Secure application deployment in Apache CloudStack

•Transferir como PPTX, PDF•

3 gostaram•1,294 visualizações

At the Apache CloudStack Collaboration Conference in Montreal, I presented a potential pathway to secure template management in CloudStack. Under this model, cloud providers can assess the templates their users have and potentially advise if deployed instances have application security issues which have either public disclosures, or better still remediation.

Tecnologia

#whoami – Tim Mackey
• Current roles: Senior Technical Evangelist; Occasional coder
• Previously XenServer Community Manager
• Cool things I’ve done
• Designed laser communication systems
• Early designer of retail self-checkout machines
• Embedded special relativity algorithms into industrial control system
• Find me
• Twitter: @TimInTech
• SlideShare: slideshare.net/TimMackey
• LinkedIn: www.linkedin.com/in/mackeytim

Security reality
No solution is perfect.
Defense in depth
matters.

Attacks are big business
In 2015,
89% of data breaches had a
financial or espionage motive
Source: Verizon 2016 Data Breach Report

EASY ACCESS TO SOURCE CODE
Open source ubiquity makes it an easy target
OPEN SOURCE ISN’T
MORE OR LESS
SECURE THAN
CLOSED SOURCE –
ITS JUST EASIER TO
ACCESS
VULNERABILITIES ARE PUBLICIZED
EXPLOITS ARE PUBLISHED

Anatomy of a new attack
Potential Attack
Iterate
Test against platforms
Document
Don’t forget PR department
Deploy

DELIVERED CODE
OPEN SOURCE CODE
SUPPLY CHAIN CODE
LEGACY CODE
REUSED CODE/CONTAINERS
COMMERCIAL CODE
INTERNALLY DEVELOPED CODE
OUTSOURCED CODE
How open source enters a code base

CLOSED SOURCE COMMERCIAL
CODE
DEDICATED SECURITY RESEARCHERS
ALERTING AND NOTIFICATION INFRASTRUCTURE
REGULAR PATCH UPDATES
DEDICATED SUPPORT TEAM WITH SLA
OPEN SOURCE CODE
“COMMUNITY”-BASED CODE ANALYSIS
MONITOR NEWSFEEDS YOURSELF
NO STANDARD PATCHING MECHANISM
ULTIMATELY, YOU ARE RESPONSIBLE
Who is responsible for code and security?

TRUST BUILD FILES, MANIFESTS, PACKAGE MANAGERS,
FILE NAMES
EVIDENCE-BASED IDENTIFICATION OF OPEN SOURCE BY
SCANNING FILES IN CONTEXT
Without evidence, nothing else matters
Are packages complete? Determine package context

0
500
1000
1500
2000
2500
3000
3500
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Open Source Vulnerabilities Reported Per Year
BDS-exclusive nvd
Reference: Black Duck Software Knowledgebase, NVD
INCREASING NUMBER OF OSS VULNERABILITIES

Automated tools miss most open source vulnerabilities
Static & Dynamic Analysis
Only discover common vulnerabilities
3,000+ disclosed in 2014
Less than 1% found by automated tools
Undiscovered vulnerabilities are
too complex and nuanced
All possible security
vulnerabilities

What do these all have in common?
Heartbleed Shellshock GhostFreak Venom
Since:
Discovered:
2011
2014
1989
2014
1990’s
2015
2000
2015
2004
2015
Discovered by:
Component: OpenSSL
Riku, Antti,
Matti, Mehta
Bash
Chazelas
OpenSSL
Beurdouche
GNU C library
Qualys researchers
QEMU
Geffner

Integrating into tools and processes
DEVELOP SCM BUILD PACKAGE DEPLOY PRODUCTION
BUG TRACKING
REMEDIATE AND TRACK
LICENSE COMPLIANCE AND
SECURITY VULNERABILITIES
FULL APP SEC VISIBILITY
VIA IBM APPSCAN
INTEGRATION
BUILD / CI SERVER
SCAN APPLICATIONS
WITH EACH BUILD VIA CI
INTEGRATION
DELIVERY PIPELINE
SCAN APPLICATIONS
AND CONTAINERS
BEFORE DELIVERY
CONTINUOUS
MONITORING OF
VULNERABILITIES

A solution should include these
components
Choose Open
Source
Proactively choose
secure, supported
open source
SELECT
Inventory
Open Source
Map Existing
Vulnerabilities
Maintain accurate list of
open source
components throughout
the SDL
Identify vulns during
development
VERIFY
Track New
Vulnerabilities
Alert new vulns in
production apps
MONITORREMEDIATE
Fix
Vulnerabilities
Tell developers
how to remediate

We need your help
Knowledge is power
• Know what’s running and why
• Define proactive vulnerability response process
• Don’t let technology hype cycle dictate security
Invest in defense in depth models
• Don’t rely on perimeter security to do heavy lifting
• Do look at hypervisor & container trends in security
• Make developers and ops teams part of the solution
• Do embed security into deployment process
Together we can build a more secure data center

Secure application deployment in Apache CloudStack

Mais conteúdo relacionado

Mais procurados

Application Security in the Age of Open Source

Black Duck by Synopsys

As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

Secure Application Development in the Age of Continuous Delivery

Black Duck by Synopsys

Myths and Misperceptions of Open Source Security

Black Duck by Synopsys

Watch on-demand now: https://securityintelligence.com/events/application-security-protection-world-of-devops/ How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Development teams are aware of the shifting security challenges they face. However, they're by no means security experts, nor do they have spare time on their hands to learn new tools. What can development teams do to keep pace with rapidly-evolving application security threats? The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks. In this session, you will learn: - New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments. - Best practices for designing and incorporating an automated approach to application security into your existing development environment. - Future development and application security challenges organizations will face and what they can do to prepare.

Empowering Application Security Protection in the World of DevOps

IBM Security

September 13, 2016: Security in the Age of Open Source:

Black Duck by Synopsys

Black Duck & IBM Present: Application Security in the Age of Open Source

Black Duck by Synopsys

This SlideShare will help you understand the shifting open source landscape and why open source security management is becoming more critical. You’ll also understand the high-level capabilities of the Black Duck Hub. You’ll also learn how, in just a few minutes, you can use your existing Protex Bill of Materials to uncover known open source security vulnerabilities lurking in your projects, how to monitor for newly discovered vulnerabilities, and how to take steps to remediate your open source vulnerability risk. Then you’ll be ready to get started by learning more about the integration in Black Duck Academy and using these tools on your own projects.

FROM OPEN SOURCE COMPLIANCE TO SECURITY

Black Duck by Synopsys

In this session, we'll start with the basics of application security for an environment where development teams are able to push code into production at will. We quickly cover the basics and move on to the advanced topics of tests and models for long-term application security. We'll cover real-world Black Duck CI examples including keeping apps up-to-date in Pivotal Cloud Foundry environments, and end with tips for advocating for long-term security structures.

Shift Risk Left: Security Considerations When Migrating Apps to the Cloud

Black Duck by Synopsys

Open Source and Cyber Security: Open Source Software's Role in Government Cyb...

Great Wide Open

Open Source Security

Sander Temme

How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps. You’ll learn: -New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments -Best practices for designing and incorporating an automated approach to application security into your existing development environment -Future development and application security challenges organizations will face and what they can do to prepare

Software Security Assurance for DevOps

Black Duck by Synopsys

Demystifying Cloud Security Compliance

Mirantis

Presented at AppSec California 2017. The fact that software development is moving towards agile methodologies and DevOps is a given, the question is: How do you transform processes and tools to get the biggest advantage? Using application security testing as an example, this talk cuts through all the news, research, and standards to define a holistic process for integrating Agile testing and feedback into development teams. The talk describes specific processes, automation techniques, and the smart selection of tools to help organizations produce more secure, OWASP-compliant code and free up development time to focus on features.

Continuous security: Bringing agility to the secure development lifecycle

Rogue Wave Software

Black Duck senior technology evangelist Tim Mackey talks containers this week at DevSecCon and elaborates on his presentation, “When Good Containers Go Bad,” with IT Pro, Cloud Pro and Data Centre News. Black Duck VP of Security Strategy Mike Pittenger shares his thoughts on the biggest security threat we face in 2018. Artifex and Hancom settle their long-running open source licensing dispute, and the hidden costs of open source security. Read all the hottest open source security and cybersecurity news in this week’s Open Source Insight.

Open Source Insight:Container Tech, Data Centre Security & 2018's Biggest Se...

Black Duck by Synopsys

Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption. The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present. In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn: • Why container environments present new application security challenges, including those posed by ever-increasing open source use. • How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities. • Best practices and methodologies for deploying secure containers with trust and confidence.

Contain your risk: Deploy secure containers with trust and confidence

Black Duck by Synopsys

We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application. The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.

Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...

Black Duck by Synopsys

Presented September 15, 2016 by John Steven, CTO, Cigital; Mike Pittenger, VP Security Strategy, Black Duck Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security. Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code. In this webinar by Cigital and Black Duck security experts, you’ll learn: - The current state of application security management within the Software Development Lifecycle (SDLC) - New security considerations organizations face in testing applications that combine open source and in-house written software. - Steps you can take to automate and manage open source security as part of application development

Managing Open Source in Application Security and Software Development Lifecycle

Black Duck by Synopsys

Continuous Automated Red Teaming (CART) - Bikash Barai

AllanGray11

Mais procurados (18)

Application Security in the Age of Open Source

Secure Application Development in the Age of Continuous Delivery

Myths and Misperceptions of Open Source Security

Empowering Application Security Protection in the World of DevOps

September 13, 2016: Security in the Age of Open Source:

Black Duck & IBM Present: Application Security in the Age of Open Source

FROM OPEN SOURCE COMPLIANCE TO SECURITY

Shift Risk Left: Security Considerations When Migrating Apps to the Cloud

Open Source and Cyber Security: Open Source Software's Role in Government Cyb...

Open Source Security

Software Security Assurance for DevOps

Demystifying Cloud Security Compliance

Continuous security: Bringing agility to the secure development lifecycle

Open Source Insight:Container Tech, Data Centre Security & 2018's Biggest Se...

Contain your risk: Deploy secure containers with trust and confidence

Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...

Managing Open Source in Application Security and Software Development Lifecycle

Continuous Automated Red Teaming (CART) - Bikash Barai

Semelhante a Secure application deployment in Apache CloudStack

As presented by Tim Mackey, Senior Technical Evangelist at Black Duck Software, at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious. Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: - How known vulnerabilities can make their way into production deployments - How vulnerability impact is maximized - A methodology for ensuring deployment of vulnerable code can be minimized - A methodology to minimize the potential for vulnerable code to be redistributed

Secure application deployment in the age of continuous delivery

Black Duck by Synopsys

Prevent Getting Hacked by Using a Network Vulnerability Scanner

GFI Software

Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware? Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.

Security O365 Using AI-based Advanced Threat Protection

Bitglass

Realities of Security in the Cloud

Alert Logic

James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers: • The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS. • Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections) • Best practices for how to protect your environment from the latest threats

Journey to the Cloud: Securing Your AWS Applications - April 2015

Alert Logic

As presented at the Bay Area Cyber Security Meetup on January 25th, 2018. Open source development paradigms have become the norm for most software development. This is regardless of whether you're making the next great IoT device, a new container microservice, or desktop application. While open source components are often viewed as free, and definately help solve problems in a scalable way, using them in a secure manner requires an understanding of how open source development really works. In this sesssion, I covered how secure development practices with data center regulations can benefit from an understanding of open source development. Specifically, we looked at fork management, community engagement and patch management. We ended with an open source maturity model.

A question of trust - understanding Open Source risks

Tim Mackey

Realities of Security in the Cloud

Alert Logic

FireEye Use Cases — FireEye Solution Deployment Experience

Valery Yelanin

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.

Scalar Decisions

Question of trust

ssuserd8f6cf1

Key Strategies to Address Rising Application Risk in Your Enterprise

Lumension

FireEye - Breaches are inevitable, but the outcome is not

MarketingArrowECS_CZ

Empowering Application Security Protection in the World of DevOps

Black Duck by Synopsys

Solnet dev secops meetup

pbink

Continuous security testing - sharing responsibility

VodqaBLR

Software Security Assurance for DevOps

Black Duck by Synopsys

Software Security Assurance for Devops

Jerika Phelps

Evan Klein, Blackduck Software: Security in the Age of Open Source. Open source has been embraced by enterprises in the private and public sector. Where software previously was built from scratch, today’s applications can be comprised of more than 80% open source. This session will look at the security implications of the unmanaged use of open source drawing on Black Duck’s empirical research on the use of open source in commercial software. The talk will provide attendees with: • Research results on the use of open source • The security implications of poorly managed open source policies • Why open source needs to be tested differently than custom code • Strategies for addressing these differences, and best practices to mitigate risk

Security in the Age of Open Source

FINOS

Lumension Security - Adjusting our defenses for 2012

Andris Soroka

CSO CXO Series Breakfast

CSO_Presentations

Semelhante a Secure application deployment in Apache CloudStack (20)

Secure application deployment in the age of continuous delivery

Prevent Getting Hacked by Using a Network Vulnerability Scanner

Security O365 Using AI-based Advanced Threat Protection

Realities of Security in the Cloud

Journey to the Cloud: Securing Your AWS Applications - April 2015

A question of trust - understanding Open Source risks

Realities of Security in the Cloud

FireEye Use Cases — FireEye Solution Deployment Experience

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.

Question of trust

Key Strategies to Address Rising Application Risk in Your Enterprise

FireEye - Breaches are inevitable, but the outcome is not

Empowering Application Security Protection in the World of DevOps

Solnet dev secops meetup

Continuous security testing - sharing responsibility

Software Security Assurance for DevOps

Software Security Assurance for Devops

Security in the Age of Open Source

Lumension Security - Adjusting our defenses for 2012

CSO CXO Series Breakfast

Mais de Tim Mackey

As presented via webinar. The Open Source 360 survey is in its 11th year and surveyed over 800 IT professionals about their use of open source components and technologies. In prior years, this survey was known as the Future Of Open Source. Key takeaways include: - Open Source usage is growing within global organizations - Organizations recognize risks of consumption exist - Tooling to keep pace with risks is limited - Contributions to project communities are key to success

Open Source 360 Survey Results

Tim Mackey

The XenServer virtualization platform is used by well over 100,000 organizations to fulfill their IT objectives. Common scenarios include traditional server virtualization such as that found with VMware vSphere, delivery of large scale cloud services via Apache CloudStack or OpenStack, and as a platform for high performance desktop virtualization through XenDesktop. These use cases all have requirements of scale and manageability which imply solid deployments. The content in this deck was presented in workshop form at FOSSETCON in 2015. Much of the information contained will work for any XenServer version, but XenServer 6.5 was covered. The audience was assumed to have some familiarity with virtualization concepts, but no assumptions about XenServer was made. Core concepts covered included; storage design, network design and operations, scalability and failure domains, as well as core features such as virtualized graphics.

XenServer Design Workshop

Tim Mackey

= As presented at the CloudStack Silicon Valley Meetup in September 2015. = XenServer is a virtualization platform which has been deployed in a variety of industries and to support a multitude of workloads. In this session we discuss some of the components which make it valuable not just for traditional server and desktop virtualization, but also within "the cloud". This includes discussion of VM density, network scalability, containers (such as Docker) and GPU virtualization. We end with coverage of how XenServer templates are represented within Apache CloudStack.

XenServer Virtualization In Cloud Environments

Tim Mackey

Apache CloudStack supports multiple hypervisors out of the box, and the obvious question is which hypervisor is best for CloudStack. In this session we cover core CloudStack components such as networking, storage and virtualization functions to present which hypervisor is able to meet a given requirement. The core take-away is that with an understanding of the services to be delivered the correct hypervisor, or hypervisors, can be selected with relative ease. This deck is as delivered at CloudStack Days 2015 in Seattle.

Selecting the correct hypervisor for CloudStack 4.5

Tim Mackey

While creating a cloud such as OpenStack is fairly easy, template management is more challenging. In this session we discuss how systems engineering and tooling can be combined to allow legacy infrastructure and virtual machines to be converted to templates without downtime. These templates can then be deployed within the cloud and users migrated with minimal interruption. This deck is as delivered at CloudOpen 2015 in Seattle.

User Transparent Service Migration to the Cloud

Tim Mackey

As presented at CloudOpen Japan in Tokyo in 2015. Today everyone is talking about clouds, and some are building them, but far fewer are operating successful clouds. In this session we'll examine a variety of paradigm shifts must IT make when moving from a traditional virtualization and management mindset to operating a successful cloud. For most organizations, without careful planning the hype of a cloud solution can quickly overcome its capabilities and existing best practices can combine to create the worst possible cloud scenario -- a cloud which isn't economical to operate, and which is more cumbersome to manage than a traditional virtualization farm. Key topics covered will include; transitioning the operational paradigm, the impact of VM density on operations and network management, and preventing storage cost from outpacing requirements.

CloudOpen Japan - Controlling the cost of your first cloud

Tim Mackey

CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5

Tim Mackey

Today everyone is talking about clouds, and a few are building them, but far fewer are operating successful clouds. In this session we'll examine a variety of paradigm shifts IT makes when moving from a traditional virtualization and management mindset to operating a successful cloud. For most organizations, without careful planning the hype of a cloud solution can quickly overcome its capabilities and pre-existing best practices can combine to create the worst possible cloud scenario -- a cloud which isn't economical to operate, and which is more cumbersome to manage than a traditional virtualization farm. Key topics covered include: - Successful transition of operational and management paradigm - How the VM density of clouds change Ops - What it means to monitor the network in a cloud environment, at hyper-dense virtualization levels - Preventing storage costs from outpacing delivery costs

Taming the cost of your first cloud - CCCEU 2014

Tim Mackey

When adopting IaaS cloud solutions, one of the biggest challenges will be template management. Creating that first template can easily be more challenging that deploying the cloud software itself. In this presentation two options are presented for template creation, using a kickstart file or cloning a running VM with Packer from packer.io as the core framework. This presentation was delivered at CloudStack Days 2015 in Austin Texas. Two demos were given. The first demo used an existing XenServer environment to create a golden master from ISO and kickstart file, then automatically upload it to a CloudStack management server for deployment. The second demo cloned a running VM and created a template which was then uploaded to CloudStack. In the case of the running VM, migration occurred without any user interruption. The VM in question was a CentOS 7 image, and the hypervisor for both source infrastructure and CloudStack compute was XenServer based

Using Packer to Migrate XenServer Infrastructure to CloudStack

Tim Mackey

Hypervisor Selection in Apache CloudStack 4.4

Tim Mackey

OSCON2014: Understanding Hypervisor Selection in Apache CloudStack

Tim Mackey

As presented at the 2014 CloudStack Collaboration Conference in Denver (CCCNA14), this deck covers some of the decision points impacting a successful deployment of CloudStack within your organization. Critical elements such as storage and networking are discussed to create a blueprint which seeks to remove some of the learning curve associated with the transition from data center management to cloud management.

Make your first CloudStack Cloud successful

Tim Mackey

As presented at the 2014 CloudStack Collaboration Conference in Denver (CCCNA14), this deck covers the matrix of functions and features within each supported hypervisor in CloudStack 4.3. This deck forms an excellent reference document for those seeking to provide multi-hypervisor support within their Apache CloudStack based cloud, and for those seeking to determine which feature elements are supported by a given hypervisor.

Decisions behind hypervisor selection in CloudStack 4.3

Tim Mackey

Deploying a successful cloud is a function of the capabilities of both the virtualization layer and the cloud orchestration platform. In this deck, presented at the annual Deep Dive Day hosted by the Boston Virtualization User Group (virtg.com), I covered CloudStack 4.3 and OpenStack Havana. The deck doesn't seek to define a "best" option, but to provide the information data center architects and system administrators require regardless of preference for KVM, XenServer, vSphere or Hyper-V.

Hypervisor Selection in CloudStack and OpenStack

Tim Mackey

Hypervisor Selection in CloudStack and OpenStack

Tim Mackey

Apache CloudStack 4.3 adds support for clouds built using Microsoft Hyper-V, in addition to supporting VMware vSphere, Citrix XenServer, KVM, Oracle VM, Linux Containers and bare metal options. This deck covers the decision points impacting the design of CloudStack 4.3 clouds, and their relationship with hypervisor choices. Presented at Build a Cloud Day co-located with SCaLE 12x in February 2014.

Hypervisor Capabilities in Apache CloudStack 4.3

Tim Mackey

CloudStack is one of many cloud orchestration platforms which can deliver IaaS clouds. One of the key capabilities of CloudStack is its ability to support multiple hypervisors in a CloudStack cloud. So whether your virtualization preference is VMware vSphere, KVM, Citrix XenServer or Linux Containers (LXC), you can build highly scalable clouds. While basic functionality is common across all hypervisors, many features are implemented differently on each. This paper presents the capabilities of CloudStack which can be enabled based on your hypervisor selection

Hypervisor selection in CloudStack

Tim Mackey

So your boss just asked you to build a private cloud. Now what? Successful private clouds require a bit of planning, and your existing best practices may need to be adjusted. This deck covers some of the issues you'll face, or be aware of, as you migrate from an existing data center operation to one which is more "cloud-like". Some things may seem obvious, but there are aspects to network and storage design which impact success. This deck draws from my experience in building my first CloudStack cloud in early 2012 and has applicability to anyone seeking to deliver cloud services.

Planning a successful private cloud - CloudStack Collaboration Europe 2013

Tim Mackey

Mais de Tim Mackey (18)

Open Source 360 Survey Results

XenServer Design Workshop

XenServer Virtualization In Cloud Environments

Selecting the correct hypervisor for CloudStack 4.5

User Transparent Service Migration to the Cloud

CloudOpen Japan - Controlling the cost of your first cloud

CloudStack Day Japan 2015 - Hypervisor Selection in CloudStack 4.5

Taming the cost of your first cloud - CCCEU 2014

Using Packer to Migrate XenServer Infrastructure to CloudStack

Hypervisor Selection in Apache CloudStack 4.4

OSCON2014: Understanding Hypervisor Selection in Apache CloudStack

Make your first CloudStack Cloud successful

Decisions behind hypervisor selection in CloudStack 4.3

Hypervisor Selection in CloudStack and OpenStack

Hypervisor Capabilities in Apache CloudStack 4.3

Hypervisor selection in CloudStack

Planning a successful private cloud - CloudStack Collaboration Europe 2013

Último

Architecting Cloud Native Applications

WSO2

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Real Time Object Detection Using Open CV

Khem

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

ICT role in 21st century education and its challenges

rafiqahmad00786416

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Secure application deployment in Apache CloudStack

1. Secure application deployment

2. #whoami – Tim Mackey • Current roles: Senior Technical Evangelist; Occasional coder • Previously XenServer Community Manager • Cool things I’ve done • Designed laser communication systems • Early designer of retail self-checkout machines • Embedded special relativity algorithms into industrial control system • Find me • Twitter: @TimInTech • SlideShare: slideshare.net/TimMackey • LinkedIn: www.linkedin.com/in/mackeytim

3. Security reality No solution is perfect. Defense in depth matters.

4. Attacks are big business In 2015, 89% of data breaches had a financial or espionage motive Source: Verizon 2016 Data Breach Report

5. EASY ACCESS TO SOURCE CODE Open source ubiquity makes it an easy target OPEN SOURCE ISN’T MORE OR LESS SECURE THAN CLOSED SOURCE – ITS JUST EASIER TO ACCESS VULNERABILITIES ARE PUBLICIZED EXPLOITS ARE PUBLISHED

6. Anatomy of a new attack Potential Attack Iterate Test against platforms Document Don’t forget PR department Deploy

7. DELIVERED CODE OPEN SOURCE CODE SUPPLY CHAIN CODE LEGACY CODE REUSED CODE/CONTAINERS COMMERCIAL CODE INTERNALLY DEVELOPED CODE OUTSOURCED CODE How open source enters a code base

8. CLOSED SOURCE COMMERCIAL CODE DEDICATED SECURITY RESEARCHERS ALERTING AND NOTIFICATION INFRASTRUCTURE REGULAR PATCH UPDATES DEDICATED SUPPORT TEAM WITH SLA OPEN SOURCE CODE “COMMUNITY”-BASED CODE ANALYSIS MONITOR NEWSFEEDS YOURSELF NO STANDARD PATCHING MECHANISM ULTIMATELY, YOU ARE RESPONSIBLE Who is responsible for code and security?

9. TRUST BUILD FILES, MANIFESTS, PACKAGE MANAGERS, FILE NAMES EVIDENCE-BASED IDENTIFICATION OF OPEN SOURCE BY SCANNING FILES IN CONTEXT Without evidence, nothing else matters Are packages complete? Determine package context

10. 0 500 1000 1500 2000 2500 3000 3500 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Open Source Vulnerabilities Reported Per Year BDS-exclusive nvd Reference: Black Duck Software Knowledgebase, NVD INCREASING NUMBER OF OSS VULNERABILITIES

11. Automated tools miss most open source vulnerabilities Static & Dynamic Analysis Only discover common vulnerabilities 3,000+ disclosed in 2014 Less than 1% found by automated tools Undiscovered vulnerabilities are too complex and nuanced All possible security vulnerabilities

12. What do these all have in common? Heartbleed Shellshock GhostFreak Venom Since: Discovered: 2011 2014 1989 2014 1990’s 2015 2000 2015 2004 2015 Discovered by: Component: OpenSSL Riku, Antti, Matti, Mehta Bash Chazelas OpenSSL Beurdouche GNU C library Qualys researchers QEMU Geffner

13. Integrating into tools and processes DEVELOP SCM BUILD PACKAGE DEPLOY PRODUCTION BUG TRACKING REMEDIATE AND TRACK LICENSE COMPLIANCE AND SECURITY VULNERABILITIES FULL APP SEC VISIBILITY VIA IBM APPSCAN INTEGRATION BUILD / CI SERVER SCAN APPLICATIONS WITH EACH BUILD VIA CI INTEGRATION DELIVERY PIPELINE SCAN APPLICATIONS AND CONTAINERS BEFORE DELIVERY CONTINUOUS MONITORING OF VULNERABILITIES

14. Misaligned security investment

15. A solution should include these components Choose Open Source Proactively choose secure, supported open source SELECT Inventory Open Source Map Existing Vulnerabilities Maintain accurate list of open source components throughout the SDL Identify vulns during development VERIFY Track New Vulnerabilities Alert new vulns in production apps MONITORREMEDIATE Fix Vulnerabilities Tell developers how to remediate

16. We need your help Knowledge is power • Know what’s running and why • Define proactive vulnerability response process • Don’t let technology hype cycle dictate security Invest in defense in depth models • Don’t rely on perimeter security to do heavy lifting • Do look at hypervisor & container trends in security • Make developers and ops teams part of the solution • Do embed security into deployment process Together we can build a more secure data center

Notas do Editor

Image: http://morguefile.com/p/209940
http://www.istockphoto.com/photo/computer-crime-concept-gm516607038-89059287?st=9174601 http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
http://www.istockphoto.com/photo/person-in-hooded-sweater-using-a-laptop-on-wooden-table-gm464503138-58544934?st=cf78f31 http://www.istockphoto.com/photo/cloud-computing-gm518556682-90104967
http://www.istockphoto.com/photo/strength-in-unity-gm514713440-88219133?st=af7fa36

Secure application deployment in Apache CloudStack

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (18)

Semelhante a Secure application deployment in Apache CloudStack

Semelhante a Secure application deployment in Apache CloudStack (20)

Mais de Tim Mackey

Mais de Tim Mackey (18)

Último

Último (20)

Secure application deployment in Apache CloudStack

Notas do Editor