VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013
Azeem Feroz, VMware
Sachin Vaidya, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Why Security Teams should care about VMwareJJDiGeronimo
The document discusses VMware's security strategy and how virtualization provides security benefits. It outlines how virtualization allows automation of manual security processes, improves forensics capabilities, and makes patching and recovery faster. VMware focuses on integrating products into existing security policies while enabling broad security for all VMs. Features like vShield Zones and VMsafe appliances provide centralized security management and protection of virtual environments. Virtualization also extends these security advantages from the datacenter to endpoint devices through portable client-side virtual machines.
Protect Your End-of-Life Windows Server 2003 Operating SystemSymantec
End of Support is Not the End of Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period is typically referred to as limited support. After the last day of support (also known as “end of support life date”), the product becomes obsolete, and the vendor will no longer automatically issue security patches. Customers have the option to purchase “extended or custom support” from the vendor after this date.
In many instances, the window for the availability of vendor support for the EOL product could be shorter than the time it would take for the customer to effectively migrate applications and processes to a new platform.
Customers may also be running custom applications that may not be compatible with the new platform. These gaps potentially expose unsupported systems to zero-day threats and new malware attacks. In order to address these potential risks, businesses will need to make some hard decisions:
• Run the applications in the unsupported platform.
• Execute an aggressive migration strategy for the mission-critical applications.
• Purchase an expensive extended support contract from the software vendor.
• Implement a security solution to harden and monitor the unsupported systems.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
General Q&A
Q: What is Arkin (now vRealize Network Insight)?
Q: What is the new Arkin product name?
Q: How will vRealize Network Insight be integrated into VMware?
Q: Where can I find more information about vRealize
Network Insight?
Q: Who can sell vRealize Network Insight?
Q: Who can purchase vRealize Network Insight?
Q. When can I begin selling vRealize Network Insight?
Q: Will I be compensated for selling vRealize Network
Insight?
Q: Is there an Academic or Federal SKU?
Q: Can I add vRealize Network Insight to my existing NSX
Opportunities?
Q: How to get licenses?
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013
Azeem Feroz, VMware
Sachin Vaidya, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Why Security Teams should care about VMwareJJDiGeronimo
The document discusses VMware's security strategy and how virtualization provides security benefits. It outlines how virtualization allows automation of manual security processes, improves forensics capabilities, and makes patching and recovery faster. VMware focuses on integrating products into existing security policies while enabling broad security for all VMs. Features like vShield Zones and VMsafe appliances provide centralized security management and protection of virtual environments. Virtualization also extends these security advantages from the datacenter to endpoint devices through portable client-side virtual machines.
Protect Your End-of-Life Windows Server 2003 Operating SystemSymantec
End of Support is Not the End of Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period is typically referred to as limited support. After the last day of support (also known as “end of support life date”), the product becomes obsolete, and the vendor will no longer automatically issue security patches. Customers have the option to purchase “extended or custom support” from the vendor after this date.
In many instances, the window for the availability of vendor support for the EOL product could be shorter than the time it would take for the customer to effectively migrate applications and processes to a new platform.
Customers may also be running custom applications that may not be compatible with the new platform. These gaps potentially expose unsupported systems to zero-day threats and new malware attacks. In order to address these potential risks, businesses will need to make some hard decisions:
• Run the applications in the unsupported platform.
• Execute an aggressive migration strategy for the mission-critical applications.
• Purchase an expensive extended support contract from the software vendor.
• Implement a security solution to harden and monitor the unsupported systems.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
General Q&A
Q: What is Arkin (now vRealize Network Insight)?
Q: What is the new Arkin product name?
Q: How will vRealize Network Insight be integrated into VMware?
Q: Where can I find more information about vRealize
Network Insight?
Q: Who can sell vRealize Network Insight?
Q: Who can purchase vRealize Network Insight?
Q. When can I begin selling vRealize Network Insight?
Q: Will I be compensated for selling vRealize Network
Insight?
Q: Is there an Academic or Federal SKU?
Q: Can I add vRealize Network Insight to my existing NSX
Opportunities?
Q: How to get licenses?
Runcy Oommen discusses security for cloud native workloads and containers. Some key points include:
1) The shared responsibility model where cloud providers and customers both have responsibilities for security.
2) Securing the container lifecycle from build to deploy to run through measures like limiting access, resource management, and network segmentation.
3) Kubernetes security improvements such as disabling anonymous authentication, configuring admission controllers, pod security policies, enabling RBAC, and using network policies.
VMware vRealize Network Insight 3.5 provides intelligent operations for software-defined networking and security across virtual, physical and multi-cloud environments. New capabilities in this version include enhanced visibility of NSX deployments through dashboards for NSX edge health and PCI compliance assessment, as well as support for troubleshooting connectivity across VMware NSX, Check Point, Brocade, and HP environments. The release also extends micro-segmentation planning and visibility to Amazon Web Services configurations.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
Virtualization: Security and IT Audit PerspectivesJason Chan
A brief overview of server virtualization for information security and audit professionals. I gave earlier versions of this talk at the SV and SF ISACA conferences in 2010, this version is for the UC Compliance and Audit Symposium.
This document discusses cloud security risks and provides an overview of cloud security. It outlines various security risks in cloud computing including insider and outsider attacks, privacy and trust issues, and vulnerabilities in operating systems, virtualization, and shared images. It also describes the Xoar system for improving security by reducing the trusted computing base and limiting privileges and interfaces of system components. Finally, it discusses the need for a trusted virtual machine monitor to prevent the cloud provider from accessing the system.
VMware announced updates to its cloud products and strategies at VMworld 2016, including VMware Cloud Foundation and VMware Cross-Cloud Architecture. VMware Cloud Foundation is a fully integrated private cloud platform that includes vSphere, VSAN, NSX and management and automation tools. The Cross-Cloud Architecture allows applications to run across private, public and hybrid clouds. Updates were also provided for products including vRealize Operations, vRealize Automation, and Horizon to expand capabilities. VMware also announced deeper integration of containers with vSphere through vSphere Integrated Containers.
The document discusses various cloud security tools and terms including CSPM, CWPP, CIEM, and CNAPP. CSPM tools track cloud resources and verify static cloud configuration. CWPP tools secure cloud workloads and protect instances. CIEM tools manage identities and permissions in the cloud to enforce least privilege access. CNAPP tools integrate CSPM and CWPP capabilities and provide context about workloads to improve cloud security.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
An overview of Whats New in VMware vRealize Network Insight 3.4. vRealize Network Insight provides micro-segmentation planning, 360 visibility and troubleshooting and VMware NSX day 2 operations management.
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
IT professionals everywhere strive to secure their network, but it can be a daunting task. Luckily, Microsoft provides some boilerplate templates to get you started.
In this session, Frank begins by providing an overview of the Microsoft Security Baselines, explaining what they are and how they relate to the Center for Internet Security (CIS) Benchmarks, why Security Baselines are important (especially in PCI- or HIPAA-regulated environments), what to expect to change when implementing a baseline, when it is appropriate to implement a Microsoft Security Baseline, and provide you with project success criteria.
Then it's time for the details: Frank explains how to inventory your systems, how to download the Microsoft Security Baselines, how to apply your first Baseline to Active Directory, and how to manage the implementation---including recommendations on how to make changes (or "overrides") to the Security Baselines both from a process standpoint and a technical standpoint (using Group Policy Management).
VMware overview presentation by alamgir hossainALAMGIR HOSSAIN
VMware is a global leader in cloud infrastructure and digital workspace technology. It offers various virtualization products including vSphere for server virtualization, NSX for network virtualization, and Horizon for desktop and application virtualization. VMware's virtualization software allows multiple operating systems to run on a single physical host. VMware vShield provides security advantages over traditional hardware-based security appliances by offering a single virtual appliance with comprehensive protection capabilities that is cost-effective, simple to use, and adaptive to virtualized environments.
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
The idea that purchasing services from a cloud service provider may allow businesses to save money while they focus on their core business is an enticing proposition. Many analysts view the emerging possibilities for pricing and delivering services online as disruptive to market conditions. Market studies and the ensuing dialogue among prospective customers and service providers reveal some consistent themes and potential barriers to the rapid adoption of cloud services. Business decision makers want to know, for example, how to address key issues of security, privacy and reliability in the Microsoft Cloud Computing environment, and they are concerned as well about the implications of cloud services for their risk and operations decisions.
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
Clouds are finding increased use in core enterprise systems, which mean auditing is the cornerstone expectation. Cloud vendors announce new cloud services, offer new security solutions and refer to the global security standards among of them the requirements look like quite similar. This is series of articles about AWS Cloud Security from the point of view of the compliance to highlight technical requirements of the top Worldwide and Russian security standards for key AWS services, describe how technically prepare to audit and configure AWS services.
http://pentestmag.com/pentest-webapp-1212/
Moving Forward with Network Virtualization (VMware NSX)VMware
The most agile, secure and scalable networks have moved intelligence from hardware into software using network virtualization. If you’re ready to evolve your network towards the future, we can help.
Get the details on network virtualization in our comprehensive, easy-to-read book: Network Virtualization For Dummies. Download your copy: vmware.com/go/nvdummies
This document provides an overview of virtualization concepts from VMware's perspective given by Steven Aiello, including:
- A brief biography of Steven Aiello and his credentials.
- An introduction to common virtualization concepts such as VMs, hypervisors, and benefits of virtualization like hardware independence and infrastructure flexibility.
- A comparison of popular virtualization platforms including VMware, Citrix XenServer, Microsoft Hyper-V, and others.
- Discussion of how virtualization can both help and potentially hurt security through concepts like availability, confidentiality and integrity. Mitigation strategies are proposed.
This document discusses security automation through SDN and NFV. It begins with an overview of security challenges from a service provider perspective, such as growing traffic and threats. It then discusses how SDN can automate and accelerate DDoS mitigation by redirecting traffic. The document outlines Cisco's Firepower 9300 platform for integrated security services and its use with Radware virtual DDoS protection. It also discusses how the Cisco Application Centric Infrastructure automates security policy and service chains in the data center.
We have discussed about the azure VMs Inventory management,Change management,tracking and update management. Discussed on Azure VMs. scaling on demand and how to increase the same. Disk addition and deletion as well.
VMworld 2013: vCloud Powered HPC is Better and Outperforming PhysicalVMworld
Virtualized HPC platforms on VMware's software-defined data center (SDDC) architecture can outperform physical HPC systems. Three customer cases show how virtual HPC platforms provided flexibility, scalability, and cost savings compared to physical hardware. Virtual HPC platforms allowed customers to dynamically scale resources, pay for computing as needed, and reduce hardware investments and management costs. Virtualization optimized for HPC workloads can deliver low-latency performance comparable or better than physical systems.
This document summarizes a presentation about the vCloud architecture ecosystem and components. It discusses the various building blocks, importance of orchestration, and depth of knowledge required. It provides an example solution using vCloud Application Director 2.0 and details how published catalog cloning works. It covers cell network considerations and possible cluster configurations. Finally, it discusses common themes and vCloud maximum limits.
Runcy Oommen discusses security for cloud native workloads and containers. Some key points include:
1) The shared responsibility model where cloud providers and customers both have responsibilities for security.
2) Securing the container lifecycle from build to deploy to run through measures like limiting access, resource management, and network segmentation.
3) Kubernetes security improvements such as disabling anonymous authentication, configuring admission controllers, pod security policies, enabling RBAC, and using network policies.
VMware vRealize Network Insight 3.5 provides intelligent operations for software-defined networking and security across virtual, physical and multi-cloud environments. New capabilities in this version include enhanced visibility of NSX deployments through dashboards for NSX edge health and PCI compliance assessment, as well as support for troubleshooting connectivity across VMware NSX, Check Point, Brocade, and HP environments. The release also extends micro-segmentation planning and visibility to Amazon Web Services configurations.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
Virtualization: Security and IT Audit PerspectivesJason Chan
A brief overview of server virtualization for information security and audit professionals. I gave earlier versions of this talk at the SV and SF ISACA conferences in 2010, this version is for the UC Compliance and Audit Symposium.
This document discusses cloud security risks and provides an overview of cloud security. It outlines various security risks in cloud computing including insider and outsider attacks, privacy and trust issues, and vulnerabilities in operating systems, virtualization, and shared images. It also describes the Xoar system for improving security by reducing the trusted computing base and limiting privileges and interfaces of system components. Finally, it discusses the need for a trusted virtual machine monitor to prevent the cloud provider from accessing the system.
VMware announced updates to its cloud products and strategies at VMworld 2016, including VMware Cloud Foundation and VMware Cross-Cloud Architecture. VMware Cloud Foundation is a fully integrated private cloud platform that includes vSphere, VSAN, NSX and management and automation tools. The Cross-Cloud Architecture allows applications to run across private, public and hybrid clouds. Updates were also provided for products including vRealize Operations, vRealize Automation, and Horizon to expand capabilities. VMware also announced deeper integration of containers with vSphere through vSphere Integrated Containers.
The document discusses various cloud security tools and terms including CSPM, CWPP, CIEM, and CNAPP. CSPM tools track cloud resources and verify static cloud configuration. CWPP tools secure cloud workloads and protect instances. CIEM tools manage identities and permissions in the cloud to enforce least privilege access. CNAPP tools integrate CSPM and CWPP capabilities and provide context about workloads to improve cloud security.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
An overview of Whats New in VMware vRealize Network Insight 3.4. vRealize Network Insight provides micro-segmentation planning, 360 visibility and troubleshooting and VMware NSX day 2 operations management.
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
IT professionals everywhere strive to secure their network, but it can be a daunting task. Luckily, Microsoft provides some boilerplate templates to get you started.
In this session, Frank begins by providing an overview of the Microsoft Security Baselines, explaining what they are and how they relate to the Center for Internet Security (CIS) Benchmarks, why Security Baselines are important (especially in PCI- or HIPAA-regulated environments), what to expect to change when implementing a baseline, when it is appropriate to implement a Microsoft Security Baseline, and provide you with project success criteria.
Then it's time for the details: Frank explains how to inventory your systems, how to download the Microsoft Security Baselines, how to apply your first Baseline to Active Directory, and how to manage the implementation---including recommendations on how to make changes (or "overrides") to the Security Baselines both from a process standpoint and a technical standpoint (using Group Policy Management).
VMware overview presentation by alamgir hossainALAMGIR HOSSAIN
VMware is a global leader in cloud infrastructure and digital workspace technology. It offers various virtualization products including vSphere for server virtualization, NSX for network virtualization, and Horizon for desktop and application virtualization. VMware's virtualization software allows multiple operating systems to run on a single physical host. VMware vShield provides security advantages over traditional hardware-based security appliances by offering a single virtual appliance with comprehensive protection capabilities that is cost-effective, simple to use, and adaptive to virtualized environments.
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
The idea that purchasing services from a cloud service provider may allow businesses to save money while they focus on their core business is an enticing proposition. Many analysts view the emerging possibilities for pricing and delivering services online as disruptive to market conditions. Market studies and the ensuing dialogue among prospective customers and service providers reveal some consistent themes and potential barriers to the rapid adoption of cloud services. Business decision makers want to know, for example, how to address key issues of security, privacy and reliability in the Microsoft Cloud Computing environment, and they are concerned as well about the implications of cloud services for their risk and operations decisions.
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
Clouds are finding increased use in core enterprise systems, which mean auditing is the cornerstone expectation. Cloud vendors announce new cloud services, offer new security solutions and refer to the global security standards among of them the requirements look like quite similar. This is series of articles about AWS Cloud Security from the point of view of the compliance to highlight technical requirements of the top Worldwide and Russian security standards for key AWS services, describe how technically prepare to audit and configure AWS services.
http://pentestmag.com/pentest-webapp-1212/
Moving Forward with Network Virtualization (VMware NSX)VMware
The most agile, secure and scalable networks have moved intelligence from hardware into software using network virtualization. If you’re ready to evolve your network towards the future, we can help.
Get the details on network virtualization in our comprehensive, easy-to-read book: Network Virtualization For Dummies. Download your copy: vmware.com/go/nvdummies
This document provides an overview of virtualization concepts from VMware's perspective given by Steven Aiello, including:
- A brief biography of Steven Aiello and his credentials.
- An introduction to common virtualization concepts such as VMs, hypervisors, and benefits of virtualization like hardware independence and infrastructure flexibility.
- A comparison of popular virtualization platforms including VMware, Citrix XenServer, Microsoft Hyper-V, and others.
- Discussion of how virtualization can both help and potentially hurt security through concepts like availability, confidentiality and integrity. Mitigation strategies are proposed.
This document discusses security automation through SDN and NFV. It begins with an overview of security challenges from a service provider perspective, such as growing traffic and threats. It then discusses how SDN can automate and accelerate DDoS mitigation by redirecting traffic. The document outlines Cisco's Firepower 9300 platform for integrated security services and its use with Radware virtual DDoS protection. It also discusses how the Cisco Application Centric Infrastructure automates security policy and service chains in the data center.
We have discussed about the azure VMs Inventory management,Change management,tracking and update management. Discussed on Azure VMs. scaling on demand and how to increase the same. Disk addition and deletion as well.
VMworld 2013: vCloud Powered HPC is Better and Outperforming PhysicalVMworld
Virtualized HPC platforms on VMware's software-defined data center (SDDC) architecture can outperform physical HPC systems. Three customer cases show how virtual HPC platforms provided flexibility, scalability, and cost savings compared to physical hardware. Virtual HPC platforms allowed customers to dynamically scale resources, pay for computing as needed, and reduce hardware investments and management costs. Virtualization optimized for HPC workloads can deliver low-latency performance comparable or better than physical systems.
This document summarizes a presentation about the vCloud architecture ecosystem and components. It discusses the various building blocks, importance of orchestration, and depth of knowledge required. It provides an example solution using vCloud Application Director 2.0 and details how published catalog cloning works. It covers cell network considerations and possible cluster configurations. Finally, it discusses common themes and vCloud maximum limits.
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live MigrationVMware
Businesses using a virtualized infrastructure have many reasons to move active virtual machines (VMs) from one physical server to another. Whether the migrations are for routine maintenance, balancing performance needs, work distribution (consolidating VMs onto fewer servers during non-peak hours to conserve resources), or another reason, the best virtual infrastructure platform executes the move as quickly as possible and with minimal impact to end users.
We tested two competing features that move active VMs from one server to another, VMware vSphere 5 vMotion and Microsoft® Windows Server® 2008 R2 SP1 Hyper-V Live Migration. While both perform these moves with no VM downtime, in our testing the VMware solution did so faster, with greater application stability, and with less impact to application performance – clearly showing that not all live migration technologies are the same. VMware also holds an enormous advantage in concurrency: VMware vSphere 5 can move eight VMs at a time while a Microsoft Hyper-V cluster node can take part only as the source or destination in one live migration at a time. In our two test scenarios, the VMware vMotion solution was up to 5.4 times faster than the Microsoft Hyper-V Live Migration solution.
Zerto provides virtual replication software that allows for continuous data protection, disaster recovery automation, and workload mobility between private and public clouds. It protects virtual machines and applications across multiple hypervisors in a storage-agnostic manner. Key benefits include replication of just changes for low RPOs, application-consistent recovery to specific points in time, simple one-click failover and failback testing, and mobility between on-premises and cloud infrastructures.
VMware’s Private Cloud has grown to be one of the world’s largest private clouds with over 100K virtual machines! Come and join us and discover how EVO SDDC is shaping the future of our private cloud and why we’ve made key decisions at various inflection points through our journey to SDDC. We’ll provide you an operations perspective of the pains and gains that EVO SDDC can bring to your private cloud. The session speakers are directly responsible for the day-to-day management of building and operating VMware’s internal private cloud. The session’s commentary is based on recent, real world experiences in dealing with the practicalities of managing a large and complex private cloud to allow for agility to meet today’s IT challenges.
Migrating to the Cloud: Lessons Learned from Federal AgenciesVMware
Four years have passed since the release of the White House's Cloud First strategy, aimed at encouraging agencies to implement cloud services. To better understand the lessons learned from federal cloud adoption efforts and to determine how agencies can more effectively utilize cloud going forward, Government Business Council (GBC), Carpathia and VMware undertook an in-depth research study. Download this infographic and receive the valuable insight uncovered in the study around challenges, benefits and hear what federal leaders are saying about their adoption so far.
Hypervisor-Based Replication , Zerto architecture: Simple, effective, and virtual-ready , virtual replication and BC/DR capabilities for the data center and the cloud
47 restore scenarios from Veeam Backup & Replication v8Veeam Software
Veeam poster, which is naming all 47 recovery scenarios available in Veeam Backup & Replication v8 and providing additional information about some of them.
(SCALE 12x) OpenStack vs. VMware - A System Administrator PerspectiveStackStorm
By Dmitri Zimine, CTO of StackStorm (www.stackstorm.com)
SCALE 12x Conference
February 22, 2014
Los Angeles, CA
VMware has achieved broad usage, with some studies indicating that 80% or more of enterprises now use some VMware products. OpenStack, on the other hand, has quickly become the most important OpenSource community since Linux itself.
What’s it like to use OpenStack for virtualization and private cloud? And how does that compare to VMware’s solutions?
VMware NSX provides the right abstraction—the virtual network—to enable operational change that addresses networking pain points and meets business needs. A virtual network must do more than provide connectivity - it must deliver virtual network services like routing, firewalling, and load balancing. It also decouples the network from physical hardware, allowing workloads to be placed and moved anywhere. This enables programmatic provisioning, placement of workloads anywhere, and mobility of workloads, addressing common challenges in software-defined data centers.
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMware
VMware IT implemented micro-segmentation using NSX Distributed Firewall to secure production applications and deployed NSX in a large-scale internal private cloud environment. We will review use cases for micro-segmentation such as SAP and discuss design considerations. We will outline our approach for finalizing the firewall policy model using Log Insight for firewall traffic monitoring and analytics and discuss roles and responsibilities and lessons learned. Please join us to learn how VMware secured its business services by leveraging NSX and scaled its internal private cloud deployment using NSX features. We will discuss the design, technical and organizational considerations of one of the world’s largest deployments of NSX for vSphere (hosting over 20,000 VMs). We will review the decisions involved in deploying new NSX environments and how VMware’s internal private cloud leverages NSX edge firewalling to achieve a scalable, multi-tenant security model.
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
1. This document provides an overview and agenda for a presentation on vSphere 6.x host resource deep dive topics including compute, storage, and network.
2. It introduces the presenters, Niels Hagoort and Frank Denneman, and provides background on their expertise.
3. The document outlines the topics to be covered under each section, including NUMA, CPU cache, DIMM configuration, I/O queue placement, driver considerations, RSS and NetQueue scaling for networking.
Virtualization allows multiple operating systems and applications to run on the same physical server at the same time. This increases hardware utilization and flexibility while reducing IT costs. VMware virtualization solutions can reduce energy costs by 80% through server consolidation and powering down unused servers without affecting applications or users. Virtualization makes hardware resources independent of operating systems and applications, treating them as single unified units that can be more easily deployed, maintained, and supported.
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
The document discusses security and compliance requirements for cloud computing. It provides an overview of key compliance standards and regulations that affect customers. It then discusses some of the unique security challenges that virtualized and cloud environments can present compared to traditional IT environments. Specifically, it notes that system boundaries are less clear in virtual systems and that more components and complexity are involved. Finally, it outlines some of the foundations that VMware and its partners are providing to help address these challenges, such as security hardening guides, virtual trust zones, and network segmentation controls.
Vss Security And Compliance For The CloudGraeme Wood
The document discusses security and compliance requirements for cloud computing. It provides an overview of compliance versus security standards and regulations that affect customers. It then discusses some of the unique challenges around security and compliance in virtual environments, such as unclear system boundaries and the increased complexity introduced by virtualization. The rest of the document outlines how VMware and its partners are helping to address these challenges through virtual security foundations like secure deployment guides, virtual trust zones, and virtual security appliances that provide network controls, access management, and vulnerability management for virtual machines.
VMware introduced the vShield product line to provide security for virtualized and cloud environments. vShield products included vShield Edge to secure the network edge, vShield App to provide application protection and firewall capabilities between virtual machines, and vShield Endpoint to offload antivirus processing from virtual machines. By consolidating multiple security functions into virtual appliances and enabling security that moves with virtual machines, vShield aims to make security deployments more cost effective, simple to manage, and adaptive to virtual environments compared to traditional hardware-based security solutions.
The document discusses how NSX security services can automate security operations and policies across virtualized environments through features like distributed firewalling, guest introspection, security groups, and integration with third-party security services. It provides an overview of how NSX improves visibility, context, performance, and automation compared to traditional network and host-based security controls. Use cases demonstrated include optimized vulnerability management and context-based isolation in VDI environments.
This paper describes the concept of implementing the network vulnerability assessment process as a web service in Eucalyptus cloud.This paper is published in one of the international conferences.I implemented the mentioned concept during my M.E. thesis.
This document discusses VMware's vShield product line for securing virtualized environments. It begins with an overview of security challenges in virtualization and cloud computing. It then introduces the vShield Edge, App, and Endpoint products which provide cost-effective, simple and adaptive security. vShield Edge secures the network edge with firewall, VPN and load balancing capabilities. vShield App provides application-level protection and elastic security groups. vShield Endpoint offloads anti-virus scanning. Use cases demonstrate how vShield addresses security and compliance needs for service providers, enterprises and View deployments.
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
VMworld 2013
Gargi Keeling, VMware
Luke Youngblood, McKesson Corporation
Troy Casey, McKesson Corporation
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
This document discusses securing virtual machines and virtualized environments. It begins by outlining some common security questions from customers regarding managing compliance, securing access, and responding to security events in virtualized environments. It then discusses how virtualization can create opportunities for more effective security if security is enforced at the infrastructure layer rather than just the operating system and application layers. The document outlines VMware's approach to security including isolation by design and their secure development lifecycle process. It also discusses how virtualization can affect datacenter security and how to secure and make virtual infrastructures compliant using security best practices.
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
Achieving DevSecOps Outcomes with Tanzu Advanced
Speakers:
David Zendzian, Global Field CISCO, VMware Tanzu
James Urquhart, Strategic Executive Advisor, VMware Tanzu
Mike Koleno, Chief Architect, AHEAD
VMware is introducing major upgrades to its cloud infrastructure stack in 2011, including vSphere 5.0, vCloud Director 1.5, and vShield 5.0. The new vShield 5.0 release addresses customer concerns around security and compliance in the cloud with new features such as sensitive data discovery, intrusion prevention, and efficient antivirus protection using virtual appliances. These new capabilities help customers secure sensitive data and infrastructure, segment networks into trust zones, and automate compliance audits, allowing them to trust running business critical applications in the cloud.
My view on VMware approach to Hybrid- and Software-Defined Infrastructure: NSX, Hybrid Cloud and OpenStack. Get the agility of a startup with the guarantees of Enterprise-class IT. Session delivered at asLAN Congress 2015 in Madrid on April 15th.
McAfee provides server security solutions to address common customer challenges around securing physical, virtual, and cloud servers. Their solutions help customers discover all server workloads, protect from unknown threats through application control and integrity monitoring, and minimize performance impact while maintaining security. McAfee offers a comprehensive server security portfolio that can be managed from a single console to reduce security management complexity.
New Threats, New Approaches in Modern Data CentersIben Rodriguez
New Threats, New Approaches in Modern Data Centers - A Presentation by NPS at CENIC conference 11:00 am - 12:00 pm, Wednesday, March 22, 2017 – in San Diego, California
The standard approach to securing data centers has historically emphasized strong perimeter protection to keep threats on the outside of the network. However, this model is ineffective for handling new types of threats—including advanced persistent threats, insider threats, and coordinated attacks. A better model for data center security is needed: one that assumes threats can be anywhere and probably are everywhere and then, through automation, acts accordingly. Using micro-segmentation, fine-grained network controls enable unit-level trust, and flexible security policies can be applied all the way down to a network interface. In this joint presentation between customer, partner, and VMware, the fundamental tenants of micro-segmentation will be discussed. Presenters will describe how the Naval Postgraduate School has incorporated these principles into the architecture and design of a multi-tenant Cybersecurity Lab environment to deliver security training to national and international government personnel.
Edgar Mendoza, IT Specialist, Information Technology and Communications Services (ITACS) Naval Postgraduate School
Eldor Magat, Computer Specialist, ITACS, Naval Postgraduate School
Mike Monahan, Network Engineer, ITACS, Naval Postgraduate School
Iben Rodriguez, Brocade Resident SDN Delivery Consultant, ITACS, Naval Postgraduate School
Brian Recore, NSX Systems Engineer, VMware, Inc.
https://youtu.be/mYBbIbfKkGU?t=1h7m16s
Copied from the program with corrections - https://adobeindd.com/view/publications/b9fbbdf0-60f1-41dc-8654-3d2141b0bf54/nh4h/publication-web-resources/pdf/Conference_Agenda_2017_v1.pdf
The document discusses security challenges posed by virtualization and cloud computing. It outlines three stages in the evolution of data centers from consolidation to private and public clouds. This evolution introduces new security challenges including inter-VM attacks, vulnerabilities in dormant or cloned VMs, and difficulties maintaining compliance across complex cloud environments. The document proposes that security solutions need to improve performance in virtual environments, provide visibility across platforms, and integrate management to address threats consistently across physical, virtual and cloud systems.
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld
This presentation introduces application self-service with networking and security using VMware's vRealize Automation and NSX products. It discusses how these products allow for automated, on-demand provisioning of complete application environments including compute, networking, and security resources. Specifically, it shows how vRealize Automation blueprints and catalogs can be used to define reusable application topologies that dynamically configure NSX networking and security groups during deployment. This enables applications to be provisioned in minutes with all required infrastructure and policies.
Self service it with v realizeautomation and nsxsolarisyougood
This document discusses using VMware's NSX and vRealize Automation (vRA) products to provide self-service IT capabilities. It outlines how NSX logical networking and security services like logical switches, firewalls, and load balancers can be dynamically configured and deployed through vRA blueprints and service catalogs. The document also covers updates in NSX and vRA integration in version 6.2, including network profiles, security groups, tags, and distributed logical routing support. Finally, it discusses considerations for deploying NSX with vRA and demonstrates the networking and security workflows.
Security software products are not immune to vulnerabilities. The document discusses vulnerabilities found in Symantec Messaging Gateway, F5 BIG-IP, AppliCure dotDefender WAF, and Sophos Web Protection Appliance that allowed unauthorized access or code execution on the devices. Exploiting vulnerabilities in security software is common due to weaknesses being found in the software itself or misconfigurations of services running on the devices.
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
Providing development and engineering teams with access to cloud resources introduces challenges around deploying the proper security policies. Organizations need automated security solutions that enable their engineers to spin up their own secure environments for application development with a push of a button. Join our upcoming webinar with Palo Alto Networks, REAN Cloud, and AWS, to learn how organizations are leveraging Palo Alto Networks VM-Series and REAN Cloud to build a simple, fast, and automated solution on AWS that helps provision secure environments for developers.
Similar to VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for Security Services in the SDDC (20)
VMworld 2016: Troubleshooting 101 for HorizonVMworld
This document provides an overview of troubleshooting tools and techniques for Horizon. It begins with introductions and disclaimers. It then covers defining problems, identifying symptoms, gathering additional information, determining possible causes, identifying the root cause, resolving problems, and documenting solutions. Common troubleshooting tools are discussed, including ESXCLI commands, vSphere CLI commands, and log file locations and contents. Methods for collecting log files from Horizon components like desktops, clients, and servers are also provided.
VMworld 2016: Advanced Network Services with NSXVMworld
NSX provides network virtualization and security services including distributed firewalling, load balancing, and VPN connectivity. It reproduces traditional network and security functions in software throughout the virtual infrastructure for improved performance, agility, and security compared to physical appliances. Over 1700 customers use NSX across various industries, with growth of 100% year-over-year. NSX services can be distributed across hypervisors for massive scalability. The platform also integrates with security and application delivery partners to enhance its native capabilities.
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
This document provides an overview of how to deploy VMware NSX with Cisco infrastructure, including:
- NSX has minimal requirements of 1600 MTU and IP connectivity and is agnostic to the underlying network topology.
- When using Cisco Nexus switches, VLANs must be configured for various traffic types and SVIs created with consistent IP subnets. Jumbo MTU is required across all links.
- NSX is also compatible with Cisco ACI fabrics using Fabric Path or DFA topologies, with the VXLAN VLAN spanning multiple pods/clusters across the fabric.
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
This document discusses enforcing vSphere cluster designs using PowerCLI automation. It provides an overview of vSphere cluster design basics like HA and DRS configurations. It then discusses crafting declarative configurations to define the desired infrastructure state. Infrastructure as code principles are reviewed for managing configurations outside the endpoints. The presentation introduces the Vester project for declaratively configuring vSphere clusters using PowerCLI.
Horizon 7 introduces several new features including just-in-time desktops that instantly provision desktops and applications when users log in using VMware's instant clone technology. It also features smart policies that dynamically change desktop configurations based on user location or device. Infrastructure updates improve scalability and failover capabilities. The user experience is enhanced with support for 3D graphics, new protocols like Blast Extreme for optimized mobile access, and expanded capabilities for hosted applications and RDS desktops.
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
Virtual Volumes provide a more efficient operational model for external storage management in vSphere. They integrate storage capabilities directly into virtual machines at the individual disk level through Storage Policy-Based Management. This simplifies operations by removing the need for static LUN/volume provisioning and allows storage services to be applied non-disruptively on a per-virtual machine basis according to policies. A key component is the VASA Provider, which is used to publish an array's storage capabilities and manage the creation of VM-level objects called Virtual Volumes on behalf of vSphere.
VMworld 2016: The KISS of vRealize Operations! VMworld
This presentation introduces new features in vRealize Operations 6.3 that simplify operations management. It begins with an overview of the vRealize Operations architecture and dashboard. New features are then demonstrated, including a recommended actions page, cluster resource dashboard, data collection notifications, workload balancing through rebalancing containers, guided remediation through alerts, integration with vRealize Log Insight, capacity management of clusters and projections, and extensibility with management packs. Finally, related VMworld sessions are listed that provide further information on capacity planning, troubleshooting, intelligent operations management, log insight, and network insight.
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
This document provides an overview and introduction to PowerShell and PowerCLI for managing VMware environments. It discusses what PowerShell and PowerCLI are, important terminology like modules and functions, how to set them up and configure profiles, and examples of how to start coding with PowerShell including gathering data, writing logic statements, and using cmdlets safely. The presenters are introduced and an agenda is provided covering these topics at a high level to get started with PowerShell and PowerCLI.
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
This document is a disclaimer stating that the presentation may include features still under development and not committed to be delivered in final products. Any features discussed are subject to change based on technical feasibility and market demand, and pricing and packaging have not been determined for any new technologies presented. The document is confidential.
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
Virtualizing Active Directory domain controllers provides benefits like increased availability, scalability, and manageability. However, there are some technical challenges to address like ensuring proper time synchronization. This presentation provides best practices for virtualizing domain controllers including using host-guest affinity rules, disabling time synchronization settings, and ensuring the ESXi host clock is correct. It also introduces new "safety" features in Windows Server 2012 like VM GenerationID that help address issues from restoring or reverting snapshots like USN rollback.
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
Iain Leiter from A.T. Still University discussed their organization's migration from a hardware-based firewall to NSX to improve performance and compliance. Some key advantages of NSX include distributed firewalling for high performance and scalability, pay-as-you-grow flexibility, and advanced security features like microsegmentation. Their deployment process involved installing NSX, defining security groups, building security policies using syslog data from "recon rules", and applying a common services policy. Discoveries included many backdoors, application architecture issues, and the security benefits of microsegmentation.
VMworld 2015: Troubleshooting for vSphere 6VMworld
The document provides an overview of troubleshooting tools and techniques for vSphere 6. It discusses gathering diagnostic information, identifying potential causes, and resolving problems. The vSphere ESXi Shell and vCLI commands can be used to troubleshoot issues locally or remotely via SSH. An example troubleshooting process is provided to demonstrate defining a vMotion failure problem, gathering logs, testing connectivity, and resolving an incorrect VMkernel interface IP address.
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
This year VMware vSphere 6 combined with vRealize Operations 6.1 (vR Ops 6) adds critical features to increase technical agility in the infrastructure, and reduce Mean time to Repair. With a new Automated remediation action framework in vR Ops, vSphere 6’s ability to vMotion Physical Raw Device mappings (RDMs), and a complete Management Pack Ecosystem for monitoring Infrastructure to applications, administrators have the tools needed to get to maintain 5 9’s uptime, shorten Mean Time to Repair (MTTR), and predict capacity requirements as and when the business requires.. This session will be a deep technical explanation, and live demonstration of these tools. It will give administrators a solid understanding of how they can use these tools to monitor and manage their application clusters, keep applications running during Infrastructure maintenance, and get deep holistic visibility into the entire Application ecosystem, from Storage to Networking.
VMworld 2015: Advanced SQL Server on vSphereVMworld
Microsoft SQL Server is one of the most widely deployed “apps” in the market today and is used as the database layer for a myriad of applications, ranging from departmental content repositories to large enterprise OLTP systems. Typical SQL Server workloads are somewhat trivial to virtualize; however, business critical SQL Servers require careful planning to satisfy performance, high availability, and disaster recovery requirements. It is the design of these business critical databases that will be the focus of this breakout session. You will learn how build high-performance SQL Server virtual machines through proper resource allocation, database file management, and use of all-flash storage like XtremIO. You will also learn how to protect these critical systems using a combination of SQL Server and vSphere high availability features. For example, did you know you can vMotion shared-disk Windows Failover Cluster nodes? You can in vSphere 6! Finally, you will learn techniques for rapid deployment, backup, and recovery of SQL Server virtual machines using an all-flash array.
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
Active Directory Domain Services (ADDS) allows organizations to deploy a scalable and secure directory service for managing users, resources and applications. Virtualization of ADDS has been supported for many years now, however has required careful management to avoid pitfalls around replication, time management, and access. Windows Server 2012 provides greater support for virtualization by including virtualization-safe features and support for rapid domain controller deployment.
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
Policy based management greatly simplifies the work of IT Administrators making it easy to ensure that applications and VMs receive the resources, protection and functionality required. Learn about the latest enhancements of Site Recovery Manager in this space, which represent a huge step towards providing policy based DR. In this session we'll dive deep into how this approach works and how to work with them.
VMworld 2015: Building a Business Case for Virtual SANVMworld
This presentation discusses building a business case for VMware Virtual SAN. It provides an overview of Virtual SAN and its benefits for customers like choice, integration, cost savings and performance. A case study is presented of how Dominos Pizza implemented Virtual SAN which resulted in roughly 40% lower costs compared to a traditional storage array. The presentation concludes by demonstrating the Virtual SAN assessment tool and various ways customers can try Virtual SAN.
Not content to simply describe the Virtual Volume (VVOL) framework, this session instead examines practical use cases: How different configurations and workloads benefit from VVOLs. Learn how Storage Policy Based Management (SPBM) couples with VVOLs to provide VM configuration options not previously available. We demonstrate a handful of real-life scenarios, specifically covering how VVOLs benefits oversubscribed systems, disaster recovery preparation and multi-tenant requirements for customers. Specific configuration options and constraints are covered in detail, including how they work with underlying storage.
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld
This document provides a technical deep dive on virtual volumes. It begins with an overview of the challenges with today's LUN-centric storage architectures, such as complex provisioning, wasted resources, and lack of granular control. It then introduces an application-centric model using virtual volumes that provides dynamic storage service levels, fine-grained control at the VM level, and common management across arrays. The rest of the document details the management plane, data plane, consumption model using storage policy-based management, virtual machine lifecycles, snapshots, and offloading operations with virtual volumes.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for Security Services in the SDDC
1. Introducing NSX Service Composer:
The New Consumption Model for Security Services
in the SDDC
Merritte Stidston, McKesson
James Wiese, VMware
SEC5749
#SEC5749
3. 3
Problems with Security Products in a Virtual Environment
End Users Blame IT for being ‘Slow’
• Focus generally is only on Storage, Network, Compute but Security can drag
deployments – Need mechanism to apply policy to VM provisioning (make it stick)
Bigger Datacenter Threat: Rapid Deployment From the Inside (Drift)
• Users Create Servers Instantly – Snapshot of a golden image used to provision many
instances of server instantly, New VMs are not connected to protection service
• Servers have stale configurations & vulnerable software which introduces threat
Security Product Can Not “See” the VM
• VLANs can also segment out the network scanning services
• Is the VM on the right network? Is the right version of the agent there? Does the VM
agent have access to the security product console? What are the credentials?
Security Products Do Not Interoperate
• No Ability to Detect Issue & Remediate without complicated scripts & process
• Many Ways to Identify a VM – Requires correlation for management (SID, IP, VMID)
4. 4
Overall Challenge: Security in the SDDC
Cumbersome Provisioning
Complicated deployment and troubleshooting
processes make it difficult to maintain service
levels for security.
Manual, Cross-Service Workflows
Security and cloud admins volley back and
forth to identify, assess, plan, implement
security risks…a very inefficient process.
Security Policy ≠ Security Operations
Expecting cloud operators to manage security
policies is unrealistic and unfair. Security
architects define policy. Cloud operators
implement policy.
Cloud
Operator
✔ ?
5. 5
Challenge: Firewall Roulette: Which VM is behind Which Wire?
CISO: We need to
make sure the
Firewall is protecting
the RED VMs
appropriately. Can
you confirm this?
6. 6
Challenge: Detection Services Not Interoperable & Increase Process
Web Servers
Services
Monitor
Events
Identify Threat
Report
File Ticket
With NetBios ID
Receive Ticket
Notification
Correlate to IP
(Attempt)
Ask for
VLAN Tag
Determine
VM -> Subnet -> Tag
Realize NAT Issue?
Create
Rule
Verify RuleClose Ticket
Open Ticket
To Patch Machine
7. 7
7
Challenge: 9-Dashboards of Wonder & Making Security Stick
Agile security is possible in
2012…
…if you identify workloads and
connect the system – by IP, by
SID, by subnet, by host, by user,
and don’t change anything…
Vulnerability
System
Antivirus
System
Firewall
vCenter
IDS System
DLP System
8. 8
No knowledge of internal traffic and potential threats
Most breaches are not discovered by the breached party.
Common point of purchase
Current state — head in the sand
"I know I am wearing rose-colored glasses; we
just haven't looked into this."
12. 12
Architectural Complexity: Securing Virtualization within the IT Infrastructure
Management & Admin Network
Zone
PCI Internal Service
Networks CoLo Internal Service
Network
ASP-MSP Internal
Service Network
McKIT Shared Service
Network
Network Core Layer McKIT
WAN-MPLS
B2B
Extranet
Internet McKesson CareBridge
Edge Perimeter Zone
Edge
Router
ISP 1
F/W
F/W
F/WF/W
F/W
F/W
CoLo’s
External HostingASP
MPS
Partners, Vendors,
Sub-Contractors
McKIT
Shared DMZ
PCI
DMZ
VPN
Remote Access
Core Edge Firewall Layer
O/S
Build
VM
Build
VM
Repository
HyTrust
Gateway
vCenter
vShield
App
Edge
Endpoint
Crypto
AV Agent
Auth-LDAP
Logs
VM1…n
Hypervisor Layer
B/U
Mngt. Agent
Hosts 1…n
vNet Fabric
vSwitch1 vSwitch2 vSwitch3 vSwitchn
Management &
Security
Services
(Physical)
Patch
Secure
VMs
B.U.R.N
VTLVTL
De-Dup
Back-up/Restore
Solution
Tape
* DASD
* SAN
* NAS
-NSF
-ISCI
-SMB
vSafe 1.6/API
vShield 1.6/API
ISP 2
Internal
Router
Infrastructure Distribution Layer
External Untrusted Layer
McK
Remote Offices
McK Remote Sites
Internal Trusted
Layer
ESXi
Mngt YF
vShield Endpoint
Patching
HP CSA SEIM
EKMDE
Directory Services
Central Logging
Key Management
vShield Edge
Backup & Recovery
Nessus
Vulnerability Scan
DLPIDS / IPS
Anti-virus
Inventory
13. 13
What is Secure Lab?
What were some of the business problems that prompted you to
pick up the security baton?
• A fundamental belief that security is everyone's responsibility
• Our business units requested it and our customers expect it
• Build infrastructure with a security 1st approach was a challenge
What technical challenges made this an urgent need?
• No roadmap to help guide the way
• Multiple tools to integrate
• Common framework with common goals
• Decoupled software & hardware stack (Allows for future changes)
14. 14
SecureLab
McKesson
Imaging
VDC
Developers &
App Support
ESXi
INTEL TXT INTEL TXT
VCD
ESXiESXiESXi
View 5 VDI
(hardened)
McKesson SecureLab: NGDC Architecture
Physical
desktops
& laptops
VDI “bastion host”
only access
App A
Web MW DB
VDI
VDI
VDI
VDI WebDBMW
App B
vShield App
All VDI instances
automatically
firewalled from
one another
vShield Edge
Network Gateway and
Secure Multi-tenancy
vShield App
VDI “group” to App access
allowed by vShield App
ESXi Trusted boot
with Intel TPM/TXT
TPM/TXT
Horizon
Clinicals
VDC
App C
WebDB MW
App D
DB
16. 16
NSX Service Composer
Security services can now be consumed more efficiently in the
software-defined data center.
Apply.
Apply and visualize
security policies for
workloads, in one
place.
Automate.
Automate
workflows across
different services,
without custom
integration.
Provision.
Provision and
monitor uptime of
different services,
using one method.
17. 17
Concept – Apply Policies to Workloads
Security Groups
WHAT you want to
protect
Members (VM, vNIC…) and
Context (user identity, security
posture)
HOW you want to
protect it
Services (Firewall, antivirus…)
and Profiles (labels representing
specific policies)
APPLY
Define security policies based on service profiles already defined (or
blessed) by the security team. Apply these policies to one or more
security groups where your workloads are members.
19. 19
Introducing – NSX Service Composer
Policies – collection of service
profiles - assigned to this
container…to define HOW you
want to protect this container
e.g. “PCI Compliance” or
“Quarantine Policy’
Nested containers –
other groupings within
the container
e.g. “Quarantine Zone” is
a sub group within “My
Data Center”
VMs (workloads) that belong to this
container.
e.g. “Apache-Web-VM”, “Exchange Server-
VM”
Containers – Grouping of VMs, IPs, and
more…to define WHAT you want to protect.
e.g. “Financial Applications”, “Desktop Users”,
“Quarantine Zone”
Service profiles for *deployed*
services, assigned to these
policies
Services supported today:
• Distributed Virtual Firewall
• Anti-virus
• Vulnerability Management
• Network IPS
• Data Security (DLP scan)
• User Activity Monitoring
• File Integrity Monitoring
20. 20
NSX Service Composer – Canvas View
Members: Apps and workloads that belong to this container.
e.g. “Apache-Web-VM”, “Exchange Server-VM”
23. Corp
Cust Svc
Desktop
Engineering
Domain Controllers
Sales
Desktop
Sales
SAPSalesWeb
Extranet (DMZ)
External FTP
Servers
Corp External
Web
Eng Desktop
P1 – Corp Policy
Block Telnet, SSH from *
P2 – Department Policy
Block HTTP
P3 – Web App Policy
Allow 8080 from Desktops
Allow 443 from *
Block All Other
P4 – Eng Department Policy
Allow 80 HTTP from Internet
P5 – Desktop Policy
Block * to these from these
P6 – Sales Desktop Policy
Allow * from Sales/SAP
P7 – AD Policy
Allow * , TCP/UDP on port 137,445
Example: Firewall By Policy
24. 24
Example: Orchestrating Security Between Multiple Services
SG: QuarantineSG: Web Servers
1.Web Server VM running IIS is deployed, unknowingly having a vulnerability
2.Vulnerability Scan is initiated on web server (e.g. Rapid7’s Nexpose product)
3.VM is tagged in NSX Manager with the CVE and CVSS Score
4.NSX Manager associates the VM with the Quarantine (VSM F/W Deny)
5.[Externally] Admin applies patches, Nexpose re-scans VMs, clears tag
6.NSX Manager removes the VM from Quarantine ; VM returns to it’s normal
duties
VSM F/W VSM F/W
Services Services
Membership: Include VMs which have CVSS score >= 9Membership: Include VMs which have been provisioned as “WebServer”
NSX Manager
25. 25 Confidential
Example: Deploying Security Services On Demand
1. ESX Host added to cluster
2. Service Composer: Deploys Security VMs (Partner & VMW)
3. VM brought up on host
4. Service Composer: Appropriate Security Services applied
5. VM vMotions to different host
6. Service Composer: Appropriate Security Services applied
26. 26
“Dev” “Test” “Stage”
wire FW wire FW
“Production”
wire LB FW IDS
FIM SVM AV LOG
wire LB FW IDS
FIM SVM AV LOG
Example: Precedence Enforced for Dev/Test to Production
Service Policy for
App
28. 28
VM Based Group Policy For Services
App
Consumer
Cloud
Operations
Infrastructure
(NOC)
29. 29
NSX Service Composer Benefits
Streamline Service Provisioning
Fewer steps to deploy VMware and partner
content. Service outages are easy to
identify and troubleshoot.
Automate Workflows Across Services
Workflows between different services are
easily automated on this platform
Apply Policies in the SDDC
Workloads are easily organized (WHAT you
want to protect) and services can be easily
mapped to resources (HOW you want to
protect them), for consumption in the SDDC
AVFW
IPS DLP
Vuln. Mgmt
AVFWIPS DLPVuln. Mgmt
✔ ✔
30. 30
Related Sessions
SEC-5750: Security Automation Workflows with NSX
SEC-5253: Get on with Business: Vmware Reference Architectures
Help Streamline Compliance Efforts
HOL: HOL-SDC1303: VMware NSX Network Virtualized Platform
33. Introducing NSX Service Composer:
The New Consumption Model for Security Services
in the SDDC
Merritte Stidston, McKesson
James Wiese, VMware
SEC5749
#SEC5749
35. 35
Concept – Service Profiles
Comprises One or More Services
At least one service is required to define a
service profile.
Container 1
Container 2
Container 3
Container Can Have Multiple
Service Profiles
Different profiles may need to apply to a single
container.
Precedence Must Be Enforced on
Service Profiles
Ultimately, these services manifest in real
security services so in the case of overlapping
services or conflicts, precedence must be
enforced.
36. 36
Container 1
Concept – Containers
Contain VMs
Including machines, networks…anything that
could comprise an application But it could also
be empty, perhaps waiting for a state change.
Can Contain Other Containers
Nesting is a powerful concept that allows you
to group applications and resources more
flexibly.
Can Contain Object Defined by
Security Tags
Services have intelligence in the form of
visibility and control. They can find an issue
with a machine and tag it to identify the issue.
The mere act of tagging can add the machine
to a container.
Container 2 Container 3
40. Introducing NSX Service Composer:
The New Consumption Model for Security Services
in the SDDC
Merritte Stidston, McKesson
James Wiese, VMware
SEC5749
#SEC5749