VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
VMworld 2013
Arun Goel, VMware
Serge Maskalik, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Customers are using NSX to drive business benefits as show in the figure below. The main themes for NSX deployments are Security, IT automation and Application Continuity.
Figure 3: NSX Use Cases
• Security:
NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects and tags, active directory groups, etc. Intelligent dynamic security grouping can drive the security posture within the infrastructure.
NSX can be used in conjunction with 3rd party security vendors such as Palo Alto Networks, Checkpoint, Fortinet, or McAffee to provide a complete DMZ like security solution within a cloud infrastructure.
NSX has been deployed widely to secure virtual desktops to secure some of the most vulnerable workloads, which reside in the data center to prohibit desktop-to-desktop hacking.
• Automation:
VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. IT admins can reduce the tasks and cycles required to provision workloads within the datacenter using NSX.
NSX is integrated out of the box with automation tools such as vRealize automation, which can provide customers with a one-click deployment option for an entire application, which includes the compute, storage, network, security and L4-L7 services.
6
Developers can use NSX with the OpenStack platform. NSX provides a neutron plugin that can be used to deploy applications and topologies via OpenStack
• Application Continuity:
NSX provides a way to easily extend networking and security up to eight vCenters either within or across data center In conjunction with vSphere 6.0 customers can easily vMotion a virtual machine across long distances and NSX will ensure that the network is consistent across the sites and ensure that the firewall rules are consistent. This essentially maintains the same view across sites.
NSX Cross vCenter Networking can help build active – active data centers. Customers are using NSX today with VMware Site Recovery Manager to provide disaster recovery solutions. NSX can extend the network across data centers and even to the cloud to enable seamless networking and security.
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
VMworld 2013
Arun Goel, VMware
Serge Maskalik, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Customers are using NSX to drive business benefits as show in the figure below. The main themes for NSX deployments are Security, IT automation and Application Continuity.
Figure 3: NSX Use Cases
• Security:
NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects and tags, active directory groups, etc. Intelligent dynamic security grouping can drive the security posture within the infrastructure.
NSX can be used in conjunction with 3rd party security vendors such as Palo Alto Networks, Checkpoint, Fortinet, or McAffee to provide a complete DMZ like security solution within a cloud infrastructure.
NSX has been deployed widely to secure virtual desktops to secure some of the most vulnerable workloads, which reside in the data center to prohibit desktop-to-desktop hacking.
• Automation:
VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. IT admins can reduce the tasks and cycles required to provision workloads within the datacenter using NSX.
NSX is integrated out of the box with automation tools such as vRealize automation, which can provide customers with a one-click deployment option for an entire application, which includes the compute, storage, network, security and L4-L7 services.
6
Developers can use NSX with the OpenStack platform. NSX provides a neutron plugin that can be used to deploy applications and topologies via OpenStack
• Application Continuity:
NSX provides a way to easily extend networking and security up to eight vCenters either within or across data center In conjunction with vSphere 6.0 customers can easily vMotion a virtual machine across long distances and NSX will ensure that the network is consistent across the sites and ensure that the firewall rules are consistent. This essentially maintains the same view across sites.
NSX Cross vCenter Networking can help build active – active data centers. Customers are using NSX today with VMware Site Recovery Manager to provide disaster recovery solutions. NSX can extend the network across data centers and even to the cloud to enable seamless networking and security.
My view on VMware approach to Hybrid- and Software-Defined Infrastructure: NSX, Hybrid Cloud and OpenStack. Get the agility of a startup with the guarantees of Enterprise-class IT. Session delivered at asLAN Congress 2015 in Madrid on April 15th.
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
VMworld 2013
Shubha Bheemarao, VMware
Bruno Germain, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld
VMworld 2013
Anirban Sengupta, VMware
Adina Simu, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The Future of Cloud Networking is VMware NSXScott Lowe
This presentation was first given at Varrow Madness 2014 and discusses the need for a solution specifically designed (like VMware NSX) for cloud networking
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
The term Micro-segmentation has been used by all vendors to death. So what does it mean for you? This session walks through step by step building a security architecture from nothing. Where do you start? How do you learn how an application speaks? What approach can you take that is not disruptive? What objects should I use? Security Groups, IPsets, Clusters, VMs? After deciding what is best for the right situation come and see how to apply micro segmentation with VMware NSX to VMware Log Insight. Walk away with a repeatable approach breaking down, learning, and segmenting any application on your virtualised infrastructure. Designing an applications micro segmentation policy just got a whole lot easier.
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
Witness the enablement of a true integration of a virtual network platform and an underlay physical network for a scalable data center orchestration, automation and multi-tenancy solution over high-capacity IP fabrics. With the integration of VMware NSX Layer 2 gateway services on networking hardware running Cumulus Linux, customers can now connect virtual workloads to physical workloads with no performance impact.
My view on VMware approach to Hybrid- and Software-Defined Infrastructure: NSX, Hybrid Cloud and OpenStack. Get the agility of a startup with the guarantees of Enterprise-class IT. Session delivered at asLAN Congress 2015 in Madrid on April 15th.
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
VMworld 2013
Shubha Bheemarao, VMware
Bruno Germain, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld
VMworld 2013
Anirban Sengupta, VMware
Adina Simu, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The Future of Cloud Networking is VMware NSXScott Lowe
This presentation was first given at Varrow Madness 2014 and discusses the need for a solution specifically designed (like VMware NSX) for cloud networking
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
The term Micro-segmentation has been used by all vendors to death. So what does it mean for you? This session walks through step by step building a security architecture from nothing. Where do you start? How do you learn how an application speaks? What approach can you take that is not disruptive? What objects should I use? Security Groups, IPsets, Clusters, VMs? After deciding what is best for the right situation come and see how to apply micro segmentation with VMware NSX to VMware Log Insight. Walk away with a repeatable approach breaking down, learning, and segmenting any application on your virtualised infrastructure. Designing an applications micro segmentation policy just got a whole lot easier.
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
Witness the enablement of a true integration of a virtual network platform and an underlay physical network for a scalable data center orchestration, automation and multi-tenancy solution over high-capacity IP fabrics. With the integration of VMware NSX Layer 2 gateway services on networking hardware running Cumulus Linux, customers can now connect virtual workloads to physical workloads with no performance impact.
Leveraging the unique benefits of the cloud requires a specialized approach to application architecture. The right design enables business agility, massive scaling, ability to burst, and high resiliency. Plus, it promotes resource efficiency and can minimize costs. If you are involved in providing applications or services in the cloud, attend this session to learn the principles of cloud-aware application design and to explore emerging architectural patterns which maximize cloud advantages.
What kind of design patterns are useful for applications adopting the cloud? How can apps achieve the scalability and availability promised by the cloud? Presentation from Interop 2011 Enterprise Cloud Summit.
Distributed Design and Architecture of Cloud FoundryDerek Collison
In this session we will dig deep into Cloud Foundry's core architecture and design principles. We will discuss the challenges around scaling and operating a large scale service as we combined the PaaS and traditional IaaS layers, and how we achieve multiple updates per week to the system with no perceived downtime. Allowing user to download a single virtual machine that is a complete replica of the service presented some challenges as well, and we will discuss our approach to offering up the downloadable private cloud.
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivAmazon Web Services
PCI-DSS is one of the most popular compliance regulations facing most customers on the cloud. In this session we will take a look at reference architecture that will provide you with guidelines and strategies to design a PCI compliant environment. By Lahav Savir, Emind CEO & Architect
Simplify Localization with Design Pattern AutomationYan Cui
Localization is crucial for reaching out to a global audience, however, it’s often an afterthought for most developers and non-trivial to implement. Traditionally, game developers have outsourced this task due to its time consuming nature.
But it doesn’t have to be this way.
Yan Cui will show you a simple technique his team used at GameSys which allowed them to localize an entire story-driven, episodic MMORPG (with over 5000 items and 1500 quests) in under an hour of work and 50 lines of code, with the help of PostSharp.
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...VMworld
VMworld 2013
Nigel Kersten, Puppet Labs
Becky Smith, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Webinar Fondazione CRUI e VMware: VMware vRealize SuiteJürgen Ambrosi
vRealize Suite è una piattaforma di Cloud Management di classe enterprise progettata appositamente per il cloud ibrido che consente di distribuire e gestire rapidamente l’infrastruttura e le applicazioni senza compromettere il controllo IT.
VMworld 2013: Architecting the Software-Defined Data Center VMworld
VMworld 2013
Aidan Dalgleish, VMware
David Hill, VMware
Kamau Wanguhu, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Enterprise DevOps is different then DevOps in startups and smaller companies. This session how AWS/CSC address this. How AWS IaaS level automation via CloudFormation, UserData, Console, APIS and some PaaS OpsWorks/Beanstalk is complimented by CSC Agility Platform. CSC Agility adds application compliance and security to the AWS infrastructure compliance and security. CSC Agility allows for the creation of architecture blueprints for predefined application offerings.
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
VMworld 2013
Gargi Keeling, VMware
Luke Youngblood, McKesson Corporation
Troy Casey, McKesson Corporation
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Presenting the newest version of Cloudify - 4.6 including a orchestrated SD-WAN demo from MEF18 where Cloudify is used as the orchestration platform for uCPE based on containers.
VMworld 2013
Charlie Cano, F5 Networks
Dan Mitchell, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: How to Build a Hybrid Cloud in Less than a Day VMworld
VMworld 2013
Chris Colotti, VMware
David Hill, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Best Practices for Application Lifecycle Management with vCloud...VMworld
VMworld 2013
Amjad Afanah, VMware
Rajesh Khazanchi, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld
VMworld 2013
Thirumalesh Reddy, VMware
Padmaja Vrudhula, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The twelve-factor app is designed for continuous deployment by keeping the gap between development and production small. For example, make the time gap small, make the personnel gap small & make the tools gap small. Learn more about how a Cloud vendor must provide a platform for 12-factor / Cloud Native development and deployment with identified anti-patterns.
Similar to VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational Efficiencies (20)
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
This year VMware vSphere 6 combined with vRealize Operations 6.1 (vR Ops 6) adds critical features to increase technical agility in the infrastructure, and reduce Mean time to Repair. With a new Automated remediation action framework in vR Ops, vSphere 6’s ability to vMotion Physical Raw Device mappings (RDMs), and a complete Management Pack Ecosystem for monitoring Infrastructure to applications, administrators have the tools needed to get to maintain 5 9’s uptime, shorten Mean Time to Repair (MTTR), and predict capacity requirements as and when the business requires.. This session will be a deep technical explanation, and live demonstration of these tools. It will give administrators a solid understanding of how they can use these tools to monitor and manage their application clusters, keep applications running during Infrastructure maintenance, and get deep holistic visibility into the entire Application ecosystem, from Storage to Networking.
VMworld 2015: Advanced SQL Server on vSphereVMworld
Microsoft SQL Server is one of the most widely deployed “apps” in the market today and is used as the database layer for a myriad of applications, ranging from departmental content repositories to large enterprise OLTP systems. Typical SQL Server workloads are somewhat trivial to virtualize; however, business critical SQL Servers require careful planning to satisfy performance, high availability, and disaster recovery requirements. It is the design of these business critical databases that will be the focus of this breakout session. You will learn how build high-performance SQL Server virtual machines through proper resource allocation, database file management, and use of all-flash storage like XtremIO. You will also learn how to protect these critical systems using a combination of SQL Server and vSphere high availability features. For example, did you know you can vMotion shared-disk Windows Failover Cluster nodes? You can in vSphere 6! Finally, you will learn techniques for rapid deployment, backup, and recovery of SQL Server virtual machines using an all-flash array.
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
Active Directory Domain Services (ADDS) allows organizations to deploy a scalable and secure directory service for managing users, resources and applications. Virtualization of ADDS has been supported for many years now, however has required careful management to avoid pitfalls around replication, time management, and access. Windows Server 2012 provides greater support for virtualization by including virtualization-safe features and support for rapid domain controller deployment.
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
Policy based management greatly simplifies the work of IT Administrators making it easy to ensure that applications and VMs receive the resources, protection and functionality required. Learn about the latest enhancements of Site Recovery Manager in this space, which represent a huge step towards providing policy based DR. In this session we'll dive deep into how this approach works and how to work with them.
Not content to simply describe the Virtual Volume (VVOL) framework, this session instead examines practical use cases: How different configurations and workloads benefit from VVOLs. Learn how Storage Policy Based Management (SPBM) couples with VVOLs to provide VM configuration options not previously available. We demonstrate a handful of real-life scenarios, specifically covering how VVOLs benefits oversubscribed systems, disaster recovery preparation and multi-tenant requirements for customers. Specific configuration options and constraints are covered in detail, including how they work with underlying storage.
The popularity of Virtual SAN is growing daily. Server admins are finally free to aggregate storage in their servers to create a shared storage system that scales with their compute needs. The underlying key to making it all work is networking. All Virtual SAN data flows through it, and correct selection and configuration of networking components will mean the difference between disruptive success or dramatic failure. This session will give deep insight in the do's and don'ts of Virtual SAN networking. Best practices for physical and virtual switch configuration and performance testing will be discussed. Virtual SAN 5.5 and 6.0 will be covered, and the networking differences discussed. Methods of troubleshooting network issues will be covered. For those configuring a Virtual SAN network for the first time, for labs or enterprise scale, this session is a must-see.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
3. 3
About Operational Efficiencies
Cloud and SDDC have evolved from IT silos including security and compliance
• ITSM, ITIL and other mature processes will need to evolve with the SDDC
• Impact of network and storage virtualization siloes will require more bi-directional
interaction from legacy infrastructure teams
Policies and Procedures regarding security and compliance will also change
• Understanding how different solutions interact with the platform and each other to
accommodate compliance becomes a must not just for design but also operations
• Due to the nature of the SDDC, workloads under regulatory compliance become
untethered from the physical topology but require coherent, near real time logging and
correlation strategy to understand inter-layer impact of events
Building and revising SDDC architectures will become SDLC like
• Opportunities to take out OPEX and operate at greater scale on the VI Admin/workload
ratio are many and with demonstrable ROI
• Will require some new skill sets like DevOps to automate APIs and generate new task
oriented interfaces
4. 4
Security and Compliance Challenges in the SDDC
Cumbersome Provisioning
Complicated deployment and
troubleshooting processes make it difficult
to maintain service levels for security.
Manual, Cross-Service Workflows
Security and cloud admins volley back and
forth to identify, assess, plan, implement
security risks…a very inefficient process.
Policy ≠ Operations
Security and Compliance are roadblocks to
cloud but expecting security architects to
manage cloud operations is unrealistic and
unfair. Architects design define policy.
Operators implement.
Security
Architect
✔ ?
5. 5
5
Compliance Challenges: Many Systems - Dashboards of Wonder
Vulnerability
Mgmt System
Antivirus
System
Firewall
vCenter
IDS System
DLP System
6. 6
Four Steps to Gaining Operational Efficiencies in the SDDC
Define and Manage Partner Solutions from NSX Service Composer
• Deploy and monitor partner solutions and their availability
• Define parameters for inter-operating NSX and Partner Solutions
• Create NSX and Partner Services Policies that can be re-used across trust zones
Leverage integration of NSX and Partner Solutions for Workflows
• Creating common tags across NSX and Partner solutions allows for broader
administrative activities formerly accomplished through error prone ‘swivel chair’
Discover SDDC processes that are manual but repeatable, with little variation
• Leverage REST APIs and development toolkit such as Puppet, Chef or vCenter
Orchestrator to automate tasks
• Reduce ‘swivel chair’ operations across consoles providing greater scale or complete
end to end automation with logging for utility computing approach
Abstract SDDC Security and Compliance Policies into self-service governance
• Declare at deploy time the requirements for an application with regards to regulations
7. 7
Function
Service Composer enables
creation of partner services
Service Composer templates
provide reusable methods for
distributed policy management
Usage
NSX Service Composer
Define Security Services
Define settings for services
Apply to new trust zones
Monitor for readiness
Step 1: Managing NSX and Partner Solutions w/ Service Composer
NSX and NSX Partner Solutions are integrated for deployment,
initialization and definition of common parameters
9. 9
Troubleshooting Security Services Requires Considerable Back
and Forth Between Virtual Admins and Security Admins
If a service goes down, where do
you start with troubleshooting
steps? Security solution or
Virtualization solution?
What if there was a configuration
change in the infrastructure that
caused an outage? How could this
change be determined?
10. 10
NSX Service Composer Provisioning
Compute Management Gateway
Host Prep
Install Kernel Modules -
VXLAN, Distributed
Router and Distributed
FW
Simple One Click install
per Cluster
All modules installed
together
1
Logical Network Prep
Configure VTEP IP, MTU,
Teaming per cluster
Create Transport Zones
(Network Scope)
2
Deploy Controller
Simple UI in VSM deploys
Controller OVF and
configures it
No other configuration
required!
Min 3-Node controller
required for HA
3
Register Services
Log in!
Some services are pre-
registered (Data Security,
Identity, Trend Micro,
Rapid 7, McAfee )
Register Symantec
Antivirus Solution
Register Symantec IPS
Solution
4
Deploy Services
Some services are pre-
deployed (Data Security,
Identity)
Deploy Symantec
Antivirus solution
5
Partner Mgmt.
Consoles
Registered
Troubleshooting Services
Power off or suspend data
security VM
Observe failure message
and root cause
Initiate ‘resolve’ (repair)
Observe progress and
final status
6
11. 11
NSX Service Composer: Security Ready for Consumption
Security Groups
WHAT you want to
protect
Members: VM, vNIC, network
(virtual/Logical Switch, physical),
Distributed Virtual PG, cluster, data
center, Resource Pool, vApp, other
container, IP address, MAC
Context: User identity, sensitive
data, security posture
HOW you want to
protect it
Services: Firewall, antivirus,
intrusion prevention, vulnerability
management and more.
Profiles: Security policies from
VMware and third-party solutions
that are defined by the security
architect but implemented by the
cloud operator.
APPLY
12. 12
Step 2 : Establish Workflow Integration between NSX and Partner
NSX and Partner Solutions are integrate by APIs either by making
direct calls to NSX or by setting machine metadata
SG: Web Servers
VSM F/W
Services
SG: Quarantine
VSM F/W
Services
Function
Service Composer enables
creation of ‘Tags’ for integrating
Partner Solutions
NSX and Partner Solutions
leverage one another
Usage
NSX Service Composer
Define Security Groups
Define Tags for dynamic
inclusion in NSX Security
Groups
Define Partner Solution Tags to
be set
14. 14
Step 3: NSX RESTful Automation
NSX provides REST APIs which means you can create, delete or
manipulate NSX SDDC constructs with HTTP POST and GET
Function
Identify repeatable NSX
Provisioning or Config tasks
Determine target integration
types and choose dev toolkit
Usage
NSX REST APIs
Unit test functionality with HTTP
tools (curl, Firefox RESTclient)
Integrate into larger scope
processes with vCenter
Orchestrator, etc.
15. 15
Most Requested Deployment Models for Multi-Tiered Apps
Multi-tiered app,
Multiple networks
Multi-tiered app,
single network
APP
DATABASE
WEB
WEB APP DATABASE
16. 16
Most Requested Network and Security Services
NSX provides built-in, logical networks and services to
address the most common (and challenging) requests for
cloud service automation.
Firewall
Networks
(switches)
Load Balancer Router
17. 17
Deployment Tools, Process, Best Practices
Package
Catalog
Packaging
Factory
VMware Cloud Application Deployment Toolkit - Details
Enterprise
ISVs
CustomersDeploy Factory
(Managed
Service Providers)
1. Packaging Factory
A “factory” for producing
reusable, Cloud-ready
deployment packages for the
most popular business apps
3. Deploy Factory
A controller to download
packages, provision secured
deployment environment and
orchestrate automated
deployment of the application
2. Package Catalog
Cloud based, access
controlled repository to store
application packages
18. 18
Deployment Tools, Process, Best Practices
Package
Catalog
Packaging
Factory
How Does this Work – Packaging Factory
Enterprise
ISVs
CustomersDeploy Factory
(Managed
Service Providers)
vFabric Application Director
Chef & VMware Studio
Subversion Server
Build Controller
Application Blueprint
Cookbook
Node Template
• Packaging factory infrastructure
consists of subversion server,
VMware Studio, vFabric
Application Director and Chef
Application• Application binaries remain
unchanged
• Deployment information is
captured in various levels of
details in application blue prints,
node templates and deployment
scripts (cook books)
19. 19
Deployment Tools, Process, Best Practices
Package
Catalog
Packaging
Factory
How Does this Work – Package Catalog
Enterprise
ISVs
CustomersDeploy Factory
(Managed
Service Providers)
• An application package is
uploaded to a cloud based
repository
• Service provider gets access
to the repository using an
access-controlled portal
• Application package is
downloaded into service
provider’s cloud
20. 20
Deployment Tools, Process, Best Practices
Package
Catalog
Packaging
Factory
How Does this Work – Deploy Factory
Enterprise
ISVs
CustomersDeploy Factory
(Managed
Service Providers)
vFabric Application Director
vCloud Director
VMware Studio & Chef
Deployment Controller
vApp
• Deploy Factory infrastructure
consists of vCloud Director, vFabric
Application Director, VMware Studio,
Chef and Deployment Controller
Virtual Network
• (Optional) Create private network
to place application into
• vApp(s) are deployed in the target
environment
• Application is installed via
Application Blueprints
• Each node is configured using Chef
VM VM VM
22. 22
Step 4: Use NSX Automation in Self-Service Provisioning
NSX metadata exposed in vCAC Self-Service Catalog allows for
declarative binding of network and services policies such as Firewall
Request 3-tiered app
Request network and services
Function
vCloud Automation Center self-
service provisioning
NSX dynamic policy profile
inclusion
Usage
vCloud Automation Center
New workload request
Bind to NSX Networks and
Services
23. 23
vCloud Automation Center Policy Management
Business
Groups
B
A
C
USERS
A
C
B
A
Authentication &
Role-Based
Authorization
Authorized
Users
Resource
Reservations
Cost Profile
A
Tier 1
Public
Physical
Virtual
Shared Infrastructure
Service
Blueprints
A
Requisition
Cost Profile
Provision
Manage
Retire
Public
Physical
Virtual
C
B
B
A
B
A
C
BA
25. 25
Where We Are Today
Create On-
Demand
Leverage Existing
Infrastructure
APP
DATABASE
WEB
Requires
customization
Pre-Created, Logical Networks
Apps can be spun up on-demand using logical networks that have already been
created. Creating logical networks in advance is still more agile than
provisioning physical networks.
APP DATABASEWEB
26. 26
Where We Are Today
Create On-
Demand
Leverage Existing
Infrastructure
APP
DATABASE
WEB
Requires
customization
Networks Explicitly Assigned
App blueprints may require networks with NAT, routed, or private connectivity.
Admin must directly specify network information.
APP DATABASEWEB
NAT
Network
A.B.C.#X.Y.Z.#
Routed
Network A.B.C.#
A.B.C.#
27. 27
Where We Are Today
Create On-
Demand
Leverage Existing
Infrastructure
Requires
customization
Pre-created, Firewall Rules
Apps can be added to existing security groups.
APP
DATABASE
WEB
WEB
APP DATABASE
28. 28
Where We Are Today
Create On-
Demand
Leverage Existing
Infrastructure
Requires
customization
Pre-created, Load Balancer Pool
Apps can be added to existing load balancer pools.
APP
DATABASE
WEB WEB
APP DATABASEServices
Edge
(Load Balancer)
Services
Edge
(Load Balancer)
29. 29
Discovery of vCNS Resources and Policies
VM VM VM
VM VM VM
VM
VM VM
Resources Policies
► Clone Templates
► Customization Spec.
► Host/Host Clusters
► CPU, Memory, Storage,
► Networking
vCNS
Manager VXLANs
► Security Groups► VXLANs
► Load Balancers
PoliciesResources
Managed
Endpoint
VMware
vCenter
Add a vCNS Manager address and
credentials to a vSphere (vCenter)
Endpoint definition
30. 30
Reserving vCNS Resources for Each Group
• VXLANs appear as
network paths
in resource reservations
• Security Groups, Load
Balancers
− Can be specified as custom
properties on the reservation
or on the blueprint
VXLANs can be reserved by
Provisioning Group
31. 31
Configuring Service Blueprints to Leverage vCNS
VCAC Blueprint Custom Properties define the
Load Balancer and Security Groups, that will be associated
with the Machine being provisioned.
32. 32
Future Direction
Create On-
Demand
Leverage Existing
Infrastructure
APP
DATABASE
WEB
WEB
APP DATABASE
Services
Edge
(Load Balancer)
Requires
customization
Services
Edge
(Load Balancer)
Cloud Automation + Network Virtualization
Spin up and tear down logical networks and services as needed, to deliver
application infrastructure on-demand.
33. 33
Future Direction
Create On-
Demand
Leverage Existing
Infrastructure
Requires
customization
On-Demand Networks
Multi-machine blueprints can create new VMs and place them on networks
created on-demand using NSX (or vCloud Networking and Security). These
networks can be torn down once app lease times are up.
APP
DATABASE
WEB
WEB APP DATABASE
Logical
Router
Logical
Router
34. 34
Future Direction
Create On-
Demand
Leverage Existing
Infrastructure
Requires
customization
Network Profiles
Take the guesswork out of requesting networks (IP addressing, connectivity) by
PRIVATE
NAT
ROUTED
35. 35
Future Direction
Create On-
Demand
Leverage Existing
Infrastructure
Requires
customization
On-Demand Load Balancer
Blueprint admins or power users can create new load balancer services using
new or existing Edge gateways.
APP
DATABASE
WEB WEB
APP DATABASEServices
Edge
(Load Balancer)
Services
Edge
(Load Balancer)
36. 36
Firewall Rules
Multi Network Model
Use security group to isolate entire app,
virtual firewall to control traffic between tiers.
Flat Network Model
Use security groups to isolate entire app and
app tiers, virtual firewall to control all traffic.
Distributed
Virtual
Firewall
Distributed
Virtual
Firewall
App firewall rules are consumed by placing workloads in existing security
groups. NSX security administrator should pre-create these groups with
necessary firewall rules.
37. 37
Summary – Value Achieved via Operational Efficiencies
Single interface to manage deployment and enablement of NSX and Partner
Solutions taking out many manual steps previously required
• Automates not only previously manual steps but also error prone handoff between roles
NSX Service Composer to design and plan for orchestration of events and
actions by integrating NSX and Partner Solutions via ‘Tags’
• Rather than pivot between interfaces to respond to events NSX Service Composer and
Partner Solutions integrate to leverage one another in a prescribed manner
NSX RESTful APIs enable automation of repeatable tasks taking out OPEX
• Can be part of a larger orchestration or put into a workflow set of task oriented screens
vCloud Automation Center provides policy driven governance and entitlement
• Attach required policies to vCAC provisioning process by leveraging NSX Networks and
NSX Services by assigning ‘Tags’ to deployed workloads
That which can be Automated can be Easily Measured!
38. 38
VMworld: Security and Compliance Sessions
Category Topic
NSX
• 5318: NSX Security Solutions In Action (201)
• 5753: Dog Fooding NSX at VMware IT (201)
• 5828: Datacenter Transformation (201)
• 5582: Network Virtualization across Multiple Data Centers (201)
NSX Firewall
• 5893: Economies of the NSX Distributed Firewall (101)
• 5755: NSX Next Generation Firewalls (201)
• 5891: Build a Collapsed DMZ Architecture (301)
• 5894: NSX Distributed Firewall (301)
NSX Service
Composer
• 5749: Introducing NSX Service Composer (101)
• 5750: NSX Automating Security Operations Workflows (201)
• 5889: Troubleshooting and Monitoring NSX Service Composer (301)
Compliance
• 5428: Compliance Reference Architecture Framework Overview (101)
• 5624: Accelerate Deployments – Compliance Reference Architecture (Customer Panel) (201)
• 5253: Streamlining Compliance (201)
• 5775: Segmentation (301)
• 5820: Privileged User Control (301)
• 5837: Operational Efficiencies (301)
Other
• 5589: Healthcare Customer Case Study: Maintaining PCI, HIPAA and HITECH Compliance in
Virtualized Infrastructure (Catbird – Jefferson radiology)
• 5178: Motivations and Solution Components for enabling Trusted Geolocation in the Cloud - A
Panel discussion on NIST Reference Architecture (IR 7904). (Intel and HyTrust)
• 5546: Insider Threat: Best Practices and Risk Mitigation techniques that your VMware based
IaaS provider better be doing! (Intel)
39. 39
For More Information…
VMware Collateral
VMware Approach to Compliance
VMware Solution Guide for PCI
VMware Architecture Design Guide for PCI
VMware QSA Validated Reference Architecture PCI
Partner Collateral
VMware Partner Solution Guides for PCI
How to Engage?
compliance-solutions@vmware.com
@VMW_Compliance on Twitter