VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013
Azeem Feroz, VMware
Sachin Vaidya, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld
VMworld 2013
Anirban Sengupta, VMware
Adina Simu, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The document discusses how NSX security services can automate security operations and policies across virtualized environments through features like distributed firewalling, guest introspection, security groups, and integration with third-party security services. It provides an overview of how NSX improves visibility, context, performance, and automation compared to traditional network and host-based security controls. Use cases demonstrated include optimized vulnerability management and context-based isolation in VDI environments.
Why Security Teams should care about VMwareJJDiGeronimo
The document discusses VMware's security strategy and how virtualization provides security benefits. It outlines how virtualization allows automation of manual security processes, improves forensics capabilities, and makes patching and recovery faster. VMware focuses on integrating products into existing security policies while enabling broad security for all VMs. Features like vShield Zones and VMsafe appliances provide centralized security management and protection of virtual environments. Virtualization also extends these security advantages from the datacenter to endpoint devices through portable client-side virtual machines.
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
The term Micro-segmentation has been used by all vendors to death. So what does it mean for you? This session walks through step by step building a security architecture from nothing. Where do you start? How do you learn how an application speaks? What approach can you take that is not disruptive? What objects should I use? Security Groups, IPsets, Clusters, VMs? After deciding what is best for the right situation come and see how to apply micro segmentation with VMware NSX to VMware Log Insight. Walk away with a repeatable approach breaking down, learning, and segmenting any application on your virtualised infrastructure. Designing an applications micro segmentation policy just got a whole lot easier.
VMworld 2013
Azeem Feroz, VMware
Sachin Vaidya, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld
VMworld 2013
Anirban Sengupta, VMware
Adina Simu, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The document discusses how NSX security services can automate security operations and policies across virtualized environments through features like distributed firewalling, guest introspection, security groups, and integration with third-party security services. It provides an overview of how NSX improves visibility, context, performance, and automation compared to traditional network and host-based security controls. Use cases demonstrated include optimized vulnerability management and context-based isolation in VDI environments.
Why Security Teams should care about VMwareJJDiGeronimo
The document discusses VMware's security strategy and how virtualization provides security benefits. It outlines how virtualization allows automation of manual security processes, improves forensics capabilities, and makes patching and recovery faster. VMware focuses on integrating products into existing security policies while enabling broad security for all VMs. Features like vShield Zones and VMsafe appliances provide centralized security management and protection of virtual environments. Virtualization also extends these security advantages from the datacenter to endpoint devices through portable client-side virtual machines.
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
The term Micro-segmentation has been used by all vendors to death. So what does it mean for you? This session walks through step by step building a security architecture from nothing. Where do you start? How do you learn how an application speaks? What approach can you take that is not disruptive? What objects should I use? Security Groups, IPsets, Clusters, VMs? After deciding what is best for the right situation come and see how to apply micro segmentation with VMware NSX to VMware Log Insight. Walk away with a repeatable approach breaking down, learning, and segmenting any application on your virtualised infrastructure. Designing an applications micro segmentation policy just got a whole lot easier.
This document provides an introduction and overview of VMware's NSX network virtualization platform. It begins with a disclaimer about features being under development. The agenda then covers an introduction to NSX, its momentum and use cases, new features in NSX 2014, and NSX operations. It demonstrates NSX's ability to provide network and security services in software and enable dynamic application topologies. It also discusses NSX components, deployments, partnerships, and upcoming training and certification opportunities.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
VMworld Europe 2014: Advanced Network Services with NSXVMworld
This document provides an overview and agenda for a presentation on Network and Security services provided by VMware's NSX software-defined networking platform, including:
1. What network and security services are used by applications today.
2. Details on NSX firewalling, load balancing, and VPN services, including demos.
3. How NSX integrates with third-party security and load balancer vendors to enhance services.
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
This document discusses security automation through SDN and NFV. It begins with an overview of security challenges from a service provider perspective, such as growing traffic and threats. It then discusses how SDN can automate and accelerate DDoS mitigation by redirecting traffic. The document outlines Cisco's Firepower 9300 platform for integrated security services and its use with Radware virtual DDoS protection. It also discusses how the Cisco Application Centric Infrastructure automates security policy and service chains in the data center.
Virtualization Forum 2015, Praha, 7.10.2015
sál Citrix
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Windows Azure Security Features And Functionalityvivekbhat
Windows Azure is a cloud computing platform that combines compute, storage, and SQL components. It handles threats to its infrastructure like physical attacks and impersonation, while customers are responsible for threats to their tenant like code bugs and privilege abuse by their own administrators. Windows Azure provides security features like network access control, hypervisor isolation of tenants, access controls on storage accounts, and password authentication for SQL databases.
VMware NSX - Lessons Learned from real projectDavid Pasek
This document provides an overview and agenda for a presentation on implementing end-to-end quality of service (QoS) for VMware vSphere with NSX on Cisco UCS. It discusses the project requirements of guaranteeing network traffic for FCoE storage, vSphere management, vMotion and VM backups. It then presents three design options for implementing QoS by marking and prioritizing different classes of service on the virtual network interface cards, VMware distributed virtual switch port groups, Cisco UCS fabric interconnects and Nexus switches. The optimal solution must meet requirements within the constraints of the Cisco and VMware infrastructure components.
Ng Tock Hiong discusses the zero trust security model and its implementation using VMware's NSX platform. A zero trust model prevents threats from moving laterally inside a network through strict micro-granular security policies tied to individual workloads. NSX enables this by providing distributed firewalling and security services at the hypervisor layer. This allows fine-grained micro-segmentation of workloads and simplifies network security management. NSX also provides visibility into the entire environment and automates security policy provisioning as workloads move or change.
Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
Replay the live event: http://cs.co/90008z2Ar
Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices.
It’s time for the network to protect itself. Please make time for this important workshop.
Resources:
Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M
Network as a Sensor-Enforcer on CCO:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html
Cisco ISE Community
http://cs.co/ise-community
Software Defined Networking (SDN) with VMware NSXZivaro Inc
Combining SDN with VMware’s NSX can accelerate application deployment and delivery in a secure and virtualized network. No longer will your network create a bottleneck when trying to administer new applications. Key topics include:
- How SDN allows for innovative ways to use a virtualized network
- Why SDN creates greater span of control, network analytics and response
- What intelligence can be gained from a global view of the network
- How SDN and NSX together allow IT to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand
From: "Software Defined Networking for NSX" webinar presented by Scott Hogg of GTRI and Hunter Hansen of VMware on February 3, 2016. Webinar recording: https://youtu.be/t_3DpN3nIXQ
SYN207: Newest and coolest NetScaler features you should be jazzed aboutCitrix
Citrix NetScaler engineering continues to deliver new enhancements and cool features. This technical session will highlight five recent NetScaler innovations in virtual application, desktop and server availability and security that can improve your datacenter network and make applications run better and faster. Topics will include faster app acceleration and why developers are building apps to leverage advanced ADC capabilities.
Replay the Live Event: http://cs.co/90068G6ln
Get an inside look at how Stealthwatch Learning Network License can transform your branch network router into a powerful security sensor and enforcer: one capable of quickly detecting threat activity and mitigating attacks, with little to no hands-on management needed.
Don’t miss this opportunity to hear from our security experts.
See the Stealthwatch Learning Network License TechWiseTV Episode: http://cs.co/90048G6WY
This document provides an overview of VMware NSX network virtualization. It discusses key functions of network virtualization and components of NSX including the management, control, and data planes. It also describes how NSX enables micro-segmentation through logical grouping of workloads into security groups and enforcing network policies based on these groups rather than physical topology. Examples of use cases for network segmentation, multi-tenancy, and VDI are also summarized.
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
This document provides an overview and agenda for a presentation on integrating VMware NSX and vCloud Automation Center. It discusses how the integration enables dynamic configuration and deployment of NSX logical networking and security services through vCloud Automation Center. Key features covered include network profiles for different application topologies, microsegmentation using security groups, applying firewall and security policies, and load balancing. The integration leverages the new NSX vCenter Orchestrator plugin to abstract workflows and make them more extensible.
This document provides an introduction and overview of VMware's NSX network virtualization platform. It begins with a disclaimer about features being under development. The agenda then covers an introduction to NSX, its momentum and use cases, new features in NSX 2014, and NSX operations. It demonstrates NSX's ability to provide network and security services in software and enable dynamic application topologies. It also discusses NSX components, deployments, partnerships, and upcoming training and certification opportunities.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
VMworld Europe 2014: Advanced Network Services with NSXVMworld
This document provides an overview and agenda for a presentation on Network and Security services provided by VMware's NSX software-defined networking platform, including:
1. What network and security services are used by applications today.
2. Details on NSX firewalling, load balancing, and VPN services, including demos.
3. How NSX integrates with third-party security and load balancer vendors to enhance services.
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
This document discusses security automation through SDN and NFV. It begins with an overview of security challenges from a service provider perspective, such as growing traffic and threats. It then discusses how SDN can automate and accelerate DDoS mitigation by redirecting traffic. The document outlines Cisco's Firepower 9300 platform for integrated security services and its use with Radware virtual DDoS protection. It also discusses how the Cisco Application Centric Infrastructure automates security policy and service chains in the data center.
Virtualization Forum 2015, Praha, 7.10.2015
sál Citrix
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Windows Azure Security Features And Functionalityvivekbhat
Windows Azure is a cloud computing platform that combines compute, storage, and SQL components. It handles threats to its infrastructure like physical attacks and impersonation, while customers are responsible for threats to their tenant like code bugs and privilege abuse by their own administrators. Windows Azure provides security features like network access control, hypervisor isolation of tenants, access controls on storage accounts, and password authentication for SQL databases.
VMware NSX - Lessons Learned from real projectDavid Pasek
This document provides an overview and agenda for a presentation on implementing end-to-end quality of service (QoS) for VMware vSphere with NSX on Cisco UCS. It discusses the project requirements of guaranteeing network traffic for FCoE storage, vSphere management, vMotion and VM backups. It then presents three design options for implementing QoS by marking and prioritizing different classes of service on the virtual network interface cards, VMware distributed virtual switch port groups, Cisco UCS fabric interconnects and Nexus switches. The optimal solution must meet requirements within the constraints of the Cisco and VMware infrastructure components.
Ng Tock Hiong discusses the zero trust security model and its implementation using VMware's NSX platform. A zero trust model prevents threats from moving laterally inside a network through strict micro-granular security policies tied to individual workloads. NSX enables this by providing distributed firewalling and security services at the hypervisor layer. This allows fine-grained micro-segmentation of workloads and simplifies network security management. NSX also provides visibility into the entire environment and automates security policy provisioning as workloads move or change.
Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
Replay the live event: http://cs.co/90008z2Ar
Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices.
It’s time for the network to protect itself. Please make time for this important workshop.
Resources:
Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M
Network as a Sensor-Enforcer on CCO:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html
Cisco ISE Community
http://cs.co/ise-community
Software Defined Networking (SDN) with VMware NSXZivaro Inc
Combining SDN with VMware’s NSX can accelerate application deployment and delivery in a secure and virtualized network. No longer will your network create a bottleneck when trying to administer new applications. Key topics include:
- How SDN allows for innovative ways to use a virtualized network
- Why SDN creates greater span of control, network analytics and response
- What intelligence can be gained from a global view of the network
- How SDN and NSX together allow IT to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand
From: "Software Defined Networking for NSX" webinar presented by Scott Hogg of GTRI and Hunter Hansen of VMware on February 3, 2016. Webinar recording: https://youtu.be/t_3DpN3nIXQ
SYN207: Newest and coolest NetScaler features you should be jazzed aboutCitrix
Citrix NetScaler engineering continues to deliver new enhancements and cool features. This technical session will highlight five recent NetScaler innovations in virtual application, desktop and server availability and security that can improve your datacenter network and make applications run better and faster. Topics will include faster app acceleration and why developers are building apps to leverage advanced ADC capabilities.
Replay the Live Event: http://cs.co/90068G6ln
Get an inside look at how Stealthwatch Learning Network License can transform your branch network router into a powerful security sensor and enforcer: one capable of quickly detecting threat activity and mitigating attacks, with little to no hands-on management needed.
Don’t miss this opportunity to hear from our security experts.
See the Stealthwatch Learning Network License TechWiseTV Episode: http://cs.co/90048G6WY
This document provides an overview of VMware NSX network virtualization. It discusses key functions of network virtualization and components of NSX including the management, control, and data planes. It also describes how NSX enables micro-segmentation through logical grouping of workloads into security groups and enforcing network policies based on these groups rather than physical topology. Examples of use cases for network segmentation, multi-tenancy, and VDI are also summarized.
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
This document provides an overview and agenda for a presentation on integrating VMware NSX and vCloud Automation Center. It discusses how the integration enables dynamic configuration and deployment of NSX logical networking and security services through vCloud Automation Center. Key features covered include network profiles for different application topologies, microsegmentation using security groups, applying firewall and security policies, and load balancing. The integration leverages the new NSX vCenter Orchestrator plugin to abstract workflows and make them more extensible.
This document provides an overview of a 2-day training course on digital certificate management and public key infrastructure (PKI). The course covers topics such as the introduction to PKI, algorithms, standards and protocols, digital certificates, cryptography service providers, and web certificate management. It also discusses key concepts related to PKI including symmetric and asymmetric encryption algorithms, hashing functions, certificate authorities, and PKI components.
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Market Engel SAS
Digital signature solutions are quickly replacing paper-based signatures and have the potential to dominate signature-related processes. The primary benefits of this technology include increased efficiency, lower costs and increased customer satisfaction. Processes that still require a handwritten signature slow down turnaround time, increase complexity in terms of archiving, and also raise environmental issues with regards to paper usage. Companies are therefore increasingly adopting digital signature solutions to address those challenges.
The financial services industry is the pioneer in the adoption and development of digital signature solutions, and we expect other industries, such as telecommunication, commerce, utilities, notaries and healthcare, to follow soon as the benefits of this new technology, namely increased efficiency, lower costs and increased customer satisfaction, are not restricted to any industry. While offering clear advantages, digital signature solutions still need to overcome some challenges, such as the need to adapt existing systems and processes to the new technology, concern about acceptance by business partners and the perceived high cost.
The European Union is currently finalizing regulation, which will increase the legal value of advanced electronic signatures and remote electronic signing services by offering the possibility to generate a qualified digital signature using a remote signing system. The regulation is expected to be enacted in early July 2014. This development is expected to serve as an example for other markets on how to approach digital signatures from a regulatory standpoint.
This report is based on Arthur D. Little’s survey of 50 market experts in Europe, as well as comprehensive secondary market research. In this report, we provide an overview of the digital signature technology, its current and potential market, as well as the benefits and challenges it brings. We also present examples of practical applications of digital signature solutions.
Jennifer worked for Sutter County Superintendent of Schools Office & the Sutter County One Stop as a Career Advisor & trainer for about eight years. During that time she provided assistance to youth & adults in work readiness activities (i.e. career and job fairs), workshops & counseling services. Additionally, she acted as a liaison to connect business & education throughout the community. She also provided this resume and cover letter training to Beale AFB for a couple of years. This training for those who were about to separate from the military. She now lives and works in UT as an educator.
Digging out Structures for Repurposing: Non-competitive Intelligence ...Chris Southan
This document summarizes Christopher Southan's presentation on digging through non-competitive intelligence to connect drug code names to structures and related data for drug repurposing opportunities. It finds that only 40-50% of approximately 30,000 drug code names have publicly accessible structures, and an even smaller portion are recorded in PubChem. It outlines Southan's methods for mapping code names to structures through multiple sources and finding associated data in clinical trials, publications, and patents. The conclusion advocates for increased transparency and data sharing to improve opportunities for drug repurposing based on stalled or failed drug candidates.
Digital certificates provide advanced instruments for confirming identities in electronic environments. The application of digital certificates has been gaining global acceptance both in public and private sectors. In fact, the government field has witnessed increasing adoption of cryptographic technologies to address identity management requirements in cyberspace. The purpose of this article is to provide an overview of various governmental scenarios on the usage and application of digital certificates in the United Arab Emirates. The UAE government integrated public key infrastructure (PKI) technology into its identity management infrastructure since 2003. The article also explores the UAE digital identity issuing authority's position regarding government-to-government transactions and the prospective role of digital certificates.
The ultimate guide to digital signaturesCoSign by ARX
The document provides an overview of digital signatures, explaining what they are, how they work, and their benefits over electronic and wet ink signatures. Digital signatures create a unique "fingerprint" for both the signer and document content, ensuring signer identity and document integrity. They are based on international PKI standards and can be validated independently without proprietary software. Organizations use digital signatures to streamline processes, ensure compliance, and reduce costs associated with paper-based workflows.
This document provides an overview of information security management systems (ISMS) and the ISO 27001 standard. It discusses how ISO 27001 specifies requirements for establishing, implementing, and improving an ISMS to ensure adequate security controls to protect information assets. The document also notes how ISO 27001 is compatible with other management system standards like ISO 9001, and how organizations can integrate their information security into other management systems. It provides details on the correspondence between requirements of ISO 27001 and ISO 9001.
This document summarizes how digital signatures are implemented in PDF documents. It discusses the need for integrity, authenticity and non-repudiation that digital signatures provide. It covers basic concepts like hashing, encryption and digital signatures. It then explains how these concepts are applied specifically to PDF, following standards like ISO 32000 and PAdES. It discusses server-side signing, client-side signing and deferred signing architectures. It also covers how digital signatures can be used in document workflows and long-term validation strategies like revocation, timestamps and document security stores.
6th Edition Veterans Resources Guide - April 2016Talia Wesley
This document provides an updated 69-page veterans resource guide created by Talia Wesley in April 2016. It contains 64 sections covering a wide range of topics to assist veterans, active duty military, and their families. The sections are organized by an index and cover benefits assistance, counseling, employment, education, healthcare and other resources. Highlighted and underlined sections contain new or important updated information.
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
Iain Leiter from A.T. Still University discussed their organization's migration from a hardware-based firewall to NSX to improve performance and compliance. Some key advantages of NSX include distributed firewalling for high performance and scalability, pay-as-you-grow flexibility, and advanced security features like microsegmentation. Their deployment process involved installing NSX, defining security groups, building security policies using syslog data from "recon rules", and applying a common services policy. Discoveries included many backdoors, application architecture issues, and the security benefits of microsegmentation.
Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.
How to prepare winning bids and tenders final version 01 november 2016Gbolagade Adebisi
SMEs requiring to grown their businesses rapidly must of necessity sell to governments and institutions. Bids and Tenders represent avenues to achieve this
Spend Analysis: What Your Data Is Telling You and Why It’s Worth ListeningSAP Ariba
Driving bottom line savings continues to top the wish list of the chief procurement officer’s agenda, yet the decision path to get there often relies on perceptions and intuition. Without the right visibility into spend data, suppliers, or related market information in hand, sourcing and procurement decisions often run counter to the business objectives. Gaining comprehensive visibility is the stepping stone to effective spend management. Join this session where experts share their secrets on striking it rich by listening to what their spend numbers have to say.
The document provides an overview of the tendering and bidding process. It defines key terms like tender, bid, proposal, and procurement methods. The tender process involves several steps - pre-tender activities, issuing the tender, tender evaluation, and awarding the contract. The bidding process map outlines various stages from announcement to awarding. The evaluation process consists of opening bids, examining them, requesting clarifications, evaluating and comparing bids, post-qualification, and recommending a winner. Key points of evaluation include checking for completeness, computational errors, and applying criteria to determine the lowest bidder.
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
VMworld 2013
Gargi Keeling, VMware
Luke Youngblood, McKesson Corporation
Troy Casey, McKesson Corporation
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The document discusses various cloud security tools and terms including CSPM, CWPP, CIEM, and CNAPP. CSPM tools track cloud resources and verify static cloud configuration. CWPP tools secure cloud workloads and protect instances. CIEM tools manage identities and permissions in the cloud to enforce least privilege access. CNAPP tools integrate CSPM and CWPP capabilities and provide context about workloads to improve cloud security.
This document provides an overview of VMDR (Vulnerability Management, Detection and Response) training materials that can be downloaded from the Qualys website. It outlines the VMDR lifecycle including asset management, vulnerability management, threat detection and prioritization, and patch management. It also describes how to configure Qualys agents for VMDR, upgrade agent activation keys, and set up asset management to get visibility into systems using the Qualys sensor platform and CyberSecurity Asset Management (CSAM).
Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud.
This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to get started with automating security.
Application Security in the Cloud - Best PracticesRightScale
RightScale Webinar: May 20, 2010 – This webinar presents security implementation for applications running in the Amazon Web Services (AWS) environment with the RightScale management platform, using best practices developed by HyperStratus. See the archived video at http://vimeo.com/rightscale/application-security-in-the-cloud-best-practices.
Network Access Control, or NAC, solutions enhance network security by reducing the likelihood of unauthorized access and mitigating several threats and vulnerabilities. With a NAC, you can define and implement security policies that allow client machines access to network resources only when certain conditions are met.
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
Clarke Rodgers (CISO, SCOR Velogica)'s presentation on SCOR's journey to SOC2/TYPE2 via AWS at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
Tech Throwdown: Secure Containerization vs WhitelistingInvincea, Inc.
To address the inadequacy of traditional anti-virus solutions, white-listing and secure containerization approaches have both gained traction in the enterprise. Both approaches have the overarching goal of preventing a successful breach at the endpoint, but each works differently and also focus on different parts of the cyber kill chain.
Invincea, a secure containerization solution, inoculates high-risk and Internet-facing applications against attack by running them in secure virtual containers, which have restricted access to the underlying host OS. This effectively removes the most common means of delivering the infection (see figure below). Any successful exploits of targeted applications (such as IE, Java, Flash, etc.), including by 0-day exploits, are kept safely in quarantine where additional forensic details may be uncovered.
Whitelisting attempts to prevent infections by allowing only certain known executables to run. This means whitelisting solutions will not see initial exploits; rather, whitelisting focuses on the next step beyond the exploit where many attacks then attempt to launch 2<sup>nd</sup> stage (malicious) executables with additional goals such as privilege escalation, lateral movement, or data exfiltration. In other words, whitelisting solutions do not have visibility into exploits of existing programs and for memory-resident malware. In addition, whitelisting solutions that prevent unknown software from running will flag legitimate software (such as patches) that are not updated with the whitelist.
45 Minutes to PCI Compliance in the CloudCloudPassage
Join CloudPassage CEO, Carson Sweet and Sumo Logic Founding VP of Product & Strategy, Bruno Kurtic, for a webinar on “45 minutes to PCI Compliance in the Cloud”.
What You Will Learn:
-Understand the typical challenges faced by enterprises for achieving PCI on cloud infrastructure
-Learn how purpose-built SaaS-based cloud security solutions can save you tens of thousands in audit costs by speeding your time to compliance
-Get a quick demo of the CloudPassage Halo and Sumo Logic solutions that provide the telemetry and query/reporting engines respectively for cloud PCI
Protect Your End-of-Life Windows Server 2003 Operating SystemSymantec
End of Support is Not the End of Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period is typically referred to as limited support. After the last day of support (also known as “end of support life date”), the product becomes obsolete, and the vendor will no longer automatically issue security patches. Customers have the option to purchase “extended or custom support” from the vendor after this date.
In many instances, the window for the availability of vendor support for the EOL product could be shorter than the time it would take for the customer to effectively migrate applications and processes to a new platform.
Customers may also be running custom applications that may not be compatible with the new platform. These gaps potentially expose unsupported systems to zero-day threats and new malware attacks. In order to address these potential risks, businesses will need to make some hard decisions:
• Run the applications in the unsupported platform.
• Execute an aggressive migration strategy for the mission-critical applications.
• Purchase an expensive extended support contract from the software vendor.
• Implement a security solution to harden and monitor the unsupported systems.
Trend Micro: This talk examines an overarching security strategy for your deployment, pulled from the real-world experiences of top companies around the world. Paired with services like AWS Lambda, this strategy can result in a unified view of your deployment and automatically respond to incidents – regardless of scale.
New Threats, New Approaches in Modern Data CentersIben Rodriguez
New Threats, New Approaches in Modern Data Centers - A Presentation by NPS at CENIC conference 11:00 am - 12:00 pm, Wednesday, March 22, 2017 – in San Diego, California
The standard approach to securing data centers has historically emphasized strong perimeter protection to keep threats on the outside of the network. However, this model is ineffective for handling new types of threats—including advanced persistent threats, insider threats, and coordinated attacks. A better model for data center security is needed: one that assumes threats can be anywhere and probably are everywhere and then, through automation, acts accordingly. Using micro-segmentation, fine-grained network controls enable unit-level trust, and flexible security policies can be applied all the way down to a network interface. In this joint presentation between customer, partner, and VMware, the fundamental tenants of micro-segmentation will be discussed. Presenters will describe how the Naval Postgraduate School has incorporated these principles into the architecture and design of a multi-tenant Cybersecurity Lab environment to deliver security training to national and international government personnel.
Edgar Mendoza, IT Specialist, Information Technology and Communications Services (ITACS) Naval Postgraduate School
Eldor Magat, Computer Specialist, ITACS, Naval Postgraduate School
Mike Monahan, Network Engineer, ITACS, Naval Postgraduate School
Iben Rodriguez, Brocade Resident SDN Delivery Consultant, ITACS, Naval Postgraduate School
Brian Recore, NSX Systems Engineer, VMware, Inc.
https://youtu.be/mYBbIbfKkGU?t=1h7m16s
Copied from the program with corrections - https://adobeindd.com/view/publications/b9fbbdf0-60f1-41dc-8654-3d2141b0bf54/nh4h/publication-web-resources/pdf/Conference_Agenda_2017_v1.pdf
This document discusses Check Point VSEC for providing advanced security for Microsoft Azure workloads. It begins with an overview of Microsoft Azure capabilities including global regions and platform services. It then discusses how Azure and customers share responsibility for cloud security. Check Point VSEC provides unified management, advanced threat prevention, and flexible deployment options to securely extend protection to applications in Azure. Case studies show how VSEC integration with Azure provides visibility, scalability, and security across hybrid cloud environments.
Netflix runs nearly all of its services on AWS and has adapted its security practices to fit its cloud-native architecture and DevOps model. Key aspects of Netflix's approach include integrating security tools into the development workflow, making secure options easy to use through self-service tools, and employing automated verification tools to monitor configurations while still trusting developers. This balance of empowering developers while verifying their work helps security scale alongside Netflix's dynamic cloud environment.
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
Is that requirement from NIST 800-53 Controls or NIST 800-190? If you've ever wondered where those pesky cloud security controls come from, this meetup is for you.
In this Meetup, Jame Strong and Jason Lutz from Contino (an AWS Premier Consulting Partner) will discuss how Contino views DevSecOps. They will review the Benefits of DevSecOps:
- Cost Reduction
- Speed of Delivery
- Speed of Recovery
- Security is Federated
- DevSecOps Fosters a Culture of Openness and Transparency
During this Meetup, James and Jason will show you how to harden and secure a container pipeline and AWS network. Briefly, they will demonstrate how to deploy accounts with a Cloud Security Posture and review security best practices from AWS, CIS, and NIST. They will also touch on how to integrate changes in your infrastructure pipelines to adhere to your Enterprise's Security Compliance Guidelines.
If you're interested in integrating security and compliance into your Application and Infrastructure pipelines to realize the benefits of DevSecOps, join us in this virtual meetup.
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Wipro in collaboration with Symantec offers CaaS which uses Control Compliance Suite (CCS), the industry
leading technology to manage Compliance and Security Configuration Assessments.
This document contains Check Point's responses to claims made in a Cisco competitive comparison. It summarizes Cisco's claims regarding efficacy, security features, operational capabilities, and ICS/SCADA protections, then provides Check Point's facts and details to counter inaccurate aspects of Cisco's statements. Check Point asserts it offers comparable or superior capabilities in these areas compared to Cisco.
Similar to VMworld 2013: Security Automation Workflows with NSX (20)
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
1. This document provides an overview and agenda for a presentation on vSphere 6.x host resource deep dive topics including compute, storage, and network.
2. It introduces the presenters, Niels Hagoort and Frank Denneman, and provides background on their expertise.
3. The document outlines the topics to be covered under each section, including NUMA, CPU cache, DIMM configuration, I/O queue placement, driver considerations, RSS and NetQueue scaling for networking.
VMworld 2016: Troubleshooting 101 for HorizonVMworld
This document provides an overview of troubleshooting tools and techniques for Horizon. It begins with introductions and disclaimers. It then covers defining problems, identifying symptoms, gathering additional information, determining possible causes, identifying the root cause, resolving problems, and documenting solutions. Common troubleshooting tools are discussed, including ESXCLI commands, vSphere CLI commands, and log file locations and contents. Methods for collecting log files from Horizon components like desktops, clients, and servers are also provided.
VMworld 2016: Advanced Network Services with NSXVMworld
NSX provides network virtualization and security services including distributed firewalling, load balancing, and VPN connectivity. It reproduces traditional network and security functions in software throughout the virtual infrastructure for improved performance, agility, and security compared to physical appliances. Over 1700 customers use NSX across various industries, with growth of 100% year-over-year. NSX services can be distributed across hypervisors for massive scalability. The platform also integrates with security and application delivery partners to enhance its native capabilities.
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
This document provides an overview of how to deploy VMware NSX with Cisco infrastructure, including:
- NSX has minimal requirements of 1600 MTU and IP connectivity and is agnostic to the underlying network topology.
- When using Cisco Nexus switches, VLANs must be configured for various traffic types and SVIs created with consistent IP subnets. Jumbo MTU is required across all links.
- NSX is also compatible with Cisco ACI fabrics using Fabric Path or DFA topologies, with the VXLAN VLAN spanning multiple pods/clusters across the fabric.
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
This document discusses enforcing vSphere cluster designs using PowerCLI automation. It provides an overview of vSphere cluster design basics like HA and DRS configurations. It then discusses crafting declarative configurations to define the desired infrastructure state. Infrastructure as code principles are reviewed for managing configurations outside the endpoints. The presentation introduces the Vester project for declaratively configuring vSphere clusters using PowerCLI.
Horizon 7 introduces several new features including just-in-time desktops that instantly provision desktops and applications when users log in using VMware's instant clone technology. It also features smart policies that dynamically change desktop configurations based on user location or device. Infrastructure updates improve scalability and failover capabilities. The user experience is enhanced with support for 3D graphics, new protocols like Blast Extreme for optimized mobile access, and expanded capabilities for hosted applications and RDS desktops.
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
Virtual Volumes provide a more efficient operational model for external storage management in vSphere. They integrate storage capabilities directly into virtual machines at the individual disk level through Storage Policy-Based Management. This simplifies operations by removing the need for static LUN/volume provisioning and allows storage services to be applied non-disruptively on a per-virtual machine basis according to policies. A key component is the VASA Provider, which is used to publish an array's storage capabilities and manage the creation of VM-level objects called Virtual Volumes on behalf of vSphere.
VMworld 2016: The KISS of vRealize Operations! VMworld
This presentation introduces new features in vRealize Operations 6.3 that simplify operations management. It begins with an overview of the vRealize Operations architecture and dashboard. New features are then demonstrated, including a recommended actions page, cluster resource dashboard, data collection notifications, workload balancing through rebalancing containers, guided remediation through alerts, integration with vRealize Log Insight, capacity management of clusters and projections, and extensibility with management packs. Finally, related VMworld sessions are listed that provide further information on capacity planning, troubleshooting, intelligent operations management, log insight, and network insight.
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
This document provides an overview and introduction to PowerShell and PowerCLI for managing VMware environments. It discusses what PowerShell and PowerCLI are, important terminology like modules and functions, how to set them up and configure profiles, and examples of how to start coding with PowerShell including gathering data, writing logic statements, and using cmdlets safely. The presenters are introduced and an agenda is provided covering these topics at a high level to get started with PowerShell and PowerCLI.
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
This document is a disclaimer stating that the presentation may include features still under development and not committed to be delivered in final products. Any features discussed are subject to change based on technical feasibility and market demand, and pricing and packaging have not been determined for any new technologies presented. The document is confidential.
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
Virtualizing Active Directory domain controllers provides benefits like increased availability, scalability, and manageability. However, there are some technical challenges to address like ensuring proper time synchronization. This presentation provides best practices for virtualizing domain controllers including using host-guest affinity rules, disabling time synchronization settings, and ensuring the ESXi host clock is correct. It also introduces new "safety" features in Windows Server 2012 like VM GenerationID that help address issues from restoring or reverting snapshots like USN rollback.
VMworld 2015: Troubleshooting for vSphere 6VMworld
The document provides an overview of troubleshooting tools and techniques for vSphere 6. It discusses gathering diagnostic information, identifying potential causes, and resolving problems. The vSphere ESXi Shell and vCLI commands can be used to troubleshoot issues locally or remotely via SSH. An example troubleshooting process is provided to demonstrate defining a vMotion failure problem, gathering logs, testing connectivity, and resolving an incorrect VMkernel interface IP address.
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
This year VMware vSphere 6 combined with vRealize Operations 6.1 (vR Ops 6) adds critical features to increase technical agility in the infrastructure, and reduce Mean time to Repair. With a new Automated remediation action framework in vR Ops, vSphere 6’s ability to vMotion Physical Raw Device mappings (RDMs), and a complete Management Pack Ecosystem for monitoring Infrastructure to applications, administrators have the tools needed to get to maintain 5 9’s uptime, shorten Mean Time to Repair (MTTR), and predict capacity requirements as and when the business requires.. This session will be a deep technical explanation, and live demonstration of these tools. It will give administrators a solid understanding of how they can use these tools to monitor and manage their application clusters, keep applications running during Infrastructure maintenance, and get deep holistic visibility into the entire Application ecosystem, from Storage to Networking.
VMworld 2015: Advanced SQL Server on vSphereVMworld
Microsoft SQL Server is one of the most widely deployed “apps” in the market today and is used as the database layer for a myriad of applications, ranging from departmental content repositories to large enterprise OLTP systems. Typical SQL Server workloads are somewhat trivial to virtualize; however, business critical SQL Servers require careful planning to satisfy performance, high availability, and disaster recovery requirements. It is the design of these business critical databases that will be the focus of this breakout session. You will learn how build high-performance SQL Server virtual machines through proper resource allocation, database file management, and use of all-flash storage like XtremIO. You will also learn how to protect these critical systems using a combination of SQL Server and vSphere high availability features. For example, did you know you can vMotion shared-disk Windows Failover Cluster nodes? You can in vSphere 6! Finally, you will learn techniques for rapid deployment, backup, and recovery of SQL Server virtual machines using an all-flash array.
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
Active Directory Domain Services (ADDS) allows organizations to deploy a scalable and secure directory service for managing users, resources and applications. Virtualization of ADDS has been supported for many years now, however has required careful management to avoid pitfalls around replication, time management, and access. Windows Server 2012 provides greater support for virtualization by including virtualization-safe features and support for rapid domain controller deployment.
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
Policy based management greatly simplifies the work of IT Administrators making it easy to ensure that applications and VMs receive the resources, protection and functionality required. Learn about the latest enhancements of Site Recovery Manager in this space, which represent a huge step towards providing policy based DR. In this session we'll dive deep into how this approach works and how to work with them.
VMworld 2015: Building a Business Case for Virtual SANVMworld
This presentation discusses building a business case for VMware Virtual SAN. It provides an overview of Virtual SAN and its benefits for customers like choice, integration, cost savings and performance. A case study is presented of how Dominos Pizza implemented Virtual SAN which resulted in roughly 40% lower costs compared to a traditional storage array. The presentation concludes by demonstrating the Virtual SAN assessment tool and various ways customers can try Virtual SAN.
Not content to simply describe the Virtual Volume (VVOL) framework, this session instead examines practical use cases: How different configurations and workloads benefit from VVOLs. Learn how Storage Policy Based Management (SPBM) couples with VVOLs to provide VM configuration options not previously available. We demonstrate a handful of real-life scenarios, specifically covering how VVOLs benefits oversubscribed systems, disaster recovery preparation and multi-tenant requirements for customers. Specific configuration options and constraints are covered in detail, including how they work with underlying storage.
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld
This document provides a technical deep dive on virtual volumes. It begins with an overview of the challenges with today's LUN-centric storage architectures, such as complex provisioning, wasted resources, and lack of granular control. It then introduces an application-centric model using virtual volumes that provides dynamic storage service levels, fine-grained control at the VM level, and common management across arrays. The rest of the document details the management plane, data plane, consumption model using storage policy-based management, virtual machine lifecycles, snapshots, and offloading operations with virtual volumes.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsScyllaDB
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMydbops
This presentation, titled "MySQL - InnoDB" and delivered by Mayank Prasad at the Mydbops Open Source Database Meetup 16 on June 8th, 2024, covers dynamic configuration of REDO logs and instant ADD/DROP columns in InnoDB.
This presentation dives deep into the world of InnoDB, exploring two ground-breaking features introduced in MySQL 8.0:
• Dynamic Configuration of REDO Logs: Enhance your database's performance and flexibility with on-the-fly adjustments to REDO log capacity. Unleash the power of the snake metaphor to visualize how InnoDB manages REDO log files.
• Instant ADD/DROP Columns: Say goodbye to costly table rebuilds! This presentation unveils how InnoDB now enables seamless addition and removal of columns without compromising data integrity or incurring downtime.
Key Learnings:
• Grasp the concept of REDO logs and their significance in InnoDB's transaction management.
• Discover the advantages of dynamic REDO log configuration and how to leverage it for optimal performance.
• Understand the inner workings of instant ADD/DROP columns and their impact on database operations.
• Gain valuable insights into the row versioning mechanism that empowers instant column modifications.
3. 3
THINK About Your Last Interaction with the Security Team
VI Admin /
Cloud
Operator
Botnet
attack…
quarantine
NOW!!
PCI Auditors in
the house…are
we compliant?
High severity
vulnerabilities on
critical business
systems… must
patch!
4. 4
Did Your Interaction Look Something like This?
Step 1
Manual
Process
Security
Architect
Step n
✔
Repeat.
You have to
take care of this
security issue.
VI Admin /
Cloud
Operator
OK, but it
may take
a while.
Lather. Rinse.
5. 5
Automate for Efficiency, Benefit from Consistency
VI Admin /
Cloud
Operator
No
problem.
When THIS
happens, do
THAT.
Security
Architect
Step 1. Security team defines policy for what to do when
a security issue is found. Then they ask the data center
operator to make it happen.
6. 6
Automate for Efficiency, Benefit from Consistency
Step 2. Operator creates security policies using security
profiles already managed by security team. Gets approval
from security team before applying to workloads.
Is this
what you
wanted?
VI Admin /
Cloud Operator
Yup.
Looks
good.
Security
Architect
7. 7
Automate for Efficiency, Benefit from Consistency
VI Admin /
Cloud
Operator
Easy.
Step 3. Operator applies security policies to workloads.
Security team monitors for changes, has option to approve
before change is allowed.
Security
Architect
Compliant.
8. 8
Agenda
Think About Your Last Interaction with Security Team
Quarantine Infected Systems (NAC:TNG) + DEMO
Customer Perspective: McKesson OneCloud
Summary of Automation Capabilities
Next Steps
9. 9
production quarantine
✔
Overview of Quarantine Use Case
Quarantine Processes
• Quarantine by default
• Scan for compliance before putting in
production
• Remediate non-compliant systems
• Continuously monitor production
systems for compliance
• Quarantine non-compliant systems
• Optional: Require approval before any
workload is moved to quarantine
Properties of Quarantine Zone
• Restrict Layer 3 network traffic to/from
zone. Block L3 traffic between infected
systems
• Assign different L2 network to
quarantine zone
10. 10
Network Access Control As We Know It
Requirements
• Authentication and
Management Services
• 802.1x enabled switch
hardware
• 802.1x compliant endpoint
agent (supplicant)
Challenges
• Cost-prohibitive (hardware)
• Difficult to manage (agents)
• Lacks agility required in the
software-defined data center
• Forces virtual network traffic
to physical switch
Physical
Endpoints
(802.1x
supplicants)
Virtual
Machines
(802.1x
supplicants)
Authentication
Server
NAC
Management
Server
802.1x Enabled
Switches
12. 12
Automate Quarantine Workflow with NSX Service Composer
Prerequisites: Security groups
defined by tag membership and
relevant policies
1. Desktop group scanned
scanned for viruses
2. AV solution tags VMs to
indicate virus found
3. Infected VM automatically
gets added to quarantine
group, based on tag
4. VM is re-scanned and
remediated by AV solution.
5. Tag removed and VM moved
out of quarantine zone.
S e cu r i t y G ro u p = Q ua r a n t i n e Z o n e
M e mb e r s = {T a g = ‘ AN T I _ V I R US . V i r u s Fo u n d ’ ,
L 2 I s o l a t e d N e t w o r k}
S e cu r i t y G ro u p = D es k t o p s
13. 13
Agenda
Think About Your Last Interaction with Security Team
Quarantine Infected Systems (NAC:TNG) + DEMO
NSX Service Composer for Security Automation
Customer Perspective: McKesson OneCloud
Summary of Automation Capabilities
Next Steps
14. 14
NSX Service Composer
Security services can now be consumed more efficiently in the
software-defined data center.
Automate.
Automate workflows
across different
services, without
custom integration.
Provision.
Provision and monitor
uptime of different
services, using one
method.
Apply.
Apply and visualize
security policies for
workloads, in one place.
SEC
5749
16. 16
Concept – Apply Policies to Workloads
Security Groups
WHAT you want to
protect
Members (VM, vNIC…) and
Context (user identity, security
posture
HOW you want to
protect it
Services (Firewall, antivirus…)
and Profiles (labels representing
specific policies)
APPLY
Define security policies based on service profiles already defined (or
blessed) by the security team. Apply these policies to one or more
security groups where your workloads are members.
17. 17
NSX Service Composer – Canvas View
Nested Security Groups: A security group can contain other groups. These nested groups
can be configured to inherit security policies of the parent container.
e.g. “Financial Department” can contain “Financial Application”
18. 18
NSX Service Composer – Canvas View
Members: Apps and workloads that belong to this container.
e.g. “Apache-Web-VM”, “Exchange Server-VM”
19. 19
NSX Service Composer – Canvas View
Policies: Collection of service profiles - assigned to this container…to define HOW you want
to protect this container
e.g. “PCI Compliance” or “Quarantine Policy’
20. 20
NSX Service Composer – Canvas View
Profiles: When solutions are registered and deployed, these profiles point to actual security
policies that have been defined by the security management console (e.g. AV, network IPS).
Only exception is the firewall rules, which can be defined within Service Composer, directly. for
*deployed* solutions, are assigned to these policies.
Services supported today:
• Distributed Virtual Firewall Anti-virus File Integrity Monitoring
• Vulnerability Management Network IPS Data Security (DLP scan)
21. 21
Concept – Automate Workflows Across Services
AVFW
IPS DLP
Vuln. Mgmt
IF one service finds something, THEN another service can do something
about it, WITHOUT requiring integration between services!
SEC
5750
22. 22
Automation Process Using NSX Service Composer
Use NSX security tags, either through NSX security solutions or APIs, to
define IF/THEN workflows across security services.
Step 1 - Define
security tags
based on
workflow
requirements
Security
Group =
Step 2 - Define
security group
based on tags
Step 3 - Set and
unset tags based on
security workflow
requirements.
23. 23
How to Automate a Workflow with NSX Service Composer
Step 1 – Define Tags
Determine which tags have been registered by the deployed security
solutions. Identify the tags you want to use for your workflow.
Example: I want to know when my antivirus solution finds any infected systems.
24. 24
How to Automate a Workflow with NSX Service Composer
Step 1 – Define Tags (alternate)
Use NSX tagging API to identify workloads of a certain type, by integrating
with a cloud management portal or by running a script.
25. 25
How to Automate a Workflow with NSX Service Composer
Step 2 – Define Security Group
Define group based on dynamic membership where tag has a certain value.
Example: My quarantine zone is defined by any system with a tag that has ‘VirusFound’ in it.
26. 26
How to Automate a Workflow with NSX Service Composer
Step 3 – Set and Unset Tags
A workload is added or removed from a group due to tag change.
Example: My quarantine zone will block network traffic but will also rescan workloads to see if
they are cleaned of viruses. If clean, the virus tag will be removed and the workload will be
removed from the quarantine zone..
27.
28. 28
Agenda
Think About Your Last Interaction with Security Team
Quarantine Infected Systems (NAC:TNG) + DEMO
Customer Perspective: McKesson OneCloud
Summary of Automation Capabilities
Next Steps
29. 29
About McKesson
At A Glance
Founded 1833
HQ San Francisco
37,000+ employees
Focus: Distribution
and Technology
Our Businesses
Distribution Solutions
(pharmaceutical,
medical/surgical, plasma and
biologics, pharmacy and
more)
Technology Solutions
(information solutions,
medication imaging,
automation and more)
Our Businesses
Ranked 14th on
Fortune 500
NYSE: MCK
Revenue: $122.7
billion in FY2012
By the Numbers
#1 pharmaceutical
distribution in US,
Canada
#1 generics
pharmaceutical
distribution
#1 hospital automation
52% of US hospitals use
McKesson technology
30. 30
McKesson OneCloud
VI Admin /
Cloud
Operator
Security
Architect
Get IT Out of the Way
A self-service, private cloud giving users access to new applications
on-demand, with necessary security controls.
31. 31
McKesson OneCloud Phases
OneCloud 1.0 OneCloud 1.5 OneCloud 2.0
• Amber Zones: Zones
with sensitive data
such as PHI, PCI with
DLP enforcement
(confidential)
Beyond OneCloud 2.0
• Sensitive Data
(restricted)
• Red (quarantine)
zone: AV
disabled/missing,
missing critical
system patch;
System placed in
Sandbox
• DMZ Zone: Prevent
systems in this zone
from being attached
to other networks or
zones
• Green Zone: Fully
compliant systems;
Straight L3 pass
through with minimal
inspection
• Yellow Zone: system
patches more than xx
days out of date or
AV signatures out of
date; IPS/FW added
to inline path
32. 32
YELLOW
McKesson OneCloud Hosting Zones
GREEN AMBER
TBD
QUARANTINE
DMZ
Web-facing
systems
Non-Sensitive
Information
(Public, Internal)
Sensitive
Information
(Confidential)
Highly Sensitive
Information
(Restricted)
Infected /
Compromised
VM Remediation
OneCloud 1.0
OneCloud 1.5
OneCloud 2.0
OneCloud 1.5
OneCloud v.TBD
OneCloud 1.5
Vulnerable,
Unpatched
Systems
34. 34
Agenda
Think About Your Last Interaction with Security Team
Quarantine Infected Systems (NAC:TNG) + DEMO
Customer Perspective: McKesson OneCloud
Summary of Automation Capabilities
Next Steps
35. 35
Why Automate with NSX Service Composer?
AVFW
IPS DLP
Vuln. Mgmt
You can define policies so that IF one service finds something, THEN
another service can do something about it, WITHOUT requiring
integration between services!
36. 36
Automation Process Using NSX Service Composer
Use NSX security tags, either through NSX security solutions or APIs, to
define IF/THEN workflows across security services.
Step 1 - Define
security tags
based on
workflow
requirements
Security
Group =
Step 2 - Define
security group
based on tags
Step 3 - Set and
unset tags based on
security workflow
requirements.
37. 37
VMware NSX Service Composer – Automation Capabilities
Built-In Services
• Firewall, Identity-based Firewall
• Data Security (DLP / Discovery)
Security Groups
• Define workloads based on many attributes
(VMs, vNICs, networks, user identity, and
more) – WHAT you want to protect
• Dynamic membership using tags, VM name
and other properties
• Tags can be be managed by automated
services (AV, Vuln. Mgmt) or by admins
3rd Party Services
• IDS / IPS, AV, Vulnerability Mgmt
• 2013 Vendors: Symantec, McAfee, Trend
Micro, Rapid 7, Palo Alto Networks
Any Application
(without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Security Policies
• Define policies using profiles from built-in
services and 3rd party services - HOW you
want to protect workloads
39. 39
Agenda
Think About Your Last Interaction with Security Team
Quarantine Infected Systems (NAC:TNG) + DEMO
Customer Perspective: McKesson OneCloud
Enforce Compliance for Sensitive Data
Summary of Automation Capabilities
Next Steps
40. 40
No kidding.
Prove it!
Back At The Office…
VI Admin /
Cloud
Operator
Yes, hard
to forget.
Security
Architect
Talk to your security team about jointly evaluating NSX Service Composer.
Leverage built-in services (firewall, DLP/Discovery) and security tags.
You know all those
manual processes
we manage?
Well, I just learned about
VMware NSX Service
Composer and we could
automate a lot of this!
I will.
47. 47
Compliance Automation Use Case
Compliance Processes
• Group systems that must be compliant
with a specific regulation and apply
necessary controls to the group
• Specify systems based on actual data
(through sensitive data discovery) or
desired compliance state
• Move systems in and out of compliance
zones based on above
• Optional: Require approval before any
workload is moved to compliance zone
Properties of Compliance Zone
• Apply security policies as dictated by
the applicable regulation or standard
(e.g. antivirus, firewall, encryption, etc.)
Application
Owner
DLP / Discovery
Solution
VI Admin /
Cloud Operator
48. 48
Automate Compliance Workflow with NSX Service Composer
Prerequisites: Security groups
defined by tag membership and
relevant policies
1. Desktop group scanned
scanned for credit card data
2. Data security/DLP solution
tags VMs with sensitive data
3. VM with sensitive data
automatically gets added to
PCI DSS group, based on tag
4. VM is re-scanned for
continuous compliance
5. Tag is only removed if credit
card data no longer present.
VM would then be moved out
of PCI DSS zone.
S e cu r i t y G ro u p = P CI Z o n e
M e mb e r s = {T a g = ‘ DA T A _ S E C UR I T Y . v i ol a t i o n s Fo u n d ’ }
S e cu r i t y G ro u p = D es k t o p s
49. 49
Overview of Vulnerability Management Use Case
Vulnerability Management
Processes
• Identify and routinely scan critical
systems for vulnerabilities
• Find critical vulnerabilities and move
them into monitor zone with IPS
• Prioritize remediation actions based on
most critical systems / risks
• Test patches, remediation in staging
zone before applying in production
• Rescan patched systems and move out
of monitor zone if risk is mitigated
Properties of Monitor Zone
• Intrusion Prevention System (IPS)
policy monitors for compromised
systems and blocks risky traffic
Critical
Systems
Monitor
✔
Staging
Zone ✔
50. 50
Automate Vulnerability Management Workflow with NSX
Service Composer
Prerequisites: Security groups
defined by tag membership and
relevant policies
1. Desktop group scanned
scanned for vulnerabilities
2. Solution tags VMs to indicate
vulnerabilities
3. Vulnerable VM automatically
gets added to Monitor Zone,
based on tag
4. Patches are tested in staging
environment before being
applied. VM is re-scanned.
5. Tag removed and VM moved
out of Monitor Zone.
S e cu r i t y G ro u p = M on i t o r Z on e
M e mb e r s = {T a g =
‘ V UL N E R A B I LI T Y _ M A N AG E M E N T . Vu l n e r a b il i t y F o u nd ’
S e cu r i t y G ro u p = D es k t o p s
51. 51
VMware NSX – Network Virtualization
VMware NSX Transforms the Operational Model of the Network
• Network provisioning time
reduced from 7 days to
30 sec
Reduce network
provisioning time from
days to seconds
Cost Savings
• Reduce operational costs
by 80%
• Increase compute asset
utilization upto 90%
• Reduce hardware costs
by 40-50%
Operational
Automation
Simplified IP hardware
Choice
• Any Hypervisor:
vSphere, KVM, Xen, HyperV
• Any CMP:
vCAC, Openstack
• Any Network Hardware
• Partner Ecosystem
Any hypervisor
Any CMP
with Partner
53. 53
VMware NSX – Networking & Security Capabilities
Any Application
(without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3,
decoupled from the physical network
Logical Routing– Routing between virtual
networks without exiting the software
container
Logical Firewall – Distributed Firewall,
Kernel Integrated, High Performance
Logical Load Balancer – Application Load
Balancing in software
Logical VPN – Site-to-Site & Remote
Access VPN in software
NSX API – RESTful API for integration into
any Cloud Management Platform
Partner Eco-System
54. 54
Future Direction
Cloud Automation + Network Virtualization
Spin up and tear down logical networks and services as needed, to deliver
application infrastructure on-demand.
Create On-
Demand
Leverage Existing
Infrastructure
APP
DATABASE
WEB
WEB APP DATABASE
55. 55
Concept – Apply Policies to Workloads
Security Groups
WHAT you want to
protect
Members: VM, vNIC, network
(virtual/Logical Switch, physical),
Distributed Virtual PG, cluster, data
center, Resource Pool, vApp, other
container, IP address, MAC
Context: User identity, sensitive
data, security posture
HOW you want to
protect it
Services: Firewall, antivirus,
intrusion prevention, vulnerability
management and more.
Profiles: Security policies from
VMware and third-party solutions
that are defined by the security
architect but implemented by the
cloud operator.
APPLY
56. 56
Concept – Provision and Monitor
Network and security services are provisioned through a common
registration and deployment process. Health status of services is
reported by solution provider.
Compute Management GatewayPartner Mgmt.
Consoles
Registered Solutions