OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
Building and packaging OS Images with KVM, qemu-img and podman and deploying them onto Kubernetes and KubeVirt with OpenShift Virtualization
Build and create images using Hashicorp Packer and Kickstart - create layered images for multiple cloud providers.
NGINX Ingress Controller for KubernetesNGINX, Inc.
Presentation by Michael Pleshakov from NGINX to GDG Cloud Düsseldorf Meetup group on using NGINX as an Ingress Controller for Kubernetes. This presentation is for Kubernetes users, looking to deliver applications on Kubernetes in production. You will learn how to:
- install the Ingress Controller through Kubernetes manifests or Helm;
- configure the Ingress Controller to load balance HTTP and TCP/UDP applications;
- monitor the Ingress Controller using Prometheus;
- troubleshoot the Ingress Controller in case of problems;
- extend the Ingress Controller to support advanced load balancing requirements.
How to tune IBMs Garbage Collector (GC), particularly for Generational GC.
This was presented at the WebShphere User Group, UK in February 2011.
You can read the article here:
http://www.ibm.com/developerworks/websphere/techjournal/1106_bailey/1106_bailey.html
Deploying MariaDB databases with containers at Nokia NetworksMariaDB plc
Nokia is focused on providing software and products that facilitate rapid development, deployment and scaling of products and services to customers. The Common Software Foundation (CSF) within Nokia develops and supports product reuse by multiple applications within Nokia, including MariaDB. Their focus over the last year has been to develop a containerized MariaDB solution supporting multiple architectures, including both clustering and primary/secondary replication with MariaDB MaxScale. In this talk, Rick Lane discusses this journey of these containerized solutions from development to customer trials, including problems encountered and solutions.
네트워크 엔지니어에게 왜 쿠버네티스가 필요한지 설명하는 내용입니다.
영상은 아래의 링크에서 제공됩니다. https://www.inflearn.com/course/%EC%BF%A0%EB%B2%84%EB%84%A4%ED%8B%B0%EC%8A%A4-%EC%89%BD%EA%B2%8C%EC%8B%9C%EC%9E%91/lecture/97562
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
Building and packaging OS Images with KVM, qemu-img and podman and deploying them onto Kubernetes and KubeVirt with OpenShift Virtualization
Build and create images using Hashicorp Packer and Kickstart - create layered images for multiple cloud providers.
NGINX Ingress Controller for KubernetesNGINX, Inc.
Presentation by Michael Pleshakov from NGINX to GDG Cloud Düsseldorf Meetup group on using NGINX as an Ingress Controller for Kubernetes. This presentation is for Kubernetes users, looking to deliver applications on Kubernetes in production. You will learn how to:
- install the Ingress Controller through Kubernetes manifests or Helm;
- configure the Ingress Controller to load balance HTTP and TCP/UDP applications;
- monitor the Ingress Controller using Prometheus;
- troubleshoot the Ingress Controller in case of problems;
- extend the Ingress Controller to support advanced load balancing requirements.
How to tune IBMs Garbage Collector (GC), particularly for Generational GC.
This was presented at the WebShphere User Group, UK in February 2011.
You can read the article here:
http://www.ibm.com/developerworks/websphere/techjournal/1106_bailey/1106_bailey.html
Deploying MariaDB databases with containers at Nokia NetworksMariaDB plc
Nokia is focused on providing software and products that facilitate rapid development, deployment and scaling of products and services to customers. The Common Software Foundation (CSF) within Nokia develops and supports product reuse by multiple applications within Nokia, including MariaDB. Their focus over the last year has been to develop a containerized MariaDB solution supporting multiple architectures, including both clustering and primary/secondary replication with MariaDB MaxScale. In this talk, Rick Lane discusses this journey of these containerized solutions from development to customer trials, including problems encountered and solutions.
네트워크 엔지니어에게 왜 쿠버네티스가 필요한지 설명하는 내용입니다.
영상은 아래의 링크에서 제공됩니다. https://www.inflearn.com/course/%EC%BF%A0%EB%B2%84%EB%84%A4%ED%8B%B0%EC%8A%A4-%EC%89%BD%EA%B2%8C%EC%8B%9C%EC%9E%91/lecture/97562
"Clone detection in Python": Slides presented at EuroPython 2012
Clone Detection in Python highlights the topic of code duplication detection using Machine Learning techniques.
Some examples on Python code duplications and C-Python implementation duplications are reported as well.
Web Development with Delphi and React - ITDevCon 2016Marco Breveglieri
React is the library created by Facebook to manage user interfaces inside the famous social network. In this talk we'll se how you can develop Web applications with a highly dynamic and performing UI connected to a Web API provided by a Delphi backend.
In this talk we will discuss how to build and run containers without root privileges. As part of the discussion, we will introduce new programs like fuse-overlayfs and slirp4netns and explain how it is possible to do this using user namespaces. fuse-overlayfs allows to use the same storage model as "root" containers and use layered images. slirp4netns emulates a TCP/IP stack in userland and allows to use a network namespace from a container and let it access the outside world (with some limitations).
We will also introduce Usernetes, and how to run Kubernetes in an unprivileged user namespace
https://sched.co/Jcgg
What Is Docker? | What Is Docker And How It Works? | Docker Tutorial For Begi...Simplilearn
This presentation on Docker will help you understand DevOps tools, why Docker is needed, Docker vs Virtual Machine, what is Docker, how does a Docker work and components of Docker. Docker is a tool which is used to automate the deployment of the application in lightweight containers so that applications can work efficiently in different environments. A container is a software package that consists of all the dependencies required to run an application. Until now we have been running applications on virtual machines. Every virtual machine used to be the base of our application but now with the advent of Docker and containerization technologies, each application is run in a container like logical space. Now, let us get started and learn what exactly is Docker.
Below topics are explained in this Docker presentation:
1. DevOps and its tools
2. What is Docker?
3. How does Docker work?
4. What are the components of Docker?
Simplilearn's DevOps Certification Training Course will prepare you for a career in DevOps, the fast-growing field that bridges the gap between software developers and operations. You’ll become an expert in the principles of continuous development and deployment, automation of configuration management, inter-team collaboration and IT service agility, using modern DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios. DevOps jobs are highly paid and in great demand, so start on your path today.
Why learn DevOps?
Simplilearn’s DevOps training course is designed to help you become a DevOps practitioner and apply the latest in DevOps methodology to automate your software development lifecycle right out of the class. You will master configuration management; continuous integration deployment, delivery and monitoring using DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios in a practical, hands-on and interactive approach. The DevOps training course focuses heavily on the use of Docker containers, a technology that is revolutionizing the way apps are deployed in the cloud today and is a critical skillset to master in the cloud age.
Who should take this course?
DevOps career opportunities are thriving worldwide. DevOps was featured as one of the 11 best jobs in America for 2017, according to CBS News, and data from Payscale.com shows that DevOps Managers earn as much as $122,234 per year, with DevOps engineers making as much as $151,461. DevOps jobs are the third-highest tech role ranked by employer demand on Indeed.com but have the second-highest talent deficit.
1. This DevOps training course will be of benefit for the following professional roles:
2. Software Developers
3. Technical Project Managers
4. Architects
5. Operations Support
6. Deployment engineers
7. IT managers
8. Development managers
Learn more at: https://www.simplilearn.com/
"Clone detection in Python": Slides presented at EuroPython 2012
Clone Detection in Python highlights the topic of code duplication detection using Machine Learning techniques.
Some examples on Python code duplications and C-Python implementation duplications are reported as well.
Web Development with Delphi and React - ITDevCon 2016Marco Breveglieri
React is the library created by Facebook to manage user interfaces inside the famous social network. In this talk we'll se how you can develop Web applications with a highly dynamic and performing UI connected to a Web API provided by a Delphi backend.
In this talk we will discuss how to build and run containers without root privileges. As part of the discussion, we will introduce new programs like fuse-overlayfs and slirp4netns and explain how it is possible to do this using user namespaces. fuse-overlayfs allows to use the same storage model as "root" containers and use layered images. slirp4netns emulates a TCP/IP stack in userland and allows to use a network namespace from a container and let it access the outside world (with some limitations).
We will also introduce Usernetes, and how to run Kubernetes in an unprivileged user namespace
https://sched.co/Jcgg
What Is Docker? | What Is Docker And How It Works? | Docker Tutorial For Begi...Simplilearn
This presentation on Docker will help you understand DevOps tools, why Docker is needed, Docker vs Virtual Machine, what is Docker, how does a Docker work and components of Docker. Docker is a tool which is used to automate the deployment of the application in lightweight containers so that applications can work efficiently in different environments. A container is a software package that consists of all the dependencies required to run an application. Until now we have been running applications on virtual machines. Every virtual machine used to be the base of our application but now with the advent of Docker and containerization technologies, each application is run in a container like logical space. Now, let us get started and learn what exactly is Docker.
Below topics are explained in this Docker presentation:
1. DevOps and its tools
2. What is Docker?
3. How does Docker work?
4. What are the components of Docker?
Simplilearn's DevOps Certification Training Course will prepare you for a career in DevOps, the fast-growing field that bridges the gap between software developers and operations. You’ll become an expert in the principles of continuous development and deployment, automation of configuration management, inter-team collaboration and IT service agility, using modern DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios. DevOps jobs are highly paid and in great demand, so start on your path today.
Why learn DevOps?
Simplilearn’s DevOps training course is designed to help you become a DevOps practitioner and apply the latest in DevOps methodology to automate your software development lifecycle right out of the class. You will master configuration management; continuous integration deployment, delivery and monitoring using DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios in a practical, hands-on and interactive approach. The DevOps training course focuses heavily on the use of Docker containers, a technology that is revolutionizing the way apps are deployed in the cloud today and is a critical skillset to master in the cloud age.
Who should take this course?
DevOps career opportunities are thriving worldwide. DevOps was featured as one of the 11 best jobs in America for 2017, according to CBS News, and data from Payscale.com shows that DevOps Managers earn as much as $122,234 per year, with DevOps engineers making as much as $151,461. DevOps jobs are the third-highest tech role ranked by employer demand on Indeed.com but have the second-highest talent deficit.
1. This DevOps training course will be of benefit for the following professional roles:
2. Software Developers
3. Technical Project Managers
4. Architects
5. Operations Support
6. Deployment engineers
7. IT managers
8. Development managers
Learn more at: https://www.simplilearn.com/
【DLゼミ】XFeat: Accelerated Features for Lightweight Image Matchingharmonylab
公開URL:https://arxiv.org/pdf/2404.19174
出典:Guilherme Potje, Felipe Cadar, Andre Araujo, Renato Martins, Erickson R. ascimento: XFeat: Accelerated Features for Lightweight Image Matching, Proceedings of the 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2023)
概要:リソース効率に優れた特徴点マッチングのための軽量なアーキテクチャ「XFeat(Accelerated Features)」を提案します。手法は、局所的な特徴点の検出、抽出、マッチングのための畳み込みニューラルネットワークの基本的な設計を再検討します。特に、リソースが限られたデバイス向けに迅速かつ堅牢なアルゴリズムが必要とされるため、解像度を可能な限り高く保ちながら、ネットワークのチャネル数を制限します。さらに、スパース下でのマッチングを選択できる設計となっており、ナビゲーションやARなどのアプリケーションに適しています。XFeatは、高速かつ同等以上の精度を実現し、一般的なラップトップのCPU上でリアルタイムで動作します。
セル生産方式におけるロボットの活用には様々な問題があるが,その一つとして 3 体以上の物体の組み立てが挙げられる.一般に,複数物体を同時に組み立てる際は,対象の部品をそれぞれロボットアームまたは治具でそれぞれ独立に保持することで組み立てを遂行すると考えられる.ただし,この方法ではロボットアームや治具を部品数と同じ数だけ必要とし,部品数が多いほどコスト面や設置スペースの関係で無駄が多くなる.この課題に対して音𣷓らは組み立て対象物に働く接触力等の解析により,治具等で固定されていない対象物が組み立て作業中に運動しにくい状態となる条件を求めた.すなわち,環境中の非把持対象物のロバスト性を考慮して,組み立て作業条件を検討している.本研究ではこの方策に基づいて,複数物体の組み立て作業を単腕マニピュレータで実行することを目的とする.このとき,対象物のロバスト性を考慮することで,仮組状態の複数物体を同時に扱う手法を提案する.作業対象としてパイプジョイントの組み立てを挙げ,簡易な道具を用いることで単腕マニピュレータで複数物体を同時に把持できることを示す.さらに,作業成功率の向上のために RGB-D カメラを用いた物体の位置検出に基づくロボット制御及び動作計画を実装する.
This paper discusses assembly operations using a single manipulator and a parallel gripper to simultaneously
grasp multiple objects and hold the group of temporarily assembled objects. Multiple robots and jigs generally operate
assembly tasks by constraining the target objects mechanically or geometrically to prevent them from moving. It is
necessary to analyze the physical interaction between the objects for such constraints to achieve the tasks with a single
gripper. In this paper, we focus on assembling pipe joints as an example and discuss constraining the motion of the
objects. Our demonstration shows that a simple tool can facilitate holding multiple objects with a single gripper.
16. Windows performance tuning information:
http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv-R2.mspx
- DefaultNumberOfWorkerThreads = 256
• Internal testing shows ~35% improvement in IOPS and response time in
Windows Server 2012 R2 compared to Windows Server 2008 R2
0
1
2
3
4
5
6
2,000 4,000 6,000 8,000 10,000 12,000 14,000
Response Time (ms) Comparison
WS2012 / R2 (Non-Tuned) WS2008R2 (Tuned) WS2008R2 (Non-Tuned)
12,019
16,462
WS2008R2 WS2012 / R2
IOPS Comparison
IOPS
17. Component NFSv3 NFSv4.1
State Model Stateless Stateful (lease based/recallable)
Semantics POSIX POSIX and Windows
Security Weak (AUTH_UNIX) Strong (krb5, krb5i, krb5p)
Permission Model POSIX (Unix style) Windows style ACL’s
File Names ASCII (mostly) UTF-8
File System Model Single File System pNFS, Pseudo FS
Ports Multiple (NLM, NSM, MOUNT) Single (2049)
RPC Single RPC per request Compound RPC’s
Locking Separate NLM protocol Lease-based locking in the same protocol
Exports Separate for every mount point Can be mounted together as part of
pseudo file system
18. • RFC 5661 Features (NFSv4.1) の中で実装されていない機能
× ACL support
× Delegations
× Migration & Replication
× pNFS (Parallel NFS)
× RDMA support
× Other optional aspects of RFC 5661
• NFSでサポートされていない Windows File Systems の機能
× ReFS
× CSVFS
× FAT
× FAT32
× CDFS
19. VM IO halted for
seconds
VM IO halted for
seconds
NFS v3 – VMware ESX
• Clustered NFS v3 server with NFS share.
• Multiple VMs running off the NFS share.
• File bench workload running inside VM.
• Planned failover
Achieved Goal: Slight brown-out, VM continues to run.
• Ease of deployment, management, performance, high
availability for NFS shares
• NFSv3 transparent failovers for VMware workloads
• VMware official compatibility tests performed by OEM
vendors
• Internal testing :
• VMware storage certification passed in WS2012 with no tuning
• Failover achieved within VMware’s best practice of 120s timeout (ESX
Server)
• http://www.vmware.com/files/pdf/VMware_NFS_BestPractices_WP_EN.pdf
20. Windows NFS Server 2012 Interoperability with
NFS Clients
• Major Industry NFS Clients (Released & Beta)
• Fedora16/17
• RHEL6.2
• SUSE11.3
• CentOS5.5
• Ubuntu10.10
• FreeBSD8.1
• OpenSolaris10
• Solaris11
• University of Michigan
• OSX10.6.5
• ESX4/5
Windows NFS Client Interoperability
with NFS servers
• Major Industry NFS Servers (Released &
Beta)
• Fedora16/17
• RHEL6.2
• SUSE11.3
• Solaris10/11
• ONTAP8.0.1 (NetApp)
• NOTE: NFSv4.1 client for Windows can be
downloaded from CITI (University of
Michigan)
22. NIC チーミング(最大 32 NIC/Team)を OS 標準でサポート
• スイッチ依存(Static or LACP)/ 非依存
• ネットワークフォールトトレランス
SMB 3.0 マルチチャネル with RSS
• SMB スループット向上
• 1 NIC あたり 4 TCP/IP Connection
• 1セッションあたり 32 Connection
NIC
NIC
RSS: Receive-side scaling
NIC
NIC
Remote Direct Memory Access)
NICNIC
RSS
RSS
RSS
RSS
RSS
RSS
SMBMulti.
NIC Teaming
NICNIC RSSRSS
NIC Teaming
SWITCH
SMBMulti.
23. SMB 3.0 マルチチャネルを使用するための条件
必要条件
• Windows Server 2012 または Windows 8 が動作していること
• 少なくとも以下の1つの構成が有効であること
• 複数のネットワークアダプターが有効であること
• 少なくとも1つのネットワークアダプターが RSS (Receive Side Scaling) をサポート
• 少なくとも1つのネットワークアダプターが NIC チーミング構成であること
• 少なくとも1つのネットワークアダプターが RDMA (Remote Direct Memory Access) を
サポートしていること
SMB マルチチャネルが使用できない構成
• 1枚の RSS 非対応ネットワークアダプターしか実装していない
• スピードの異なるネットワークアダプター
インストール手順
• 必要なし
• Windows Server 2012 と Windows 8 で自動的に有効になる
• Windows PowerShell を使用して有効/無効を切り替えられる
29. SMB セッション の規定値
NIC インターフェースあたりのコネクション
• RSS NIC :4 TCP/IP コネクション
• RDMA NIC :2 RDMA コネクション
• その他のNIC :1 TCP/IP コネクション
クライアント―サーバー間のコネクション数は最大 32(セッション数は1)
Microsoft recommends keeping default settings, but the parameters can be modified
42. 急激なストレージの増加
Source: IDC Worldwide File-Based Storage 2011-2015 Forecast:
Foundation Solutions for Content Delivery, Archiving and Big Data, doc #231910, December
2011
増加し続けるストレージの使用量と対策
• データ重複除去
ファイルの重複を削減しつつ、従来通りのアクセスを提
供
従来
• シングルインスタンスストレージ
ハード ディスク ボリュームにある重複したファイルを管
理するファイル システム フィルタ。このフィルタによ
り、ファイルの 1 つのインスタンスを中央のフォルダに
コピーし、重複したファイルは中央のファイルへのリン
クに置き換えることにより、ディスクを節約する。
• NTFS データ圧縮
Windows Server 2012/R2
43. チャンクストア
重複除去のアーキテクチャ
File1
Metadata
ファイル名
属性…
Data
A B C M N
File2
Metadata Data
A B C X Y
Deduplicate Filter
File1
Metadata
A B C M N
File2
Metadata
X Y
重複除去のためのフィルターにより、ファイルはチャンクと呼ばれる単位(32~128kb)に分割され、System
Volume Information Store 内のチャンクストアに圧縮されて格納される。異なるファイルの同一チャンクは除去
されるため、容量を大幅に削減することができる。
リパース
ポイント
リパース
ポイント
ファイル名
属性…
ファイル名
属性…
ファイル名
属性…
スパース
スパース
チャンク ストリーム
マッピング情報
チャンク ストリーム
マッピング情報
-- -- ・・・・・・・
44. 容量の節約率
0% 20% 40% 60% 80% 100%
User Home Folder (MyDocs)
General File Share
Software Deployment Share
VHD Library
Savings %
Source: Sample File Server Production data (12 Servers, 7TB)
48. Windows PowerShell からの管理
さまざまな場面で、SMI-S にアクセスするための PowerShell コマンドレットを使用できるため、管
理の自動化が容易に可能
PS C:¥> Get-Command *storage*
CommandType Name ModuleName
----------- ---- ----------
Function Get-StorageJob Storage
Function Get-StoragePool Storage
Function Get-StorageProvider Storage
Function Get-StorageReliabilityCounter Storage
Function Get-StorageSetting Storage
Function Get-StorageSubSystem Storage
Function New-StoragePool Storage
Function New-StorageSubsystemVirtualDisk Storage
Function Remove-StoragePool Storage
Function Reset-StorageReliabilityCounter Storage
Function Set-StoragePool Storage
Function Set-StorageSetting Storage
Function Set-StorageSubSystem Storage
Function Update-HostStorageCache Storage
Function Update-StorageProviderCache Storage
Cmdlet Add-VMStoragePath Hyper-V
Cmdlet Get-VMStoragePath Hyper-V
Cmdlet Move-VMStorage Hyper-V
Cmdlet Remove-VMStoragePath Hyper-V
Management
Application
Storage
PowerShell or WMI
(SMAPI)
SM Provider
SMI-S
55. ¥¥ServerName¥Share
Node1 A 10.0.0.1
Node2 A 10.0.0.2
Node3 A 10.0.0.3
Node4 A 10.0.0.4
HAFileServer A 10.0.0.1
HAFileServer A 10.0.0.2
HAFileServer A 10.0.0.3
HAFileServer A 10.0.0.4
DNS
iSCSI/SAN
※iSCSI のNICチーミングは現時点で未サポート
56. ❶
❷
Node1 A 10.0.0.1
Node2 A 10.0.0.2
HAFileServer A 10.0.0.1
HAFileServer A 10.0.0.2
DNS
❸
❹
❺
SMB3.0
❿
① クライアントはDNSを使用してDNNを名前解決(ここ
ではNode1とする)
② SMBクライアントはNode1に対して接続要求する
③ Node1は接続を受け入れる
④ ClientはWitnessを決定するために、Nodeの一覧を要求
⑤ Node1からNode一覧が送付される
⑥ Node一覧から選定したNode2に、Witnessを依頼し、自
分自身を登録
⑦ Node2 が了解し、Client を登録する
⑧ Node2 が Client の Witness Node となる
⑨ Node1がダウン
⑩ Node2 は SMB3.0 を通じて Node1のダウンを検出
⑪ Client にNode1のダウンを通知し、通信先の切り替えを
要求(この処理によってTCPコネクションエラーが発生
するまえに接続先を切り替えられる)
❻ ❼ ⓫ ⓬
59. Technology 汎用ファイルサーバー Scale-Out File Server
SMB capability: SMB Transparent Failover Yes Yes
SMB capability: SMB Scale Out No Yes
SMB capability: SMB Multichannel Yes Yes
SMB capability: SMB Direct Yes Yes
SMB capability: SMB Encryption Yes Yes
File system: NTFS file system Yes No
File system: Resilient File System (ReFS) Yes No
File system: CSV File System (CSVFS) No Yes
Data management: BranchCache Yes No
Data management: Data Deduplication Yes Yes
Warning:In Windows Server 2012 R2, Data Deduplication is only supported in a Scale-Out File Server deployment for Virtual Desktop Infrastructure (VDI)
workloads with separate storage and compute nodes. The storage must be remote.
Data management: DFS Namespaces – Namespace Server Yes No
Data management: DFS Namespaces – Folder Target Yes Yes
Data management: DFS Replication Yes No
Data management: File Server Resource Manager Yes No
Data management: File Classification Infrastructure Yes No
Data management: File Server Volume Shadow Copy (VSS) Agent Yes Yes
Data management: Folder Redirection Yes Yes
Data management: Client Side Caching Yes Yes
Workload: Information worker Yes Not recommended
Workload: Hyper-V Yes Yes
Workload: Microsoft SQL Server Yes Yes
http://technet.microsoft.com/en-us/library/hh831349.aspx
61. 仮想マシン 仮想マシン
Windows Server 2008
Hyper-V
ホスト
Hyper-V
ホスト
ゲスト OS
アプリ
共有ストレージ
(LUN)
ゲスト OS
アプリ
仮想マシン 仮想マシン
Windows Server 2012
Hyper-V
ホスト
Hyper-V
ホスト
ゲスト OS
アプリ
共有ストレージ
(LUN)
ゲスト OS
アプリ
仮想FC 仮想FC
仮想SAN SW
FC-HBA
仮想SAN SW
FC-HBA
FC
SANSAN
68. • AD DS 側で属性リストを集中管理し、グループポリシーとして配布可能
※FSRM 側は Windows Server 2012 または Windows 8
ファイルサーバー
+ ファイルサーバーリソースマネージャー
(Windows Server 2012 or Windows 8)
AD DS Fsrm protocol
74. Resource
ACL
ACE
ACE
ACE ドメイン ローカル
グループ
Read Only
ACE
A :Account
G : Global Group
DL : Domain Local Group
P : Permission
グローバル
グループ
“アクセス権”に
合わせて作成さ
れたグループ
グローバル
グループ
組織や役割ごと
のグループ
ユーザー
84. DAC においては
• クレーム = 「分類属性」として定義
• トークン = Kerberos チケットとして AD DS から発行される
AD DS
①ログオン
②属性情報を含んだ
Kerberos チケット
チケットとクレームを
照合
Windows
Server 2012/8 必須
※属性を受信して解
析する機能が必要
ユーザー
on Windows 8
Name = Junichi Anno
Company = MSKK
Windows Server 2012 必須
※Kerberosに属性を含める機構が必要
ファイルサーバー
③ アクセス
RFC2113 に対応
した AD DS
89. • Windows Server 2012 Active Directory に実装
• PAC にユーザークレームを格納することができるようになる
Whoami /claims
90.
91. Windows 7 以前のクライアントの場合、属性が格納された Kerberos チケットを要求することが
できないため、ファイルサーバーがAD DSから属性情報を受け取る
AD DS
①ログオン
② 従来の Kerberos チケット
チケットとクレームを
照合
Windows
Server 2012/8 必須
※属性を受信して解
析する機能が必要
ユーザー
on Pre-Windows 8
属性は含まれない
Windows Server 2003 以上のドメインレベル
※Service-for-User-to-Self(S4U2Self)機構が必要
ファイルサーバー
⑤属性情報を含んだ
Kerberos チケット
③ Kerberosチケット送信
104. Web
Application
Proxy AD DS
Start
File Server
https://workfolders.contoso.com/
https
User01
User02
User03
HOME
User01
WorkFolder
AD FS
事前認証
• Web Application Proxy を経由し、AD FS で認証/認可が可能
• Workplace Joinと併用することで、デバイス認証も可能
105. • ファイル サーバー リソース マネージャ(FSRM)
• 自動分類、スクリーニング
• Rights Management Service(RMS)
• 暗号化、アクセス権限設定
• ダイナミック アクセス 制御(DAC)
File Server 重要データ保管庫
重要
Data
FSRM
個人
情報
重要
Data
参照
期限
印刷
禁止
コピペ
禁止
保存
禁止
暗号化
RMS
重要
Data
読み
取り
暗号化
分類
機密
Data
スクリーニング
109. 社内データセンター
VPN
Site to Site
VPN
Point to Site
VPN Gateway
After ③ ファイルサーバーへのアクセシビリティ Part2
VPN VPN VPN
最大250台
東京大阪
Point to Site
VPN Gateway
VPN VPN VPN
最大250台
ブランチ
キャッシュ
VPN
Gateway
VPN
Gateway
110. 社内データセンター
VPN
Site to Site
VPN
Point to Site
VPN Gateway
After ④ ファイルサーバーの安全性を高めるならば
VPN VPN VPN
最大250台
メイン
ファイルサーバー
重要なデータを自
動的に移動
(DAC、
Classification)
VPN
Gateway
111. Tools Online Backup
(Application consistent with no
downtime)
Backup
destination
Backup System
State
Backup
File/Folder
WSB Yes Inside OS Yes Yes
WAB Yes Blob Store No Yes
Copy Blob No Blob Store As a whole VHD.