is done using layer 3 (network layer) protocols and not layer 2 (media layer
eg. Ethernet) as with IPv4; so a valid IPv6 address is required before any additional
configuration can be done. Of couese it also allows for zero config simple networks.
Steps to Configure the Router Advertisement Service
The advertisement service can run on any Linux box, but that box will become the default route
for IPv6 traffic. In future your ADSL router will provide router advertisement services. First
assign the Linux box a static IPv6 address from the ULA network: (In the examples that follow I
use the fd5f:12c9:2201::/48 ULA routing prefix and I have chosen fd5f:12c9:2201:1::/64 as the
network prefix. (ie :1 is the subnet id).
Configure a static IPv6 on Ubuntu
1
sudo vi /etc/network/interfaces
1
2
3
4
5
6
7
auto eth0
iface eth0 inet6 static
address fd5d:12c9:2201:1::1
netmask 64
autoconf 0
dad-attempts 0
accept_ra 0
Now we need to install the router advertisement service:
Router Advertisement Daemon Configuration
sudo apt-get install radvd
vi /etc/radvd.conf
1
2
3
4
5
6
7
8
9
10
11
interface eth0
{
AdvSendAdvert on;
prefix fd5d:12c9:2201:1::1/64 {
AdvOnLink on;
AdvAutonomous on;
};
#Send DNS Server setting - assumes there is a DNS server setup at the address below
RDNSS fd5d:12c9:2201:1::2{
};
};
Restart the service and then on a client restart the network. You should .
Citrix vision and product highlights november 2011Louis Göhl
Scripted customer facing high level presentation that outlines the Citrix vision and strategy set in the personal, private and public cloud framework. Includes latest messaging from Synergy Barcelona.
This is a level 200 - 300 presentation.
It assumes:
Good understanding of vCenter 4, ESX 4, ESXi 4.
Preferably hands-on
We will only cover the delta between 4.1 and 4.0
Overview understanding of related products like VUM, Data Recovery, SRM, View, Nexus, Chargeback, CapacityIQ, vShieldZones, etc
Good understanding of related storage, server, network technology
Target audience
VMware Specialist: SE + Delivery from partners
This is a level 200 - 300 presentation.
It assumes:
Good understanding of vCenter 4, ESX 4, ESXi 4.
Preferably hands-on
We will only cover the delta between 4.1 and 4.0
Overview understanding of related products like VUM, Data Recovery, SRM, View, Nexus, Chargeback, CapacityIQ, vShieldZones, etc
Good understanding of related storage, server, network technology
Target audience
VMware Specialist: SE + Delivery from partners
Hyper v and live migration on cisco unified computing system - virtualized on...Louis Göhl
Learn how Cisco's new unified computing architecture, purpose built for virtualization, with Microsoft's Windows Server 2008 R2 Hyper-V and Live Migration, allow administrations to quickly allocate additional compute and storage resources for on-demand provisioning of new applications and users.
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...Louis Göhl
Selecting the right server hardware for an Exchange 2010 deployment becomes much easier when you know the product team's scalability and performance guidelines. This session provides a look at the product team's guidance for the processor and memory requirements of each server role in Exchange 2010. A number of key performance enhancements from this release are discussed, and you also learn about how to use related tools like the Exchange Storage Calculator, Exchange Profile Analyzer, Loadgen, and Jetstress to take the guesswork out of server sizing.
SVR208 Gaining Higher Availability with Windows Server 2008 R2 Failover Clust...Louis Göhl
Come and learn about all the new enhancements that are going to be delivered in Failover Clustering with Windows Server 2008 R2. This session looks at improvements since Windows Server 2008 including an overview of Cluster Shared Volumes (CSV), live migration, enhanced validation, PowerShell support, new HA workloads, improvements to existing workloads, supportability enhancements, and other exciting features designed to help you achieve even HIGHER availability for your Failover Cluster.
SVR205 Introduction to Hyper-V and Windows Server 2008 R2 with Microsoft Syst...Louis Göhl
This session focuses on the new capabilities of Windows Server 2008 R2 Hyper-V. The session also covers the base architecture of Hyper-V and provides guidance on key areas like storage management, performance, and more.
SIA319 What's Windows Server 2008 R2 Going to Do for Your Active Directory?Louis Göhl
Windows Server 2008 R2 is here, with new tools and utilities for the directory service IT pro to help you manage and maximise the potential of your Active Directory. What's going to be your favourite new feature? Maybe it's the Best Practice Analyser that will scan your infrastructure and point out both compliant and noncompliant aspects of your environment together with suggestions for improvements. Do you want tools to simplify your day-to-day management of the AD? There's a new kid on the block, the Active Directory Administrative Center. Built on Windows PowerShell technology it provides a rich GUI allowing you to perform common Active Directory tasks through both data-driven and task-driven navigation. Not a GUI fan? Then R2 brings you more than 85 PowerShell Cmdlets to allow you to manage, diagnose, and automate AD tasks from the command-line or PowerShell scripts. Maybe your favourite will be the recycle bin allowing you to recover deleted objects while the directory is online or the ability to perform offline domain join allowing you to streamline your deployments. There are more choices, come to this high-energy, fast paced, demo rich presentation and get all the details
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...Louis Göhl
Come learn how Forefront and Exchange Server 2010 work better together! This session covers how Forefront Protection 2010 for Exchange Server (FPE) and Forefront Online Protection for Exchange (FOPE) will facilitate protection of Microsoft Exchange Server 2010 from malware and unsolicited mail.
MGT310 Reduce Support Costs and Improve Business Alignment with Microsoft Sys...Louis Göhl
System Center Service Manager, through the power of its integrated platform, reduces costs, improves service levels, delivers informed decision making and reduces the burden of compliance. In this session learn how Service Manager, now in Beta Two, lowers the cost of incident and problem resolution and provides a streamlined approach to change management by providing integrated knowledge of configuration items and the ability to easily assess the current health state of IT services by seamlessly integrating the activities between Service Manager, System Center Operations Manager and System Center Configuration manager. Also see how Service Manager will deliver a compliance and risk process management pack that harmonises over 350 regulatory standards into a comprehensive set of control objectives that can be managed and tracked.
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainLouis Göhl
Numerous Microsoft technologies are now taking advantage of digital certificate-based authentication to enable the support for and management of systems outside trusted networks and domains. Join us to learn how you can use digital certificates with System Center to extend your management capabilities beyond your immediate environment, and enable a single management infrastructure to manage systems and IT services across multiple trusted and untrusted domains.
MGT220 - Virtualisation 360: Microsoft Virtualisation Strategy, Products, and...Louis Göhl
Learn about the Microsoft virtualisation strategy from the datacenter, to the desktop, to the cloud--and how it will help you cut costs and build value. In this session we review and demonstrate Microsoft virtualisation products and discuss how you can use them to solve today's IT issues (cost cutting, consolidation, business continuity, green IT), develop new computing solutions (VDI) and build a foundation for a more dynamic IT environment, including cloud computing. The session reviews all of the latest Microsoft virtualisation products, including Application Virtualization (App-V), Microsoft Enterprise Desktop Virtualization (MED-V), Windows Server 2008 with Hyper-V, and Microsoft Hyper-V Server, as well as the System Center management platform (including Virtual Machine Manager 2008). Learn about the innovative pricing and licensing structure that allows further savings to lower both acquisition and ongoing ownership costs. Learn how you can enable IT to become a cost cutting mechanism with Microsoft virtualisation and management technologies.
CLI319 Microsoft Desktop Optimization Pack: Planning the Deployment of Micros...Louis Göhl
You're excited about the new features in App-V 4.5, but where do you get started? This talk is meant to guide IT administrators through the App-V deployment decision process. Specifically, we discuss the various deployment types, pros and cons for each type of deployment, and performance and scalability issues. By the end of the presentation, IT administrators will be able to identify the deployment that is best suited for their preferences and infrastructure.
Windows Virtual Enterprise Centralized DesktopLouis Göhl
Virtualization brings about new use cases that did not previously exist in traditional desktop environments. These use cases include the ability to create multiple desktops dynamically, enable user access to multiple virtual machines (VMs) simultaneously, and move desktop VMs across multiple platforms, especially in load-balancing and disaster recovery situations. Microsoft designed Windows Virtual Enterprise Centralized Desktop (VECD) to enable organizations to license virtual copies of Windows client operating systems in virtual environments.
http://www.microsoft.com/windows/enterprise/solutions/virtualization/licensing.aspx
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
3. DirectAccess – Simple? Internet Corporate intranet When a DirectAccess client connects to the Internet it is automatically connected to the corporate Intranet No user action required
4. A VPN on Steroids Corporate Network Pre log on Patch management, health check and GPOs Always On Network level computer/user authentication and encryption Automatically connects throughNAT and firewalls VPNs connect the user to the network DirectAccess extends the network to the remote computer and user
5. No Gain Without Pain Challenge 1 Uses end-to-end IPv6 Requires transition technologies for the Internet and intranet DirectAccess apps must be IPv6 capable Challenge 2 Secure encrypted communications using IPsec End-to-end, end-to-edge Network authentication: computer/user Requires PKI to support for certificates
6. Simple? May Be Not Internet Corporate intranet Tunnelling technologies for the Internet and Intranet to support IPv6 over IPv4 Internet tunnelling selection based on client location – Internet, NAT, firewall Encryption/authentication of Internet traffic (end-to-edge/end-to-end) PKI required Client location detection: Internet or corporate intranet
7. Don’t Give Up Now Part 1 IPv6 Intro Transition Technologies End-to-end connectivity Part 2 IPsec Configuring Direct Access Network location and name resolution policies It all works – just like that!
8. Demo Environment EX1 DC1 DNS DC, DNS,CA WIN7 NAT1 DA1 Home Corporate intranet Internet IIS for CRLdistribution APP1 WIN7 RT1 WIN7 Branch All servers Windows 2008 R2 WIN7 8
9. IPv6 IPv6 natively supports many of the extensions that have been added to IPv4 IPSec QoS IPv6 adds An enormous address space (128-bits) 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses An efficient routing hierarchy Automatic configuration (DHCP may not be required) New protocol for interaction with neighbouring nodes
10. Drawbacks Requires a new routing infrastructure to support native IPv6 IPv6 can be used across IPv4 networks using transition technologies, 6to4, ISATAP and Teredo Most IPv6 addresses are not easy (impossible) to memorise! Will require the use of host names for all references Not all applications will be IPv6 compatible
11. Layer 2 Link layer header IPv6 header Payload Link layer trailer IPv6 packet Link layer frame Layer-2 remains the same No need to replace layer-2 appliances
12. Address Notation 2009:0adb:0001:56af:0321:000d:98fe:dbfe Leading zeros can be removed 2009:adb:1:56af:321:d:98fe:dbfe The 128 bit number is split into eight 16-bit blocks The value of each 16-bit block is written as four hex digits Each block is separated by a colon
13. Compressing Zeros 2009:0000:0000:0000:0321:000d:98fe:dbfe 2009::0321:000d:98fe:dbfe 2009:0000:0000:0321:0000:0000:dbfe 2009::0321::dbfe Invalid Contiguous 16-bit blocks containing zeros can be compressed Known as double colon notation Only one set of blocks can be compressed
14. IPv6 Prefix /48 /64 2009:0adb:0001:56af:0321:000d:98fe:dbfe The IPv6 prefix identifies the number of bits identifying the network IPv6 does not support the IPv4 style subnet mask
15. IPv6 Addressing Network Identifier Host Identifier 64-bits 64-bits The host component can be derived from the MAC address of the card Computers could be tracked by their MAC as they move between LANs Windows Server 2008 and Windows 7 use a permanent interface identifier that is randomly generated Can be disabled via: netsh interface ipv6 set global randomizeidentifiers=disabled
16. Link Local Address Zone IDs eliminate ambiguity when more than one interface is connected to a network Fe80::HostID2%9 Fe80::HostID3%10 InterfaceID 4 InterfaceID 6 InterfaceID 9 InterfaceID 10 Fe80::HostID1%4 Fe80::HostID4%6 Fe80::<host ID> , automatically assigned and only accessible on local network segment All hosts have a link local address even if they have a global address
17. Unicast Addresses Unique Local address (Similar to IPv4 private address ranges) FD hex Routing betweenLANs within a site Private routing between sites Site-local addresses prefixed fec0::/10 where depreciated in RFC 3879 Global address (Internet registered) Private routing Public routing
18. Host Configuration Auto configure link-local address DHCPv6 Manual configuration of otheraddresses possible but unlikely Stateless Stateful Router Solicitation (multicast) DHCP query if router does not reply orrouter instructs host to query DHCP Returns IPv6 configuration DHCP can supply complete configuration orjust additional options
19. Routing (simplified) Advertise: A ::/64 on link ::/0 next hop A:1 Network B B:1 A:1 Advertise: C::/64 next hop A:2 Network C C:1 A:2 Interface 15 IP address: A: hostID Default gateway
20. IPv4 IPv6 Transition Technologies IPv6 over IPv4 IPv6 Layer 7Applications Router to router tunnelling Layer 4TCP/UDP IPv6 over IPv4 Layer 3IPv4 Layer 3IPv6 IPv4 IPv6 Layer 2Ethernet etc… IPv4/IPv6 IPv6 Host to router , router to host Dual IP architecture IPv6 over IPv4 IPv4 IPv6 IPv6 Host to host
21. Tunnelling IPv4 IPv4 IPv6 IPv6 Tunnel The tunnel end may be a single host or IPv6 network IPv6 Traffic can be tunnelled in IPv4 as IP (used by 6to4 and ISATAP) UDP (used by Teredo) HTTPS (used by IPHTTPS)
22. 6to4 Network The 6to4 Network is an Internet based public IPv6 network Addresses start with the 2002::/16 prefix IPv6 traffic is tunnelled in IPv4 between 6to4 routers and relays
24. 6to4 Addressing Host configured with a public IPv4 address 6to4 interface automatically enabled and assigned a unique global (public) IPv6 address Interface assigned IPv6 address: 2002:wwxx:yyzz:0:0:0:wwxx:yyzz wwxx:yyzz is the hexadecimal representation of the host’s IPv4 address 144.19.200.2 translates to 9013:c802 Corresponding 6to4 address 2002: 9013:c802:0:0:0:9013:c802
25. 6to4 Host/Router to 6to4 Host IPv4 6to4 tunnel Use me to get to 2002::/16 on-link IPv4 packet encapsulates IPv6 Send through6to4 tunnel 2002:9013:c802:0:0:0:9013:c802 144.19.200.2 Ping 2002:9b0f:1b08:0:0:0:9b0f:1b08 physical
26. 6to4 Host/Router to Native Host IPv4 Use me to get to default gateway, next hop 6to4 Relay 6to4 tunnel Tunnel IPv6 Send through6to4 tunnel 2002:9013:c802:0:0:0:9013:c802 144.19.200.2 Ping fd00:9999:0:1::10 physical
27. 6to4 Configuration (reference) 6to4Host/Router :: Set name of 6to4 relay netsh interface 6to4 set relay corprelay.example.com :: host must be able to resolve FQDN ::Enable 6to4 Interface netsh interface 6to4 set state enabled ::Enable forwarding on 6to4 interface netsh interface ipv6 set interface “6to4 Adapter” forwarding=enabled ::Set fixed IP for DAcorp interface netsh interface ipv6 set address dacorp fd00:9999:0:1::200/64 ::Enable forwarding and advertising on DACorp interface netsh interface ipv6 set interface DACorp forwarding=enabled advertise=enabled ::Add DNS record for relay corprelay.example.com 144.19.0.10 6to4Relay
28. Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) ISATAP is similar to 6to4 as it tunnels IPv6 within an IPv4 packet Protocol ID 41 ISATAP is used for tunnelling IPv6 across IPv4 intranets
29. ISATAP Components NativeIPv6 Host ISATAPHost Native IPv6Intranet ISATAP Router IPv4 Intranet Tunnel A::1 ISATAPHost Tunnel Advertise to ISATAP Hosts: A ::/64 on ISATAP interface ::/0 next hop A::1
30. ISATAP Host Configuration 0:5efe for a private IPv4 address 200:5efe for a public IPv4 address The ISATAP interface address is constructed from a combination of the IPv6 network address and the IPv4 address The 32-bit IPv4 address is be written in dotted decimal notation fd00:9999:0:100:0:5efe:10.40.99.120
31. ISATAP Host Configuration The host can either be configured with the address of the ISATAP router or it can resolve it via DNS If the host can resolve ISATAP via DNS, it automatically configures its ISATAP tunnel interface The network address of the interface is published by the ISATAP router The location of the ISATAP router is published in DNS with the key word ISATAP For eample: isatap.example.com DNS blocks the name isatap via the globalqueryblocklist This must be cleared
32. ISATAP Host to ISATAP Host IPv4 Use me to get to fd00:9999:0:1::/64 On link ISATAP tunnel Tunnel IPv6 Send throughISATAP tunnel fd00:9999:0:100:0:5efe:10.20.100.55 10.20.100.55 Ping fd00:9999:0:1:0:5efe:10.40.99.120 physical
33. ISATAP Host to Native IPv6 Host IPv4 Use me to get to ::/0Next hop ISATAP router ISATAP tunnel Tunnel IPv6 Send throughISATAP tunnel fd00:9999:0:100:0:5efe:10.20.100.55 10.20.100.55 Ping fd00:9999:0:2::100 physical
34. ISATAP Configuration (reference) ISATAPHost No Client configuration, ISATAP interface automatically configured when clientcan resolve the name ISATAP from DNS ::Enable IPv4 routing netsh interface ipv4 set interface dacorp forwarding=enabled netsh interface ipv4 set interface dabranch forwarding=enabled ::configure IPV6 address, advertising and routing on DACorp interface netsh interface ipv6 set address dacorp fd00:9999:0:1::1/64 netsh interface ipv6 set interface dacorp forwarding=enabled advertise=enabled netsh interface ipv6 set route fd00:9999:0:1::/64 dacorp publish=yes ISATAP Router netsh interface isatap set router 10.40.100.1 netsh interface ipv6 set interface 15 forwarding=enabled advertise=enabled netsh interface ipv6 add route fd00:9999:0:100::/64 15 publish=yes Remove ISATAP block : dnscmd /config /globalqueryblocklistwpad Publish isatap.example.com Alternatively, don’t publish in DNS and configure the host: Netsh interface ipv6 isatap set state router xxy.example.com DNS Server
35. Supporting IPv4 Only Hosts For connections between IPv6 hosts and hosts that only support IPv4 NAT-PT and DNS-ALG require Improved translation with NAT64 and DNS64 Forefront Unified Access Gateway (UAG) Includes support for NAT64 and DNS64
36. IPv4 Internet IPv4 private Teredo NAT Device Teredoserver & relay TeredoHost Private IPv4 address Public IPv4 address Private IPv4 address Teredo provides connectivity when the host is behind one or more NATs The NAT will probably not support tunnelling IPv6 within IPv4 (protocol 41) Teredo tunnels IPv6 in UDP
38. IPv4 Outbound Packet translation IPv4 Internet IPv4 private NAT Device Teredoserver & relay TeredoHost P200 P200 port 2000 I99 port 6000 I77 Translation Mapping stored: P200 port 2000 I99 port 6000
39. Inbound traffic IPv4 Internet IPv4 private NAT Device Teredoserver & relay TeredoHost P200 P200 port 2000 I99 port 6000 I77 Translation Mapping in table: P200 port 2000 I99 port 6000
40. The Challenge NAT normally allows inbound traffic as a response to an outbound request To allow any host to initiate communication with a Teredo host the NAT mappings will need to remain valid Three different types of NAT Cone For mapped external IP and ports, allows inbound packets from any source IP address or port Restricted Only allows inbound from IP and Port that matched the original outbound destination IP and Port Symmetric Maps the same internal IP address and port to different external IP addresses and ports depending on the outbound destination address
41. Initial Negotiation The Teredo host connects to the Teredo server The server performs tests to determine the type of NAT that the host is behind To do this the server needs to be configured with two consecutive IPv4 addresses The Server provides the address of the host’s Teredo tunnel
43. Teredo Configuration (reference) TeredoHost ::Enable client for Teredo netsh interface ipv6 set teredoenterpriseclient teredo.example.com ::To resolve IPv6 DNS HKLMCServicesNSCachearametersddrConfigControl DWORD 0 ::Add DNS entry for Teredo server teredo.example.com 144.19.0.10 ::Add second IP address to Teredo server - used for NAT detection netsh interface ipv4 add address dainternet 144.19.0.11/16 ::enable teredo server netsh interface teredo set state type=server teredo.example.com servervirtualip=144.19.0.10 ::Enable Teredotunelling interface netsh interface ipv6 set interface 11 forwarding= enabled netsh interface ipv6 set route 2001::/32 11 publish=yes Teredoserver & relay 43
44. IPHTTPS IPHTTPS can be used if a host behind NAT cannot tunnel using Teredo Firewall blocking port 3544 IPHTTPS encapsulates IPv6 in HTTPS Most firewalls will pass HTTPS Challenges Certificates required Host must have access to the CRL distribution point 44
45. IPHTTPS Components Web server with CRL X X X IPv6 Host IPHTTPSserver NAT Device IPHTTPSHost IPv6Intranet IPv4 Internet Tunnel IPv6 in HTTPS Certificate Router advertises network prefix to the IPHTTPS host URL of CRL distribution point published in certificate
46. IPHTTPS Configuration (reference) netsh interface httpstunnel add interface client https://DA1.example.com:443/IPHTTPS enabled IPHTTPSHost Client must be able to resolve URL and have to the CRL distributionpoint IPHTTPSserver :: Create IP-HTTPS tunnel interface and bind to DAInternet IP netsh interface httpstunnel add interface url= "https://DA1.example.com:443/IPHTTPS" type=server state=default ::Enable IP-HTTPS interface to forward and advertise netsh interface ipv6 set interface iphttpsInterface forwarding=enabled advertise=enabled ::Advertise prefix on IP-HTTPS interface netsh interface ipv6 add route 2001:feff::/64 iphttpsinterface publish=yes ::Bind certificate to listening port netsh http add sslcertipport=144.19.0.10:443 certhash= c4d1c97ee770f033dab9091fa7304a6946db4ca6 appid= {00112233-4455-6677-8899-AABBCCDDEEFF} Certificate
50. Don’t Give Up Now Part 1 IPv6 Intro Transition Technologies End-to-end connectivity Part 2 IPsec Configuring Direct Access Network location and name resolution policies It all works – just like that!
51. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. www.microsoft.com/teched Sessions On-Demand & Community www.microsoft.com/learning Microsoft Certification & Training Resources http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers Resources
52. Related Content Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Breakout Sessions: SVR402 DirectAccess Technical Drilldown, Part 2 of 2: Putting It All Together SIA306 Microsoft Forefront Unified Access Gateway: DirectAccess and Beyond SVR315 IPv6 for the Reluctant: What to Know Before You Turn It Off Interactive Theater Sessions: SVR08-IS End-to-End Remote Connectivity with DirectAccess
53. My Sessions at TechEd Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Breakout Sessions: SIA319 What's Windows Server 2008 R2 Going to Do for Your Active Directory? SIA402 Recovery of Active Directory Deleted Objects and the Windows Server 2008 R2 Recycle Bin SVR401 DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and Transition Technologies SVR402 DirectAccess Technical Drilldown, Part 2 of 2: Putting It All Together Interactive Theater Sessions: SVR08-IS End-to-End Remote Connectivity with DirectAccess