Microsoft Azure is an ever-expanding set of cloud services to help your organization meet your business challenges. It’s the freedom to build, manage, and deploy applications on a massive, global network using your favorite tools and frameworks.
Productive
Reduce time to market, by delivering features faster with over 100 end-to-end services.
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Intelligent
Create intelligent apps using powerful data and artificial intelligence services.
Trusted
Join startups, governments, and 90 percent of Fortune 500 businesses who run on the Microsoft Cloud today.
Windows Server 2022 is now in preview, the next release in our Long-Term Servicing Channel (LTSC), which will be generally available later this calendar year. It builds on Windows Server 2019, our fastest adopted Windows Server ever. This release includes advanced multi-layer security, hybrid capabilities with Azure, and a flexible platform to modernize applications with containers.
Microsoft Azure is an ever-expanding set of cloud services to help your organization meet your business challenges. It’s the freedom to build, manage, and deploy applications on a massive, global network using your favorite tools and frameworks.
Productive
Reduce time to market, by delivering features faster with over 100 end-to-end services.
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Intelligent
Create intelligent apps using powerful data and artificial intelligence services.
Trusted
Join startups, governments, and 90 percent of Fortune 500 businesses who run on the Microsoft Cloud today.
Windows Server 2022 is now in preview, the next release in our Long-Term Servicing Channel (LTSC), which will be generally available later this calendar year. It builds on Windows Server 2019, our fastest adopted Windows Server ever. This release includes advanced multi-layer security, hybrid capabilities with Azure, and a flexible platform to modernize applications with containers.
Open Digital Architecture (ODA) is a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI.
Designed to support our industry into the cloud native era, ODA sets the framework required
for CSPs to invest in IT, transforming business agility and operations by creating simpler IT and network solutions that are easier and cheaper to deploy, integrate and upgrade. Enabling growth, profitability and a cutting-edge customer experience.
PECB Webinar: The alignment of Information Security in Service ManagementPECB
The webinar covers:
• Using ISO 27001 and/or COBIT as a framework
• Defining the proper KPI’s
• Information security in service management
Presenter:
This session was presented by Arthur Donkers, Managing Partner of ITSX and a PECB Certified Trainer with more than 30 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/epYUd3mzKzo
Cloud computing is the delivery of computing services over the Internet. Cloud services allow
individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer
resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks,
computer processing power, and specialized corporate and user applications.
Building a Cloud Offering: Perspectives from Two MSPsCA Nimsoft
For years, Nimsoft solutions and people have been proven to help service providers further their business objectives—whether they’re looking to scale operations, land more new business, or increase profits.
For more information, visit: http://www.nimsoft.com/for-service-providers/mspzone.html.
Azure was announced in October 2008 and released on 1 February 2010 as Windows Azure, before being renamed to Microsoft Azure on 25 March 2014. Along with Amazon Web Services Azure is considered a leader in the IAAS field.
Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool, or framework. And you can integrate your public cloud applications with your existing IT environment.
This definition tells us that Microsoft Azure is a cloud platform, which means you can use it for running your business applications, services, and workloads in the cloud. But it also includes some key words that tell us even more:
Open Microsoft Azure provides a set of cloud services that allow you to build and deploy cloud-based applications using almost any programming language, framework, or tool.
Flexible Microsoft Azure provides a wide range of cloud services that can let you do everything from hosting your company’s website to running big SQL databases in the cloud. It also includes different features that can help deliver high performance and low latency for cloud-based applications.
Microsoft-managed Microsoft Azure services are currently hosted in several datacenters spread across the United States, Europe, and Asia. These datacenters are managed by Microsoft and provide expert global support on a 24x7x365 basis.
Compatible Cloud applications running on Microsoft Azure can easily be integrated with on-premises IT environments that utilize the Microsoft Windows Server platform.
It provides both PAAS and IAAS services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.
Webinar presented live on January 10, 2018.
Version 3.0 of Security for Cloud Computing: Ten Steps to Ensure Success has just been released for publication. Read it here: http://www.cloud-council.org/deliverables/security-for-cloud-computing-10-steps-to-ensure-success.htm
As organizations consider a move to cloud computing, it is important to weigh the potential security benefits and risks involved and set realistic expectations with cloud service providers. The aim of this guide to help enterprise information technology (IT) and business decision makers analyze the security implications of cloud computing on their business.
In this webinar, authors of the paper will discuss:
• Security, privacy and data residency challenges relevant to cloud computing
• Considerations that organizations should weigh when migrating data, applications, and infrastructure to a cloud computing environment
• Threats, technology risks, and safeguards for cloud computing environments
• A cloud security assessment to help customers assess the security capabilities of cloud service provide
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Principled Technologies
Running VMware Tanzu on a VMware vSphere 7.0 Update 1 environment with Dell EMC PowerEdge servers provided centralized container management features at reasonable cost
Datapipe Chief Technology and Security Officer Joel Friedman takes delegates at Cloud Expo Asia 2015 through the key pillars of a successful public cloud security approach.
Open Digital Architecture (ODA) is a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI.
Designed to support our industry into the cloud native era, ODA sets the framework required
for CSPs to invest in IT, transforming business agility and operations by creating simpler IT and network solutions that are easier and cheaper to deploy, integrate and upgrade. Enabling growth, profitability and a cutting-edge customer experience.
PECB Webinar: The alignment of Information Security in Service ManagementPECB
The webinar covers:
• Using ISO 27001 and/or COBIT as a framework
• Defining the proper KPI’s
• Information security in service management
Presenter:
This session was presented by Arthur Donkers, Managing Partner of ITSX and a PECB Certified Trainer with more than 30 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/epYUd3mzKzo
Cloud computing is the delivery of computing services over the Internet. Cloud services allow
individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer
resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks,
computer processing power, and specialized corporate and user applications.
Building a Cloud Offering: Perspectives from Two MSPsCA Nimsoft
For years, Nimsoft solutions and people have been proven to help service providers further their business objectives—whether they’re looking to scale operations, land more new business, or increase profits.
For more information, visit: http://www.nimsoft.com/for-service-providers/mspzone.html.
Azure was announced in October 2008 and released on 1 February 2010 as Windows Azure, before being renamed to Microsoft Azure on 25 March 2014. Along with Amazon Web Services Azure is considered a leader in the IAAS field.
Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool, or framework. And you can integrate your public cloud applications with your existing IT environment.
This definition tells us that Microsoft Azure is a cloud platform, which means you can use it for running your business applications, services, and workloads in the cloud. But it also includes some key words that tell us even more:
Open Microsoft Azure provides a set of cloud services that allow you to build and deploy cloud-based applications using almost any programming language, framework, or tool.
Flexible Microsoft Azure provides a wide range of cloud services that can let you do everything from hosting your company’s website to running big SQL databases in the cloud. It also includes different features that can help deliver high performance and low latency for cloud-based applications.
Microsoft-managed Microsoft Azure services are currently hosted in several datacenters spread across the United States, Europe, and Asia. These datacenters are managed by Microsoft and provide expert global support on a 24x7x365 basis.
Compatible Cloud applications running on Microsoft Azure can easily be integrated with on-premises IT environments that utilize the Microsoft Windows Server platform.
It provides both PAAS and IAAS services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.
Webinar presented live on January 10, 2018.
Version 3.0 of Security for Cloud Computing: Ten Steps to Ensure Success has just been released for publication. Read it here: http://www.cloud-council.org/deliverables/security-for-cloud-computing-10-steps-to-ensure-success.htm
As organizations consider a move to cloud computing, it is important to weigh the potential security benefits and risks involved and set realistic expectations with cloud service providers. The aim of this guide to help enterprise information technology (IT) and business decision makers analyze the security implications of cloud computing on their business.
In this webinar, authors of the paper will discuss:
• Security, privacy and data residency challenges relevant to cloud computing
• Considerations that organizations should weigh when migrating data, applications, and infrastructure to a cloud computing environment
• Threats, technology risks, and safeguards for cloud computing environments
• A cloud security assessment to help customers assess the security capabilities of cloud service provide
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Principled Technologies
Running VMware Tanzu on a VMware vSphere 7.0 Update 1 environment with Dell EMC PowerEdge servers provided centralized container management features at reasonable cost
Datapipe Chief Technology and Security Officer Joel Friedman takes delegates at Cloud Expo Asia 2015 through the key pillars of a successful public cloud security approach.
RSA 2012 Virtualization Security February 2012Symantec
At RSA 2012 Symantec and VMware announced five new security integrations with the VMware cloud infrastructure suite designed to deliver extensive protection for virtual and cloud environments along with operational cost savings. With new VMware integrations, Symantec enables joint customers to completely protect their virtual infrastructure and business-critical applications with data loss prevention, IT risk an compliance, data center protection, security information and event management (SIEM) and endpoint protection solutions – delivering unparalleled security, scalability and cost reductions for rapid services delivery and enhanced business agility for the cloud.
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
The world of computing is moving to the cloud – shared infrastructures, shared systems, instant provisioning and pay-as-you-go services. And users can enjoy anytime, anywhere access to services and their data. But how secure is your data in the cloud and do conventional security products offer the optimal approach to securing your virtualised environments?
In this presentation we examine security and performance concerns along your journey to the cloud and explore new technologies from VMware and Trend Micro. These innovations are all ready helping thousands of businesses to address the security challenges with Physical, Virtual and cloud platforms.
Learn about Monitoring process to keep eye on systems or scheduled activities, to obtain real-time information to ease the overview or action in certain cases.For more information, visit http://ibm.co/PNo9Cb.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
2. Disclaimer
This session may contain product features that are
currently under development.
This session/overview of the new technology represents
no commitment from VMware to deliver these features in
any generally available product.
Features are subject to change, and must not be included in
contracts, purchase orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new technologies or features
discussed or presented have not been determined.
“These features are representative of feature areas under development. Feature commitments are
subject to change, and must not be included in contracts, purchase orders, or sales agreements of
any kind. Technical feasibility and market demand will affect final delivery.”
2
3. Agenda
• Overview of compliance and security requirements
• Foundations for virtual security
• Where can VMware help?
• How are our partners are helping?
• Summary
3
4. Agenda
• Overview of compliance and security requirements
• Foundations for virtual security
• Where can VMware help?
• How are our partners are helping?
• Summary
4
5. Compliance vs. Security
Compliance Security
Conforming to a set of Implementing Technical,
rules or standards. This Physical, and
is generally confirmed by Administrative controls to
an assessor providing an provide confidentiality,
opinion based on integrity, availability,
observation, inquiry, and accountability and
inspection. assurance.
5
7. Why is PCI so Hard for Virtualization?
Technology changes faster than any standard
(including the PCI DSS)
PCI applies to all systems “in scope”
Segmentation defines scope
The DSS is vendor agnostic
Most whitepapers are written for security, not compliance
“If network segmentation is in place and will be used to reduce
the scope of the PCI DSS assessment, the assessor must verify
that the segmentation is adequate to reduce the scope of the
assessment.” - (PCI DSS p.6)
7
8. What is “In-scope”
All systems that Store, Process, or Transmit cardholder data, and all
system components that are in or connected to the cardholder data
environment (CDE).
What’s unique in a virtual environment?
Storage Transmission Segmentation
Data that used to reside only in Data that used to physically reside in Defining system boundaries can be
memory could be written to disk one location could now be transmitted more difficult, with virtual firewalls,
(encryption keys, PAN) logically across the network (i.e., virtual switches, VLANs, and High
VMotion, pulling images from a SAN, Availability switches.
storage)
The integrity of data can now be
altered in several locations (i.e., a log Mixed mode environments,
server that is stored as VM on the Authentication controls (how can you multi-tenancy.
ESX host) ensure that authentication systems
cannot be by-passed)
Can all system components in the
SAN – Can VM’s be altered in virtual environment meet ALL PCI
storage? How will you know? What “system components” could be controls?
used to sniff sensitive data?
8
9. Aren’t firewalls required for segmentation?
QSA’s have historically relied on stateful firewalls for network
segmentation
PCI allows for “other technology” as an acceptable use of
segmentation
How do firewalls impact the flow of
data unique to a virtual environment
(VMotion, pulling images from a SAN,
taking “dirty” snapshots)
“Network segmentation can be achieved through internal
network firewalls, routers with strong access control lists or
other technology that restricts access to a particular segment of
a network.” – PCI DSS p. 6
9
10. Why are Virtual Environment Perceived As So Much Harder?
1. System boundaries are not as clear as their non-virtual
counterparts
2. Even the simplest network is rather complicated
3. More components, more complexity, more areas for risk
4. Digital forensic risks are more complicated
5. More systems are required for logging and monitoring
6. More access control systems
7. Memory can be written to disk
8. Many applications and O/S were not designed for Virtualization
9. VM Escape?
10. Mixed Mode environments
10
11. “System Boundaries” are not as Clear as their Non-Virtual
Counterparts
Basic Web Server and Database
Standard Environment Virtual Environment
11
12. Agenda
• Overview of compliance and security requirements
• Foundations for virtual security
• Where can VMware help?
• How are our partners are helping?
• Summary
12
13. Enterprise Security today – not virtualized, not cloud ready
Enterprise VDC
Users DMZ Web Servers Apps / DB Tier
Sites
Perimeter/DMZ Interior security Endpoint security
- Threat Mitigation - Segmentation of - Protecting the Endpoint
- Perimeter security products applications and Server -AV, HIPS agent based
w/ FW/ VPN/ IPS -VLAN or subnet based security
- Hardware Sprawl, policies - Agent Sprawl,
Expensive -VLAN Sprawl, Complex Cumbersome
13
14. Foundations of Virtual Security: Secure Deployment
VMware Security Hardening
Guides
VMkernel • Being provided for major platform
vnic
vnic
vnic
products
Production Mgmt Storage • vSphere 4.x
vSwitch
• VMware vCloud Director
• View
• Important for architecture and
deployment related controls
vSphere Security Hardening Guide
Prod Mgmt http://www.vmware.com/resources/techresources/10109
Network Network
Other ESX/ESXi IP-based
vCenter hosts Storage
14
15. Foundations of Virtual Security: Securing Virtual Machines
Provide Same Protection
as for Physical Servers
Guest
• Anti-Virus
• Patch Management
• OS hardening and compliance
Network
• Intrusion Detection/Prevention
(IDS/IPS)
Edge
• Firewalls
15
16. Foundations of Virtual Security: Virtual Trust Zones
Firewall / IDS / IPS
virtual appliance(s) Web servers Application servers Database servers
VM VM VM Manage-
VM VM VM
VM VM VM ment
interface
VMkernel
Internet Intranet Web Application Database
ESX/ESXi
Host
vCenter Server
system
Production Management
Internet LAN LAN
16
17. Agenda
• Overview of compliance and security requirements
• Foundations for virtual security
• Where can VMware help?
• How are our partners are helping?
• Summary
17
18. Virtualization Controls for Security
Network Controls
Change Control and Configuration Management
Access Controls & Management
Vulnerability Management
18
19. vShield - Comprehensive Security for Cloud Infrastructure
In Guest
Defense in Depth from inside the Guest to the Edge of the Cloud
VMVM OrgOrg
vShield Endpoint vShield App vShield Edge
Accreditations and Certifications
Firewall certification in progress H2/2011
19
20. vShield Edge
Secure the Edge of the Virtual Data Center
firewall
Features
• Multiple edge security services in one appliance
Tenant A Tenant X
• Stateful inspection firewall
• Network Address Translation (NAT)
Load balancer • Dynamic Host Configuration Protocol (DHCP)
• Site to site VPN (IPsec)
• Web Load Balancer
• Edge port group isolation
VPN • Detailed network flow statistics for chargebacks, etc
• Policy management through UI or REST APIs
• Logging and auditing based on industry standard
syslog format
20
22. vShield App/Zones
Application Protection for Network Based Threats
Features
DMZ PCI HIPAA
• Hypervisor-level firewall
• Inbound, outbound connection control applied at
vNIC level
• Elastic security groups - “stretch” as virtual machines
migrate to new hosts
• Robust flow monitoring
• IP Address protection management
• Policy Management
• Simple and business-relevant policies
• Managed through UI or REST APIs
• Logging and auditing based on industry standard
syslog format
22
24. Customers Trust What They Know – 2 Segment Preferences
“Air Gapped” Pods Mixed Trust Hosts Secure Private Cloud
Network Security
vShield Edge
vShield App
VI Architects
• VI Architects who understand the power of virtualization and introspection expect to
deploy vShield App but want it in Cloud environments in addition to vShield Edge
• IT Security and Network Security see vShield Edge as a natural bridge from what
they know and understand in the physical security world and are looking to find a fit
within their existing mixed trust host and air gapped pods network designs, VLANs, etc.
24
25. vShield Endpoint
Endpoint Security for Virtual Data Centers and Cloud Environments
Improves performance and effectiveness of
existing endpoint security solutions
• Offload of AV functions
• Hardened, security virtual machine
Features
• Offload file activity to Security VM
• Manage AV service across VMs
• Enforce Remediation using driver in VM
• Partner Integrations through EPSEC API
- Trend Micro, Symantec, McAfee
• Policy Management: Built-in or
customizable with REST APIs
• Logging of AV file activity
25
26. Efficient Antivirus as a Service for Virtual Datacenters
Tighter collaborative effort with leading AV partners
Hypervisor-based introspection for all major AV functions
• File-scanning engines and virus definitions
offloaded to security VM – scheduled and SVM VM VM VM
realtime
APP APP APP
• Thin file-virtualization driver in-guest >95%+ AV
OS OS OS
reduction in guest footprint (eventually fully
OS Kernel Kernel Kernel
agentless) Hardened BIOS BIOS BIOS
Deployable as a service
Introspection
• No agents to manage - thin-guest driver to VMware vSphere
be bundled with VMTools
• Turnkey, security-as-service delivery
Applicable to all virtualized
deployment models – private clouds
(virtual datacenters), public clouds (service
providers), virtual desktops
26
27. vCenter Configuration Manager
Drive IT Compliance to lower risk
• Ensure compliance with various industry and
regulatory standards on a continuous basis
• Quickly remediate problems
Mitigate outages through approved change
processes
• Detailed understanding and tracking of changes
• Control change by following your Closed Loop
Change Mgmt Process
Harden your environment and reduce
potential threats and breaches
Compliance Through Unified Patching and
Provisioning
• Provision Linux, Windows and ESX images
• Assess and Patch Windows, UNIX, MAC, etc
Control your virtual infrastructure
• Fight VM Sprawl & Decommissioning Issues
• Improved Virtual Troubleshooting
• Single Pane of Glass
27
28. Manage & Measure Compliance
Automated & Continuous Enterprise Compliance Posture
Deep Collection and Visibility SOX HIPAA FISMA
• Virtual and Physical Machines
• Desktops and Servers DISA GLBA ISO 27002
PCI
• Spans a large array or OSs CIS
NERC/
Built in compliance tool kits NIST PCI DSS
FERC
VMware
• Regulatory
Virtualization Hardening Guidelines
• SOX, HIPAA, GLBA, FISMA, DISA, ISO 27002
• Industry CIS Benchmarks
• PCI DSS
• Security
• NERC/FERC
CIS Certified Benchmarks
• vSphere Hardening DISA NIST
• VMware Best Practices Security Hardening Guides
• CIS Benchmark Vendor Specific Hardening Guidelines
Dashboards provide “At-a-Glance”
health
28
29. vCenter Application Discovery Manager
• Get and keep a fast and
accurate data center view –
across virtual and physical
• Precise visibility into all
application interactions via
network-based approach
• Eye-opening discovery of
unknown, unwanted, &
unexpected application
behaviors and dependencies
• Application-aware data center
moves & consolidations,
migrations, and DR plans
29
30. Business Application Dependency Mapping
Provides a detailed and
accurate infrastructure
layout of a given
business application
– Virtual and Physical
servers
– Services
– Interdependencies
This is first step to
understanding the
business application is to
map out its internal
dependencies
Required for any major
data center project (i.e.
DR, Migration,
Consolidation)
DB Layer Application
Layers
30
31. Agenda
• Overview of compliance and security requirements
• Foundations for virtual security
• Where can VMware help?
• How are our partners are helping?
• Summary
31
33. Agenda
• Overview of compliance and security requirements
• Foundations for virtual security
• Where can VMware help?
• How are our partners are helping?
• Summary
33
34. What Compliance Benefits are there for Virtual Environments?
1. Repeatable security
2. Scalable controls
3. Risk aggregation/concentration
4. Improve security without impacting operations
5. Stronger/quicker configuration management
6. More money can be spent on security controls
7. Quickly provision and release with minimal management
8. Faster recovery after an attack
9. Ability to quickly capture and isolate compromised VM’s
34
35. Security Advantages of Virtualization
Allows Automation of Many Manual Error Prone Processes
Cleaner and Easier Disaster Recovery/Business Continuity
Better Forensics Capabilities
Faster Recovery After an Attack
Patching is Safer and More Effective
Better Control Over Desktop Resources
More Cost Effective Security Devices
App Virtualization Allows de-privileging of end users
Better Lifecycle Controls
Security Through VM Introspection
35
36. Where to Learn More
Security
• Hardening Best Practices
• Implementation Guidelines
• http://vmware.com/go/security
Compliance
• Partner Solutions
• Advice and Recommendation
• http://vmware.com/go/compliance
Operations
• Peer-contributed Content
• http://viops.vmware.com
36