VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
VMworld 2013
Arun Goel, VMware
Serge Maskalik, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Customers are using NSX to drive business benefits as show in the figure below. The main themes for NSX deployments are Security, IT automation and Application Continuity.
Figure 3: NSX Use Cases
• Security:
NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects and tags, active directory groups, etc. Intelligent dynamic security grouping can drive the security posture within the infrastructure.
NSX can be used in conjunction with 3rd party security vendors such as Palo Alto Networks, Checkpoint, Fortinet, or McAffee to provide a complete DMZ like security solution within a cloud infrastructure.
NSX has been deployed widely to secure virtual desktops to secure some of the most vulnerable workloads, which reside in the data center to prohibit desktop-to-desktop hacking.
• Automation:
VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. IT admins can reduce the tasks and cycles required to provision workloads within the datacenter using NSX.
NSX is integrated out of the box with automation tools such as vRealize automation, which can provide customers with a one-click deployment option for an entire application, which includes the compute, storage, network, security and L4-L7 services.
6
Developers can use NSX with the OpenStack platform. NSX provides a neutron plugin that can be used to deploy applications and topologies via OpenStack
• Application Continuity:
NSX provides a way to easily extend networking and security up to eight vCenters either within or across data center In conjunction with vSphere 6.0 customers can easily vMotion a virtual machine across long distances and NSX will ensure that the network is consistent across the sites and ensure that the firewall rules are consistent. This essentially maintains the same view across sites.
NSX Cross vCenter Networking can help build active – active data centers. Customers are using NSX today with VMware Site Recovery Manager to provide disaster recovery solutions. NSX can extend the network across data centers and even to the cloud to enable seamless networking and security.
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
VMworld 2013
Shubha Bheemarao, VMware
Bruno Germain, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
VMworld 2013
Arun Goel, VMware
Serge Maskalik, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Customers are using NSX to drive business benefits as show in the figure below. The main themes for NSX deployments are Security, IT automation and Application Continuity.
Figure 3: NSX Use Cases
• Security:
NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects and tags, active directory groups, etc. Intelligent dynamic security grouping can drive the security posture within the infrastructure.
NSX can be used in conjunction with 3rd party security vendors such as Palo Alto Networks, Checkpoint, Fortinet, or McAffee to provide a complete DMZ like security solution within a cloud infrastructure.
NSX has been deployed widely to secure virtual desktops to secure some of the most vulnerable workloads, which reside in the data center to prohibit desktop-to-desktop hacking.
• Automation:
VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. IT admins can reduce the tasks and cycles required to provision workloads within the datacenter using NSX.
NSX is integrated out of the box with automation tools such as vRealize automation, which can provide customers with a one-click deployment option for an entire application, which includes the compute, storage, network, security and L4-L7 services.
6
Developers can use NSX with the OpenStack platform. NSX provides a neutron plugin that can be used to deploy applications and topologies via OpenStack
• Application Continuity:
NSX provides a way to easily extend networking and security up to eight vCenters either within or across data center In conjunction with vSphere 6.0 customers can easily vMotion a virtual machine across long distances and NSX will ensure that the network is consistent across the sites and ensure that the firewall rules are consistent. This essentially maintains the same view across sites.
NSX Cross vCenter Networking can help build active – active data centers. Customers are using NSX today with VMware Site Recovery Manager to provide disaster recovery solutions. NSX can extend the network across data centers and even to the cloud to enable seamless networking and security.
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
VMworld 2013
Shubha Bheemarao, VMware
Bruno Germain, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
Customer interest is increasing well beyond just what our standalone products offer. In fact, customer don’t care about the products, they care about the solution. IaaS with SDN as a solution is extremely popular. Therefore, this is focused on joint solution of vRA, vRO, NSX-v and 3rd party options.
The Future of Cloud Networking is VMware NSXScott Lowe
This presentation was first given at Varrow Madness 2014 and discusses the need for a solution specifically designed (like VMware NSX) for cloud networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
Witness the enablement of a true integration of a virtual network platform and an underlay physical network for a scalable data center orchestration, automation and multi-tenancy solution over high-capacity IP fabrics. With the integration of VMware NSX Layer 2 gateway services on networking hardware running Cumulus Linux, customers can now connect virtual workloads to physical workloads with no performance impact.
My view on VMware approach to Hybrid- and Software-Defined Infrastructure: NSX, Hybrid Cloud and OpenStack. Get the agility of a startup with the guarantees of Enterprise-class IT. Session delivered at asLAN Congress 2015 in Madrid on April 15th.
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
Policy based management greatly simplifies the work of IT Administrators making it easy to ensure that applications and VMs receive the resources, protection and functionality required. Learn about the latest enhancements of Site Recovery Manager in this space, which represent a huge step towards providing policy based DR. In this session we'll dive deep into how this approach works and how to work with them.
Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
Customer interest is increasing well beyond just what our standalone products offer. In fact, customer don’t care about the products, they care about the solution. IaaS with SDN as a solution is extremely popular. Therefore, this is focused on joint solution of vRA, vRO, NSX-v and 3rd party options.
The Future of Cloud Networking is VMware NSXScott Lowe
This presentation was first given at Varrow Madness 2014 and discusses the need for a solution specifically designed (like VMware NSX) for cloud networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
Witness the enablement of a true integration of a virtual network platform and an underlay physical network for a scalable data center orchestration, automation and multi-tenancy solution over high-capacity IP fabrics. With the integration of VMware NSX Layer 2 gateway services on networking hardware running Cumulus Linux, customers can now connect virtual workloads to physical workloads with no performance impact.
My view on VMware approach to Hybrid- and Software-Defined Infrastructure: NSX, Hybrid Cloud and OpenStack. Get the agility of a startup with the guarantees of Enterprise-class IT. Session delivered at asLAN Congress 2015 in Madrid on April 15th.
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
Policy based management greatly simplifies the work of IT Administrators making it easy to ensure that applications and VMs receive the resources, protection and functionality required. Learn about the latest enhancements of Site Recovery Manager in this space, which represent a huge step towards providing policy based DR. In this session we'll dive deep into how this approach works and how to work with them.
(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014Amazon Web Services
Navigating Payment Card Industry (PCI) compliance on AWS can be easier than in a traditional data center. This session discusses how PaymentSpring implemented a PCI level-1 certified payment gateway running entirely on AWS. PaymentSpring will talk about how they designed the system to make PCI validation easier, what AWS provided, and what additional tools PaymentSpring added. Along the way, they'll cover some things they did to reduce costs and increase the overall security of the system.
VMworld 2013: Protect vCenter Server with vCenter Server Heartbeat Deep Dive VMworld
VMworld 2013
Shawn Gordon, Neverfail
Donna Reineck, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Pass4sure Interconnecting Cisco Networking Devices Part 2 products provide you an easiest way to grasp syllabus content and perform excellently in the real exam scenario. Pass4sure’s Cisco 200-101 products are in line with the real exam requirements, hence serve you the best to answer all exam questions and ensure outstanding percentage. Designed into Q&As pattern, Pass4sure’s braindumps, Study Guides, practice Tests, Exam Engine best suit your needs in affordable prices.
Pass4sure C9020-971 IBM study guide imparts confidence to its clients to shake off their exam fears of C9020-971 and get an assured success, employing only minimum efforts. By using Pass 4 sure’s Exam C9020-971 products you are assured to pass IT certification exam with 100% money back guarantee.
VMworld 2013
Ameet Jani, Vmware
Justin King, Vmware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
ContainerCon EU 2016 - Software-Defined Storage and Container SchedulersDavid vonThenen
Presentation at ContainerCon EU 2016. Discussing how Software-Defined Storage and Container Schedulers can compliment each other. Discuss the idea of building a Software-Defined Storage Framework for Mesos.
VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security across virtual, physical and multiple-clouds with micro-segmentation planning, 360 visibility and NSX operations.
As Enterprises increasingly span their workloads across on-premises data centers and cloud environments, it is becoming significantly complex for IT teams to enable better workload portability and create consistent application delivery and networking services.
In this webinar, you will learn how VMware NSX Advanced Load Balancer facilitates seamless application delivery and provides choices to deploy your applications across on-premises data centers and Oracle Cloud Virtual Services (OCVS) while enabling:
Modern Application Delivery: Consider consistency, elastic scalability, cloud-native automation, and built-in end-to-end observability when choosing load balancing across hybrid environments.
Data-center Extension: Ensure continuous operations while providing elastic L4-L7 load balancing, security, and real-time application analytics for VMware-based apps running in Google Cloud.
Lift-and-Shift: When migrating to OCVS from an on-premises data center, operationalize uninterrupted enterprise-grade features, including GSLB and WAF.
An overview of Whats New in VMware vRealize Network Insight 3.4. vRealize Network Insight provides micro-segmentation planning, 360 visibility and troubleshooting and VMware NSX day 2 operations management.
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...Amazon Web Services
A key component of Cisco hybrid cloud portfolio is Cloud Connect. In this session, we review how Cloud Connect solutions can securely extend your private networks into the AWS Cloud and ensure the application experience. The products we cover include the CSR1000v and vEdge with Umbrella integration. This session is brought to you by AWS Partner, Cisco.
VMworld 2013: Architectural Changes in vCenter Platform VMworld
VMworld 2013
Eddie Dinel, VMware
Fausto Ibarra, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...VMworld
VMworld 2013
David Hughes, Silver Peak
Terry Lyons, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
In this session you will learn about architecting your private cloud infrastructure for speed and agility using Citrix cloud solutions, including:
Considerations for cloud infrastructure deployment
How Citrix diamond-validated partner SSI used Citrix cloud solutions to enhance business for their customers
A cloud product demo highlighting speed and agility of infrastructure deployment
New Threats, New Approaches in Modern Data CentersIben Rodriguez
New Threats, New Approaches in Modern Data Centers - A Presentation by NPS at CENIC conference 11:00 am - 12:00 pm, Wednesday, March 22, 2017 – in San Diego, California
The standard approach to securing data centers has historically emphasized strong perimeter protection to keep threats on the outside of the network. However, this model is ineffective for handling new types of threats—including advanced persistent threats, insider threats, and coordinated attacks. A better model for data center security is needed: one that assumes threats can be anywhere and probably are everywhere and then, through automation, acts accordingly. Using micro-segmentation, fine-grained network controls enable unit-level trust, and flexible security policies can be applied all the way down to a network interface. In this joint presentation between customer, partner, and VMware, the fundamental tenants of micro-segmentation will be discussed. Presenters will describe how the Naval Postgraduate School has incorporated these principles into the architecture and design of a multi-tenant Cybersecurity Lab environment to deliver security training to national and international government personnel.
Edgar Mendoza, IT Specialist, Information Technology and Communications Services (ITACS) Naval Postgraduate School
Eldor Magat, Computer Specialist, ITACS, Naval Postgraduate School
Mike Monahan, Network Engineer, ITACS, Naval Postgraduate School
Iben Rodriguez, Brocade Resident SDN Delivery Consultant, ITACS, Naval Postgraduate School
Brian Recore, NSX Systems Engineer, VMware, Inc.
https://youtu.be/mYBbIbfKkGU?t=1h7m16s
Copied from the program with corrections - https://adobeindd.com/view/publications/b9fbbdf0-60f1-41dc-8654-3d2141b0bf54/nh4h/publication-web-resources/pdf/Conference_Agenda_2017_v1.pdf
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...Amazon Web Services
Cloud Connect is a key component of the Cisco hybrid cloud portfolio. In this session, we review how Cloud Connect solutions can securely extend your private network to the AWS Cloud and ensure the application experience. The products we cover include the CSR1000v and vEdge with Umbrella integration.
Deploying Elastic, Self-Service Load Balancing for VMware NSX-TAvi Networks
The VMware NSX Advanced Load Balancer (formerly Avi Networks) delivers software load balancing, web application firewall (WAF), and Kubernetes ingress services across your data centers, multi-cloud, bare metal, and container infrastructure. With the integration with VMware NSX-T, Avi now offers enterprise-grade load balancing and WAF capabilities for VMware Cloud Foundation (VCF) and NSX-T environments on a complete L2-L7 networking and security virtualization platform. Digital, app-centric companies are replacing traditional appliance-based load balancers that are not built for cloud use cases and cause over-provisioning, partial automation and little visibility.
In this webinar you will learn how to deliver complete automation and self-service by:
Managing load balancers centrally across any environment
Creating new virtual services in just minutes
Scaling load balancing capacity dynamically based on traffic patterns
Troubleshooting application issues without TCP dumps/log exports
Similar to VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation (20)
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
This year VMware vSphere 6 combined with vRealize Operations 6.1 (vR Ops 6) adds critical features to increase technical agility in the infrastructure, and reduce Mean time to Repair. With a new Automated remediation action framework in vR Ops, vSphere 6’s ability to vMotion Physical Raw Device mappings (RDMs), and a complete Management Pack Ecosystem for monitoring Infrastructure to applications, administrators have the tools needed to get to maintain 5 9’s uptime, shorten Mean Time to Repair (MTTR), and predict capacity requirements as and when the business requires.. This session will be a deep technical explanation, and live demonstration of these tools. It will give administrators a solid understanding of how they can use these tools to monitor and manage their application clusters, keep applications running during Infrastructure maintenance, and get deep holistic visibility into the entire Application ecosystem, from Storage to Networking.
VMworld 2015: Advanced SQL Server on vSphereVMworld
Microsoft SQL Server is one of the most widely deployed “apps” in the market today and is used as the database layer for a myriad of applications, ranging from departmental content repositories to large enterprise OLTP systems. Typical SQL Server workloads are somewhat trivial to virtualize; however, business critical SQL Servers require careful planning to satisfy performance, high availability, and disaster recovery requirements. It is the design of these business critical databases that will be the focus of this breakout session. You will learn how build high-performance SQL Server virtual machines through proper resource allocation, database file management, and use of all-flash storage like XtremIO. You will also learn how to protect these critical systems using a combination of SQL Server and vSphere high availability features. For example, did you know you can vMotion shared-disk Windows Failover Cluster nodes? You can in vSphere 6! Finally, you will learn techniques for rapid deployment, backup, and recovery of SQL Server virtual machines using an all-flash array.
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
Active Directory Domain Services (ADDS) allows organizations to deploy a scalable and secure directory service for managing users, resources and applications. Virtualization of ADDS has been supported for many years now, however has required careful management to avoid pitfalls around replication, time management, and access. Windows Server 2012 provides greater support for virtualization by including virtualization-safe features and support for rapid domain controller deployment.
Not content to simply describe the Virtual Volume (VVOL) framework, this session instead examines practical use cases: How different configurations and workloads benefit from VVOLs. Learn how Storage Policy Based Management (SPBM) couples with VVOLs to provide VM configuration options not previously available. We demonstrate a handful of real-life scenarios, specifically covering how VVOLs benefits oversubscribed systems, disaster recovery preparation and multi-tenant requirements for customers. Specific configuration options and constraints are covered in detail, including how they work with underlying storage.
The popularity of Virtual SAN is growing daily. Server admins are finally free to aggregate storage in their servers to create a shared storage system that scales with their compute needs. The underlying key to making it all work is networking. All Virtual SAN data flows through it, and correct selection and configuration of networking components will mean the difference between disruptive success or dramatic failure. This session will give deep insight in the do's and don'ts of Virtual SAN networking. Best practices for physical and virtual switch configuration and performance testing will be discussed. Virtual SAN 5.5 and 6.0 will be covered, and the networking differences discussed. Methods of troubleshooting network issues will be covered. For those configuring a Virtual SAN network for the first time, for labs or enterprise scale, this session is a must-see.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
4. 44
About Segmentation
At a fundamental level the SDDC is about the:
• Pooling of physical compute and storage into groups
• Coupled with networks that allow for access to these resources
• Administrative and kernel networks for ESXi shell access and operations like vMotion
• APIs that allow us to interact with those resources
Auditors rely on ‘scope’ to define those items that should be audited
• In the SDDC it is easy to declare that everything is in ‘scope’ due to shared resources
• We need effective tools to declare ‘scopes’ and their usage as well as their join rules
• For those workloads that serve business function we want coherent policies
Value Propositions of Segmenting with NSX
• Reducing the ‘scope’ of the infrastructure subject to audit will reduce audit costs
• Leverage NSX to establish networks with policies that are transitive across datacenter
• Clearly define and orchestrate VMware and Technology Partners to monitor ‘layers’
5. 55
Four Steps to Segmenting the SDDC
vSphere and Networking
• Hosts and Storage should also be segmented
• VLANs may still be used but are not relied upon as a control mechanism
• Dedicated cluster for SDDC Management VMs like vCenter, ActiveDirectory
Establish VXLAN for Workloads
• Allows for Layer 2 subnets across compliant hosts/clusters
• Provides routes to traverse from Layer 2 to other VXLAN and Edge Shared Services
Establish Zones for Shared Services, DMZ, etc. with Edge
• Active Directory serving Enterprise users, DNS, Messaging, Email, etc.
• Defining bastion host networks for access to administer these services
Establish Service Composer Firewall Policies
• Firewall and other technologies, declaratively enabled, follow the workload
• Workloads that come out of policy for any reason have access restricted
6. 66
Groups
vSphere Storage Networks
ESXi Hosts/Clusters to LUNs
Usage
vSphere, Porticor
Create Encrypted iSCSI LUNs
Consume via Storage vSwitches
Step 1: Segment Storage for Consumption
Segmenting Storage with Encryption and dedicated vSwitches eases
consumption while maintaining compliance
7. 77
Porticor Solution
State of the art encryption
• AES 256 / SHA 2 – standards based…
• … yet implemented with best-in-class
performance
• Streaming, caching, stateless servers, cloud
scale solution
Cloud key management - The
“banker”
• Metaphor: a physical safety deposit box is
behind strong walls, and… requires two keys
to open/lock: one for the customer, the other
for the banker
• The secret sauce: “split key” and
“homomorphic” technology creates this in a
virtual environment
8. 88
The “Swiss Banker” metaphor
Customer has a key, “Banker” has a key
Master key with Homomorphic key encryption
Key-splitting and Homomorphic Technology together deliver Trust
10. 1010
Groups
ESXi Hosts/Clusters
vSwitch/Port Groups to VLANs
Usage
vSphere, HyTrust
Identify vSphere assets
Label in HyTrust as ‘PCI’
VLANs inherited from Port
Groups
Step 2: Identify and Label vSphere Components
Identifying Hosts, Storage and Network Assets for compliance scope
is the initial step in Segmentation
15. 1515
PCI DSS 2.0 on VLANs and Segmentation
“Relying on Virtual LAN (VLAN) based
segmentation alone is not sufficient. For
example, having the CDE on one VLAN and the
WLAN on a separate VLAN does not adequately
segment the WLAN and take it out of PCI DSS
scope. VLANs were designed for managing
large LANs efficiently. As such, a hacker can
hop across VLANs using several known
techniques if adequate access controls between
VLANs are not in place.”
16. 1616
NSX Architecture
vCD/vCAC
vCenter Server NSX Manager
1:1
Management Plane
Control Plane
NSX Edge
Distributed
Router
Controller
Data Plane
NSX Edge
Services Router
VXLAN DR DFWSecurity VXLAN DR DFWSecurity
1:Many
VXLAN DR DFWSecurity
17. 1717
Management Plane Components
Self service and on-
demand Provisioning of
Infrastructure
Abstracted pool of services
(Compute/Storage/Network
)
Catalogue of applications
vCD/vCAC
vCenter Server NSX Manager
1:1
Management Plane
Provisioning and
Management of
Compute/Memory
Storage
Virtual Switch
Provisioning and
Management of Network and
Network services
VXLAN Preparation
Logical Network Consumption
Network Services
Configuration
vCD/vCAC vCenter Server NSX Manager
18. 1818
Control Plane Components
Dynamic Routing
VXLAN – VLAN Bridging
Scale Out
VXLAN - no Multicast
ARP suppression
Distributed Routing
Control Plane
NSX Edge
Distributed
Router
Controller
NSX Edge Distributed Router Controller
19. 1919
Data Plane Components
Kernel Modules
Message Bus
User World Agent
NAT
DHCP
LB
VPN
Data Plane
NSX Edge
Services Router
ESX Host NSX Edge Services Router
VXLAN DR DFWSecurity VXLAN DR DFWSecurityVXLAN DR DFWSecurity
20. 2020
Communication Between The Three Planes
vCD/vCAC
vCenter Server NSX Manager
Management Plane
Control Plane
NSX Edge
Distributed
Router
Controller
Data Plane
NSX Edge
Services Router
VXLAN DR DFWSecurity VXLAN DR DFWSecurityVXLAN DR DFWSecurity
vSphere API
REST APIvSphere API
REST API
VIXAPI
vSphereAPI REST API
REST API
MessageBus
21. 2121
VXLAN NSX for vSphere
vSphere Host
VM1
vSphere Distributed Switch
VXLAN Transport Network
vSphere Host
VM2
vSphere Host
VXLAN 5001
VTEP1 10.20.10.10 VTEP2 10.20.10.11 VTEP3 10.20.11.10
vSphere Host
VTEP4 10.20.11.11
VM3 VM4
Unicast Traffic
Controller
Cluster
VXLAN Transport Subnet A 10.20.10.0/24 VXLAN Transport Subnet B 10.20.11.0/24
22. 2222
Components Mapped to Physical Infrastructure
WAN
Internet
Compute Racks Infra Racks Edge Racks
Hypervisor
Modules
Controller, VC,
NSX Manager
On/off Ramp
23. 2323
Step 3 : NSX Distributed Edge VXLAN Networks
vSwitch/Port Groups to VLANs
NSX Edge VXLANs
Groups
Create vDS for VXLAN in vSphere
NSX Manager prepare hosts, add
logical networks and deploy Edges
Usage
NSX provides Distributed Logical Routers as well as Distributed
Services like Firewall through Edge deployments
24. 2424
DB Tier
Web Tier
App Tier
WAN
Internet
L2
L3
VXLAN
802.1Q
VXLAN
VXLAN
VXLAN
VXLAN
VXLAN
VXLAN
VXLAN
Network
Fabric
Service Placement – Distributed Design
VXLAN
.1Q
.1Q
30. 3030
Step 4: Establish NSX App Distributed Firewall Rules
NSX enables migration across segmentation policy controlled hosts
while maintaining routing and firewall rule consistency
vSwitch/Port Groups to VLANs
NSX Edge VXLANs
Groups
vSphere create vDS for VXLAN
NSX Manager prepare hosts, add
logical networks and deploy Edges
Usage
31. 3131
Compute Racks Infrastructure Racks (Storage,
vCenter and vCloud Director)
Edge Racks
vCenter 1
vCenter 2
(Up-to Max supported
VMs by vCenter)
(Up-to Max supported
VMs by vCenter) VM
VM
ESXi Clusters
WAN
Internet
Capex Value Expressed in Infrastructure Utilization
32. 3232
Summary – Value Achieved via Segmentation
Segmentation techniques provide uniform consumption of SDDC while
maintaining controls needed for compliance
Dynamic routing and overlay networks provide isolation needed for SDDC
resources to be consumed
Centralized Policy Management eases the administrative burden by providing
networking and firewall rules that are always ‘in context’
Reduced Audit Costs by providing controls of core SDDC elements such as
storage and compute bound to networks thereby limiting scope
Get hands on experience! Partner Hands On Lab with HyTrust, Catbird and
LogRhythm to go with VMware NSX Hands On Labs
Visit the HyTrust booth and Porticor online at http://www.porticor.com/porticor-for-
vmware/ for more information
33. 3333
VMworld: Security and Compliance Sessions
Category Topic
NSX
• 5318: NSX Security Solutions In Action (201)
• 5753: Dog Fooding NSX at VMware IT (201)
• 5828: Datacenter Transformation (201)
• 5582: Network Virtualization across Multiple Data Centers (201)
NSX Firewall
• 5893: Economies of the NSX Distributed Firewall (101)
• 5755: NSX Next Generation Firewalls (201)
• 5891: Build a Collapsed DMZ Architecture (301)
• 5894: NSX Distributed Firewall (301)
NSX Service
Composer
• 5749: Introducing NSX Service Composer (101)
• 5750: NSX Automating Security Operations Workflows (201)
• 5889: Troubleshooting and Monitoring NSX Service Composer (301)
Compliance
• 5428: Compliance Reference Architecture Framework Overview (101)
• 5624: Accelerate Deployments – Compliance Reference Architecture (Customer Panel) (201)
• 5253: Streamlining Compliance (201)
• 5775: Segmentation (301)
• 5820: Privileged User Control (301)
• 5837: Operational Efficiencies (301)
Other
• 5589: Healthcare Customer Case Study: Maintaining PCI, HIPAA and HITECH Compliance in
Virtualized Infrastructure (Catbird – Jefferson radiology)
• 5178: Motivations and Solution Components for enabling Trusted Geolocation in the Cloud - A
Panel discussion on NIST Reference Architecture (IR 7904). (Intel and HyTrust)
• 5546: Insider Threat: Best Practices and Risk Mitigation techniques that your VMware based
IaaS provider better be doing! (Intel)
34. 3434
For More Information…
VMware Collateral
VMware Approach to Compliance
VMware Solution Guide for PCI
VMware Architecture Design Guide for PCI
VMware QSA Validated Reference Architecture PCI
Partner Collateral
VMware Partner Solution Guides for PCI
How to Engage?
compliance-solutions@vmware.com
@VMW_Compliance on Twitter
35. 3535
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1315
vCloud Suite Use Cases - Control & Compliance
HOL-SDC-1317
vCloud Suite Use Cases - Business Critical Applications
HOL-PRT-1306
Compliance Reference Architecture- Catbird, HyTrust and LogRhythm
Group Discussions:
SEC1002-GD
Compliance Reference Architecture: Integrating Firewall, Antivirus,
Logging and IPS in the SDDC with Allen Shortnacy