VMworld 2013
Ninad Desai, VMware
Greg Herzog, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson
OpenStack Neutron Networking OVS Plugin Overview. Improve networking scale and performance with a third party distributed overlay solution, such as MidoNet.
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson
OpenStack Neutron Networking OVS Plugin Overview. Improve networking scale and performance with a third party distributed overlay solution, such as MidoNet.
Development of a Cisco ACI device package for NGINX as a Load-BalancerFabrice Servais
This presentation summarises the development of a Cisco ACI device package for NGINX as a Load-Balancer, made as a proof-of-concept during an internship at Cisco.
Want to see the device package and its source code? Check out these Github repositories:
https://github.com/FServais/NGINX-Device-Package
https://github.com/FServais/NGINX-Agent
Secure Multi Tenant Cloud with OpenContrailPriti Desai
Building a secure multi-tenant cloud necessitates proper tenant isolation and access control. Key network and security functions must scale independently based on the dynamic resource requirements across each tenant. Additionally, On-demand and self-service provisioning are required for achieving operational efficiencies. Robust, dynamic and elastic software abstractions are imperative to support applications built to run such complex environments.
This slide deck covers:
• Architectural design choices
• Implementation blueprints
• Operational best practices
that have been made to build OpenStack cloud at Symantec.
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.Louis Göhl
Take a sprinkling of Windows 7, add Windows Server 2008 R2, IPv6 and IPsec and you have a solution that will allow direct access to your corporate network without the need for VPNs. Come to these demo-rich sessions and learn how to integrate DirectAccess into your environment. In Part 1 learn about IPv6 addressing, host configuration and transitioning technologies including 6to4, ISATAP, Teredo and IPHTTPS. Through a series of demos learn how to build an IPv6 Network and interoperate with IPv4 networks and hosts. In Part 2 we add the details of IPSec, and components that are only available with Windows 7 and Windows Server 2008 R2 to build the DirectAccess infrastructure. Learn how to control access to corporate resources and manage Internet connected PCs through group policy. Part 1 is highly recommended as a prerequisite for Part 2.
Nicolai van der Smagt has been in the business of designing, implementing and running SP networks for over 15 years. He has worked with DOCSIS, DSL and FTTH operators. Nowadays, Nicolai is helping Infradata’s pan-European customers build better access, aggregation and core networks, but his focus is on the data center, SDN, NFV and the whitebox switching revolution. His motto: “Simplicity is sophistication”.
Topic of Presentation: SDN
Language: English
Abstract:
Open source SDN that actually works -today
OpenContrail is an open source (Apache 2.0 licensed) project that provides network virtualization in the data center, using tried and tested open standards. It provides northbound APIs, integrates in Openstack or Cloudstack and is available today!
In this slot we’ll show you the architecture and ideas behind the technology and how OpenContrail enables you to avoid the pitfalls that other (closed) SDN solutions bring. If time permits we’ll also demo the technology.
MidoNet 101: Face to Face with the Distributed SDNMidoNet
Midokura has made the source code for MidoNet freely available at www.midonet.org, delivering the truly open, vendor-agnostic network virtualization solution available for the OpenStack and the Docker community.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
FOSDEM 2015
Presenters: Antonio Sagliocco, Alex Bikfalvi in Midokura Engineering
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld
VMworld 2013
Ninad Desai, VMware
Greg Herzog, VMware
Jon Kim, Force 3
Gregory Stemberger, Force 3
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Gain a solid understanding of VMware vCloud Air networking building blocks, and learn about connectivity options to vCloud Air.
Visit the VMware Cloud Academy for more videos and resources delivered by technical subject-matter experts.
http://vcloud.vmware.com/cloud-academy
Development of a Cisco ACI device package for NGINX as a Load-BalancerFabrice Servais
This presentation summarises the development of a Cisco ACI device package for NGINX as a Load-Balancer, made as a proof-of-concept during an internship at Cisco.
Want to see the device package and its source code? Check out these Github repositories:
https://github.com/FServais/NGINX-Device-Package
https://github.com/FServais/NGINX-Agent
Secure Multi Tenant Cloud with OpenContrailPriti Desai
Building a secure multi-tenant cloud necessitates proper tenant isolation and access control. Key network and security functions must scale independently based on the dynamic resource requirements across each tenant. Additionally, On-demand and self-service provisioning are required for achieving operational efficiencies. Robust, dynamic and elastic software abstractions are imperative to support applications built to run such complex environments.
This slide deck covers:
• Architectural design choices
• Implementation blueprints
• Operational best practices
that have been made to build OpenStack cloud at Symantec.
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.Louis Göhl
Take a sprinkling of Windows 7, add Windows Server 2008 R2, IPv6 and IPsec and you have a solution that will allow direct access to your corporate network without the need for VPNs. Come to these demo-rich sessions and learn how to integrate DirectAccess into your environment. In Part 1 learn about IPv6 addressing, host configuration and transitioning technologies including 6to4, ISATAP, Teredo and IPHTTPS. Through a series of demos learn how to build an IPv6 Network and interoperate with IPv4 networks and hosts. In Part 2 we add the details of IPSec, and components that are only available with Windows 7 and Windows Server 2008 R2 to build the DirectAccess infrastructure. Learn how to control access to corporate resources and manage Internet connected PCs through group policy. Part 1 is highly recommended as a prerequisite for Part 2.
Nicolai van der Smagt has been in the business of designing, implementing and running SP networks for over 15 years. He has worked with DOCSIS, DSL and FTTH operators. Nowadays, Nicolai is helping Infradata’s pan-European customers build better access, aggregation and core networks, but his focus is on the data center, SDN, NFV and the whitebox switching revolution. His motto: “Simplicity is sophistication”.
Topic of Presentation: SDN
Language: English
Abstract:
Open source SDN that actually works -today
OpenContrail is an open source (Apache 2.0 licensed) project that provides network virtualization in the data center, using tried and tested open standards. It provides northbound APIs, integrates in Openstack or Cloudstack and is available today!
In this slot we’ll show you the architecture and ideas behind the technology and how OpenContrail enables you to avoid the pitfalls that other (closed) SDN solutions bring. If time permits we’ll also demo the technology.
MidoNet 101: Face to Face with the Distributed SDNMidoNet
Midokura has made the source code for MidoNet freely available at www.midonet.org, delivering the truly open, vendor-agnostic network virtualization solution available for the OpenStack and the Docker community.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
FOSDEM 2015
Presenters: Antonio Sagliocco, Alex Bikfalvi in Midokura Engineering
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld
VMworld 2013
Ninad Desai, VMware
Greg Herzog, VMware
Jon Kim, Force 3
Gregory Stemberger, Force 3
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Gain a solid understanding of VMware vCloud Air networking building blocks, and learn about connectivity options to vCloud Air.
Visit the VMware Cloud Academy for more videos and resources delivered by technical subject-matter experts.
http://vcloud.vmware.com/cloud-academy
Join Marc Trouard-Riolle from Citrix Cloud Product Marketing for the latest presentation in the Citrix Cloud Master Class series.
In this session you will hear about building private enterprise clouds with Citrix CloudPlatform:
Learn about hypervisor, storage and networking considerations within private cloud use cases
Build a tailored availability zone for traditional workloads
See a step-by-step demonstration of building an enterprise private cloud
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
VMworld 2013
Arun Goel, VMware
Serge Maskalik, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
This hands on workshop for OpenContrail will be led by Sreelakshmi Sarva & Aniket Daptari.
This is a labs session so we will have hard RSVP limits. Please RSVP only if you are confident that you will be able to attend.
About Sreelakshmi Sarva
Sree is currently working as part of solution engineering team at Juniper’s Contrail team. She is responsible for delivering & managing SDN solutions & partnerships relating to Contrail. She has been with Juniper for the last 13 years working on various Routing, Switching, Network programmability & virtualization platforms. Prior to Juniper, She worked at Nortel networks in the Systems Engineering group. Sree received her Masters in Computer Science from University of Texas at Dallas and Bachelor’s in Computer Science from India.
About Aniket Daptari
Aniket is currently working as part of Juniper Networks' Contrail Cloud Solutions team. He is responsible for delivering SDN solutions and technology partnerships related to Contrail. He has been with Juniper for the last 3 years working on various Network programmability & virtualization platforms. Prior to Juniper, he worked at Cisco Systems in the Internet Systems Business Unit (Catalyst 6500). Aniket received his Masters in Computer Science from University of Southern California and a graduate certificate in Management Science and Engineering from Stanford University.
Course Abstract
This session will be the first of a series of OpenContrail hands-on tutorials for developers who want to get deep into OpenContrail code.
This “Basic OpenContrail Programming” Hands-on Session will focus on making developers proficient in writing and contributing code for our OpenContrail Project.
Session will cover the following areas
1) Contrail Overview
· Use Cases
· Architecture recap
2) Contrail Hands on
· Demo + Hands on - Configuration , VN, VM, Network Policies etc
· DevStack introduction
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PROIDEA
Joerg Ammon - Brocade
Language - English
Many of the recent trends in networking, more precisely software defined networking, are centered around OPEN - Openflow, OpenStack, OpenDaylight to name only a few. What is the state of those projects? What is ready to be deployed? Where is the industry moving? How do network operators and end users benefit from those trends? How do open interfaces and joint community effort speed up development of real world networking applications that are truly new and useful for today's infrastructures?
Register for the next edition of PLNOG conference today: http://plnog.pl
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
VMworld 2013
Shubha Bheemarao, VMware
Bruno Germain, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Faced with the dual threats of rising operating costs and declining revenues, network service providers are increasingly turning to network functions virtualization (NFV) to help them keep up with constantly changing market conditions.
In a virtualized Telco environment, service providers can deploy and deliver new network functions, services and capacity on demand—reducing normal rollout time from months and weeks to just hours.
Leveraging the principles of cloud computing, network service providers can deliver a level of responsiveness never before available, easily scaling capacity up or down to meet the evolving needs of their subscribers.
The result is a highly agile system that allows new revenue-generating services to be quickly developed, exhaustively tested and selectively rolled out to targeted groups in a fraction of the time and at a much lower cost than previously thought possible.
In this session, the speaker will present how the solution from Juniper networks look like and how it can be deployed by service provider to improve their agility in delivering services to their customers.
Session: The Data Center Network Evolution: Journey to the Programmable Fabric
Presenter: Robert Zalobinski, Technical Solutions Architect
Date: October 6, 2015
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteCohesive Networks
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
About the talk:
Customers don’t care where their cloud networks and infrastructure are, they just want apps to work. This session explains how overlay networks can help to do more networking at the IaaS level and how developers can build on top of overlay networking to extend traditional networks to the cloud.
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
This year VMware vSphere 6 combined with vRealize Operations 6.1 (vR Ops 6) adds critical features to increase technical agility in the infrastructure, and reduce Mean time to Repair. With a new Automated remediation action framework in vR Ops, vSphere 6’s ability to vMotion Physical Raw Device mappings (RDMs), and a complete Management Pack Ecosystem for monitoring Infrastructure to applications, administrators have the tools needed to get to maintain 5 9’s uptime, shorten Mean Time to Repair (MTTR), and predict capacity requirements as and when the business requires.. This session will be a deep technical explanation, and live demonstration of these tools. It will give administrators a solid understanding of how they can use these tools to monitor and manage their application clusters, keep applications running during Infrastructure maintenance, and get deep holistic visibility into the entire Application ecosystem, from Storage to Networking.
VMworld 2015: Advanced SQL Server on vSphereVMworld
Microsoft SQL Server is one of the most widely deployed “apps” in the market today and is used as the database layer for a myriad of applications, ranging from departmental content repositories to large enterprise OLTP systems. Typical SQL Server workloads are somewhat trivial to virtualize; however, business critical SQL Servers require careful planning to satisfy performance, high availability, and disaster recovery requirements. It is the design of these business critical databases that will be the focus of this breakout session. You will learn how build high-performance SQL Server virtual machines through proper resource allocation, database file management, and use of all-flash storage like XtremIO. You will also learn how to protect these critical systems using a combination of SQL Server and vSphere high availability features. For example, did you know you can vMotion shared-disk Windows Failover Cluster nodes? You can in vSphere 6! Finally, you will learn techniques for rapid deployment, backup, and recovery of SQL Server virtual machines using an all-flash array.
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
Active Directory Domain Services (ADDS) allows organizations to deploy a scalable and secure directory service for managing users, resources and applications. Virtualization of ADDS has been supported for many years now, however has required careful management to avoid pitfalls around replication, time management, and access. Windows Server 2012 provides greater support for virtualization by including virtualization-safe features and support for rapid domain controller deployment.
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
Policy based management greatly simplifies the work of IT Administrators making it easy to ensure that applications and VMs receive the resources, protection and functionality required. Learn about the latest enhancements of Site Recovery Manager in this space, which represent a huge step towards providing policy based DR. In this session we'll dive deep into how this approach works and how to work with them.
Not content to simply describe the Virtual Volume (VVOL) framework, this session instead examines practical use cases: How different configurations and workloads benefit from VVOLs. Learn how Storage Policy Based Management (SPBM) couples with VVOLs to provide VM configuration options not previously available. We demonstrate a handful of real-life scenarios, specifically covering how VVOLs benefits oversubscribed systems, disaster recovery preparation and multi-tenant requirements for customers. Specific configuration options and constraints are covered in detail, including how they work with underlying storage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics
1. vCloud Hybrid Service Jump Start Part Two of Five:
vCloud Hybrid Service:
Networking and Security Basics
Ninad Desai, VMware
Greg Herzog, VMware
PHC5409
#PHC5409
2. 2
What’s in it for You?
You will leave with:
An understanding of the vCloud Hybrid Service networking building blocks
A strong networking foundation for building a Hybrid Cloud
The Security concepts you need to be successful
4. 4
Why is Networking with the vCloud Hybrid Service so Easy?
Key Takeaways
• Same stuff you know – vSphere, VXLAN, vCNS, vCloud Director
• Seemless integration – vCloud Connector
• No changes to apps
• No having to figure out weird networking models
• Security you know and understand – Role Based Access Control
5. 5
vCloud Hybrid Service: Any Mixture of Two Flavors
Minimum size:
120GB vRAM
30GHz vCPU
Starts at:
6 TB
50 Mbps allocated
1 Gbps burstable
3 Public IPs
Your own private cloud instance
Physically isolated
Minimum size:
20GB vRAM
5GHz vCPU
(burst to 10GHz)
Starts at:
2 TB
10 Mbps allocated
50 Mbps burstable
2 Public IPs
Logically isolated
Guaranteed resource allocation
Dedicated Cloud Virtual Private Cloud
6. 6
Dedicated vCloud Stack per Dedicated Cloud
Fully Integrated vCloud Stack
vCloud Management and Automation
vCloud Hybrid Service Management Console
vCloud Infrastructure
vCloud Networking and Security
vCloud Director with vCloud Connector
vSphere / vCenter
Customer A
Physically
Isolated Servers Storage pool
VPN and
Network pool
…
Dedicated Cloud
8. 8
Network Virtualization in vCloud Hybrid Service
vCloud Hybrid Service
Networking & Security
vCloud Hybrid Service
vSphere
VDC 1 VDC 2
VXLAN
Integrated Management Console
Edge Gateway
Secures the edge of the virtual datacenter and
delivers network services:
Firewall
NAT
Load Balancer
Site-to-Site IPSec VPN
Active/Standby High Availability
Stateful Session Failover
VXLAN
Foundation for elastic portable virtual
datacenters. Encapsulation allows
Isolation between Organization Networks
Bring-your-own private IPv4 layer 3
address space10GbE network interconnect with 20G link aggregation
vCloud Hybrid Service Networking
• Nine routable IP spaces
• Intuitive design replicates traditional networks
• Customizable to support production applications
9. 9
vCloud Hybrid Service Advanced Networking
Web Servers
VM
App Servers DB Servers
Organization Network (DMZ) Org Net 1
VM VM Log Servers
RSA
Edge Gateway
10 Total Interfaces
9 For Customer Use
Static Routes between Zones
3rd Party Appliance
Customer Supplied
F5, RSA, Cisco, Riverbed
Organization Network (Test/Dev)
Organization Network (Isolated)
VM
Org Net 1Organization Network (App)
VMVM VM VM VM VM
11. 11
IP Address Assignment
IP Pool
• Pool of IPs created by default
on auto generated isolated and
routed networks
• VMs attached to those networks
get IP addresses from that
default pool
Static IP
• Fixed IP for a VM
• Change configuration in
vCloud Director
DHCP
• Part of edge gateway service
• Change configuration in vCloud Director
• Basic DHCP service
12. 12
DHCP Service on vCloud Hybrid Service Edge Gateway
Assign an IP
range on a
desired network
13. 13
Firewall Rules
Where do they live?
What do they do?
Routed Network 1 Routed Network 2 Routed Network 3
Firewall Rules:
- By default: Deny all
- Policies for traffic that
passes through the
gateway
Gateway
5 Tuple F/W policies (Protocol, Source/Dest. IP, Source/Dest. Port )
Can have multiple policies across multiple networks
Ideal for enterprise grade application deployment
15. 15
Network Address Translation (NAT)
Source NAT & Destination NAT rules.
• Supports multiple rules on multiple interfaces
Can use internal/private IP space.
• Bring your own internal IP space
• Create/Manage subnets within IP space
• Multiple IP space under the same gateway
NAT rules:
- SNAT & DNAT rules
- Options include
protocol/port selection
Gateway
Public IPs
Internal IPs
10.x.x.x 172.16.x.x 192.168.x.x
Need to create F/W rules to
allow traffic
IPv4 NAT
Organization Net 1 Organization Net 2 Organization Net 3
16. 16
Edge Gateway Services – Load Balancing
Pool Servers
Load Balanced
- Round Robin
- IP Hash
- URI
- Least Connected
Virtual Server –
- Virtual IP (Public IP)
- Front end traffic
- Assigned to a server pool
Can have multiple virtual servers
and pools
Edge gateway
Load balancer
19. 19
IPSEC VPN Overview
vCNS 5.1 Edge/vCloud Hybrid Service features include IPSEC VPN
• Definition:
• Internet Protocol Security (IPsec) is a protocol suite for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP
packet of a communication session
• Create a secured tunnel using the IPSEC VPN service from one physical/virtual
datacenter to another
IPSEC is a framework of open standards
“Protect the series of internet tubes with VPN!”
20. 20
VPN Architecture Diagram
vSphere (On-Premise)
Sharepoint-Routed Network
(10.0.10.0/24)
vCHS Edge Gateway
LEP – 69.194.137.230
Peer ID – 10.0.1.150
Peer IP – 68.108.102.47
10.0.1.150
10.0.10.1
External Router
10.0.1.1
68.108.102.47
192.168.109.1
vCloud Hybrid Service
69.194.137.230
vSphere Edge Gateway
LEP – 10.0.1.150
Peer ID – 69.194.137.230
Peer IP – 69.194.137.230
VPN Traffic
Internet Traffic
Virtual
Machine 1
Virtual
Machine 2
Sharepoint-Default Routed Network
(192.168.109/24)
IP Protocol ID 50 (ESP)
IP Protocol ID 51 (AH)
UDP Port 500 (IKE)
UDP Port 4500
21. 21
Hybrid Service is Just Another Site – Networking & Security
US East Region
US West Region
The Same
Networking
Topology
Full network
virtualization at
layer 2 and layer 3
Layer 2
Extensions
Your Data Center vCloud Hybrid Service
The Same
Security Policies
Integrated L4-7
services for
Firewall/NAT,
IPSec VPN, Load
Balancers, VXLAN
gateways
Primary
Regional Office
Regional Office
22. 22
Default Setup
Dedicated Cloud – 3 IPs
• Edge Gateway – Can add additional
• 2 Default Networks
• Default Isolated
• DHCP Enabled - Only Service Available
• Default Routed
• DHCP Disabled
• Firewall Enabled
• VPN, NAT & Load Balancer
• Assigned public IP address
Virtual Private Cloud – 2 IPs
• Edge Gateway – 1 Max
• 2 Networks – Same Setup
24. 24
Infrastructure Security
Shared Cloud
• Logically separated network,
compute and storage
No vDC segmentation
One edge gateway
Ideal for shared access
within a single org
Dedicated Cloud
• Physically separated hosts
• Logically separated network
and storage
Regulated Apps
Require segmentation and
no multi-tenancy
Segment vDCs based on orgs
VDC1 VDC2
VDC3 VDC4
VDC
25. 25
Network Security & Access
Secure networks
• Isolated networks
• Ideal for internal apps/VMs
• Log servers, tracking servers, DB servers
• Routed networks
• For VMs that need external access
• VMs that need Gateway services
( F/W, NAT, LB)
Secure access
• IPSec VPN
• Secure site-to-site VPN
• Data Center Extension
• SSLVPN
• Private line connectivity
• Dedicated/private connection
• Ideal for regulated apps
Isolated networks – internal access only
VPN
F/W
NAT
LB
DHCP
Routed
networks
Internet
Private
connection
Secure
VPN
vCHS
26. 26
vCloud Networking and Security – Components
Edge Gateway: F/W, IPAM,
routing
VXLAN:
Foundation for elastic
portable virtual datacenters
Third party appliance:
Virtual appliance of choice
Bring your own appliance
and policies
Threat mitigation: Third
party AV, traffic analysis and
threat mitigation appliances
AV
Edge Gateway
Isolated networks
IPSec: Data in transit
encryption
Gateway Networks
F/W
27. 27
User Level Rights and Security
Role Rights Cannot do Ideal for
Account
Administrator
Can add/edit users
and user rights
VDC resource
management,
Network mgmt etc.
Account
management
Virtualization
Infrastructure
Administrator
Create VDCs
Add/edit compute
and storage
resources
Cannot create users,
manage networking
VI admin
App admin
Network
Administrator
Create networks
Add gateways
Add gateway
services
User management,
VDC resource
management
Network admin
Read-only
Administrator
Read only rights for
all setups/configs
Any adds/edits Supervisor
Subscription
Administrator
Access to
myVmware.
Purchase resources,
file support tickets
No vCloud Hybrid
Service management
rights
For all personnel with
purchasing rights
and/or support needs
30. 30
Corporate SSO: Bring Your Own SAML IDP
Dedicated
Location 1
Servers
Dedicated
Location 2
Servers
VPC
Tier 1 Services
Remote office
vCHS Cloud
Customer Portal
Setup SAML/IDP1
VPC Access Request2
Company
A
31. 31
Summary
You will leave with:
An understanding of the vCloud Hybrid Service networking building blocks
A strong networking foundation for building a Hybrid Cloud
The Security concepts you need to be successful
Key Takeaways
• Same stuff you know – vSphere, VXLAN, vCNS, vCD
• Seemless integration – vCloud Connector
• Security you know and understand – RBAC
• Just another datacenter
32. 32
Call to Action/Resources
Keep up with the latest on vCloud Hybrid Service
• Facebook - https://www.facebook.com/vmwarevcloud
• Blog - http://blogs.vmware.com/vcloud/
• Twitter - @vcloud
1
Call to Action
Get more information about the service: http://vcloud.vmware.com
Hands on Labs
HOL HBD 1301 vCloud Hybrid Service – Jumpstart for vSphere Admins
HOL HBD 1302 vCloud Hybrid Service – Networking and Security
HOL HBD 1303 vCloud Hybrid Service – Manage Your Cloud
Breakout Sessions – PHCxxxx
vCloud Hybrid Service Jumpstart Series
PHC1001-Group Discussion- vCHS Networking with Greg Herzog
2
36. vCloud Hybrid Service Jump Start Part Two of Five:
vCloud Hybrid Service:
Networking and Security Basics
Ninad Desai, VMware
Greg Herzog, VMware
PHC5409
#PHC5409