SlideShare uma empresa Scribd logo

Andy Kennedy - Scottish VMUG April 2016

Andy Kennedy
Andy Kennedy

NSX Keynote session from the Scottish VMUG event in Glasgow on the 22nd April, 2016. Key theme is a discussion on how security "blind spots" can occur through the adoption of new compute models, further highlighting the necessity for the industry to have a platform which provides the virtues of micro-segmentation and a zero trust model, irrespective of the technology being used to host modern applications.

Tecnologia
1 de 49
Baixar para ler offline
1 ScottishVMUG April, 2016 From untrust to zero trust… Securing what comes next for the SDDC Andy Kennedy (@packetdiscards) Networking & Security Business Unit, EMEA +44 7766 250030 akennedy@vmware.com
• This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 2
From untrust to zero trust… Securing what comes next for the SDDC © 2016 VMware Inc. All rights reserved. Andy Kennedy (@packetdiscards) Networking & Security Business Unit, EMEA +44 7766 250030 akennedy@vmware.com
From Shadow IT to the Next Unit of Compute - The blind spot indicator for cyber security 4
Cloud Silos PublicManagedPrivate 5
Application Silos Traditional Applications Cloud-Native Applications 6
Device Proliferation ApplicationsContent 7
One Cloud Any Application Any Device 8
Bridging Two Worlds Mobile Cloud Era Client-Server Era
High-Level Architecture Isolation Segmentation ServiceInsertion GuestIntrosepction Orchestration Configuration Management DR Backup & recovery Log Management SIEM Operations Dashboard Virtual Domain RBAC / AAAPolicy Management Policy Enforcement Monitoring & Analytics Backup & Disaster Recovery Physical Domain Hybrid CloudInfrastructure People & Process
Operations App Team 3rd Platform Enables New Types of Apps in the Mobile-CloudEra Hardware OS Application App Team x86 OS Application Operations App Team x86 Linux Application 1st Platform (Servers) 2nd Platform (Virtualization) 3rd Platform (Cloud) x86 Linux
Major NSX use cases Intra-Datacenter Micro-Segmentation DMZAnywhere Secure User Environments Security IT Automating IT Developer Clouds Multi-tenantInfrastructure Agility Disaster Recovery Metro Pooling Hybrid Cloud Networking Application Continuity
13 Microsegmentation
14
15
16
17
Topology Driven Security Little or no lateral controls inside perimeter Internet Internet
Topology Driven Security Internet Internet Operationally Infeasible
20 Centralized firewalls • Create firewall rules before provisioning • Update firewall rules when movingor changing • Delete firewall rules when app decommissioned • Problem increases with more east-westtraffic Internet The challenge of topology driven security in the SDDC
Internet How an SDDC Approach Makes Micro-segmentation Feasible 21 Security policy Perimeter firewalls Cloud Management Platform
Creating a zero trust model Isolation Explicit allow comm. Secure communications Structured secure comms. NGFW IPS IPS NGFW IPS WAF And align your controls to what you are protecting AllowHTTPS
23 Adapting to Change
Application Silos Traditional Applications Cloud-Native Applications 24
Developer IT Challenges with Containers Different Units of Management Partial Visibility Limited Security No Compatability Tools 25
Containers without compromise Today Container Engine Linux vSphere Integrated Containers 26
Security Today vSphere Integrated Containers Hardware Level IsolationOS Level Isolation 27
Container Security 28 Vulnerable Application Vault Vault Website Website Website Website Internet Database Port 80 Internal network
Docker libnetwork – Options 29 – Bridge: Implements a way to configure new networks as isolated L2 bridges on single Docker hosts. The scope is ‘local’ – Overlay: Implements VXLAN based overlay networking to create L2 segments to attach containers running on multiple Docker Hosts. – Remote: Implements an API to externalize network functions to 3rd party vendor / solutions. Bridge Networking Multi-Host (Overlay) Driver Remote (Vendor) Driver
Docker libnetwork – The Container Network Model (CNM) 30 • Sandbox – A Sandbox contains the configuration of a container's network stack. This includes management of the container's interfaces, routing table and DNS settings. An implementation of a Sandbox could be a Linux Network Namespace, a FreeBSD Jail or other similar concept. • Endpoint – An Endpoint joins a Sandbox to a Network. An implementation of an Endpoint could be a veth pair, an Open vSwitch internal port or similar • Network – A Network is a group of Endpoints that are able to communicate with each-other directly. An implementation of a Network could be a VXLAN Segment, a Linuxbridge, a VLAN, etc. Source: https://github.com /docker/li bnetwork/bl ob/m aster/docs/ design.md External network G/w Bridge
Containers – do we still need a Hypervisor? 31 Privilege escalation can lead to container host compromise Vault Vault Website Website Website Website Internet Database Port 80 Internal network Confidential Information
Containers – do we still need a Hypervisor? 32 Lack of isolation allows an attacker to move around Vault Vault Website Website Website Website Internet Database Port 80 Internal network Confidential Information
Containers – do we still need a Hypervisor? 33 NSX provides segmentation, visibility and integration Website Website Website Website Internet Port 80 Internal network Physical Network Infrastructure Vault Vault Database Datacenter HONEY POT VULNERABILITY SCANNER Micro- segmentation Alert Connection to data center
vSphere Integrated Containers Latest… 34 https://github.com/vmware/vic http://blogs.vmware.com/cloudnative/introducing-vsphere-integrated-containers-open-source-software/
Hypervisor (ESXi & KVM) Minion VM Pod vif DFW eth1 Pod eth2 vif DLR Minion VM Pod vif DFW eth2 Pod eth1 vif eth0 Minion Mgmt. IP Stack eth0 Minion Mgmt. IP Stack mgmt network Lx bridge Lx bridge Lx bridge Lx bridge mgmt network Kubernetes - POC
Kubernetes – POC 36
Kubernetes – POC 37
Micro- segmentation Alert Connection to data center Benefits of NSX and containers 38 Micro- segmentation Alert Connection to data center • Micro-segmentation to establish clear boundaries • Stop compromises at container or application level • Central visibility into connectivity acrossthe data center • Per-flow tracking • Alerts for suspicious behavior • Virtual taps at a per- container level • Integration with the rest of your IT infrastructure • Monitoring, incident response, forensics • Access to databases, backup, system updates
Cloud Silos PublicManagedPrivate 39
Public Cloud – The New Silo Infrastructure? 40
The Challenge: Connectivity Across Multiple Clouds 41
Data Center IT Administrator Internet … AWS Cloud Developer 42 Ubiquitous Security for Public Cloud Workloads
NSX + Public Cloud + Containers 43 Sydney Hong Kong Palo Alto Chicago Dallas Virginia Seattle 500 Web Servers 7 data centers 3 continents 2 public clouds + 1 on premise …in 5 minutes https://www.youtube.com/watch?v=RBJ-KoAM-OQ
44 Operational Focus
45
EMC Smarts for NSX – Virtual + Physical Topology Virtual Network Physical Network Logical Switch Logical Router Leaf01 Spine01 Hypervisor
Hyper-V On-Premises Data Center Public Cloud 3rd Gen Applications Virtual Desktop Mobile Devices 47 Design for the New & Accommodate The Old
Network Virtualization Next Steps with VMware NSX 48 virtualizeyournetwork.com The online resource for the people, teams and organizationsthat are adopting networkvirtualization communities.vmware.com Connect and engage with network virtualization experts and fellow VMware NSX users vmware.com/go/NVtraining Build knowledge and expertise for the next step in your career labs.hol.vmware.com Test drive the capabilities of VMware NSX
Technology Previews 49 https://youtu.be/RBJ-KoAM-OQ https://youtu.be/bjodui_ZhM8 Containers & Public Cloud Tech Preview Distributed Network Encryption Tech Preview Kubernetes & NSX Tech Preview

Recomendados

Presentation cloud orchestration solution overview
Presentation cloud orchestration solution overviewPresentation cloud orchestration solution overview
Presentation cloud orchestration solution overviewxKinAnx
 
Leostream Webinar - OpenStack VDI and DaaS
Leostream Webinar - OpenStack VDI and DaaSLeostream Webinar - OpenStack VDI and DaaS
Leostream Webinar - OpenStack VDI and DaaSLeostream
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
VMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld
 
2009-dec02_Dell
2009-dec02_Dell2009-dec02_Dell
2009-dec02_DellAgora Group
 
Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5PRAGMA PROGETTI
 
VMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and SecurityVMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and SecurityVMworld
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 

Recomendados

Presentation cloud orchestration solution overview
Presentation cloud orchestration solution overviewPresentation cloud orchestration solution overview
Presentation cloud orchestration solution overviewxKinAnx
 
Leostream Webinar - OpenStack VDI and DaaS
Leostream Webinar - OpenStack VDI and DaaSLeostream Webinar - OpenStack VDI and DaaS
Leostream Webinar - OpenStack VDI and DaaSLeostream
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
VMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld
 
2009-dec02_Dell
2009-dec02_Dell2009-dec02_Dell
2009-dec02_DellAgora Group
 
Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5PRAGMA PROGETTI
 
VMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and SecurityVMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and SecurityVMworld
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 
Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Jürgen Ambrosi
 
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment Manager
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment ManagerVMworld 2015: Managing Users: A Deep Dive into VMware User Environment Manager
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment ManagerVMworld
 
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on Demand
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on DemandLinux VDI with OpenStack – How to Deliver Linux Virtual Desktops on Demand
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on DemandLeostream
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Presentation cloud orchestration
Presentation cloud orchestrationPresentation cloud orchestration
Presentation cloud orchestrationxKinAnx
 
Jump Start your XenApp 7.5 Deployment
Jump Start your XenApp 7.5 DeploymentJump Start your XenApp 7.5 Deployment
Jump Start your XenApp 7.5 DeploymentDavid McGeough
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...actualtechmedia
 
2021 March Pravega Community Meeting
2021 March Pravega Community Meeting2021 March Pravega Community Meeting
2021 March Pravega Community MeetingDerek Moore
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
Choosing PaaS: Cisco and Open Source Options: an overview
Choosing PaaS: Cisco and Open Source Options: an overviewChoosing PaaS: Cisco and Open Source Options: an overview
Choosing PaaS: Cisco and Open Source Options: an overviewCisco DevNet
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeDenis Gundarev
 
XenDesktop and XenApp - 2015 summary & bit of future
XenDesktop and XenApp - 2015 summary & bit of futureXenDesktop and XenApp - 2015 summary & bit of future
XenDesktop and XenApp - 2015 summary & bit of futureMarketingArrowECS_CZ
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitCloud Standards Customer Council
 
Microsoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son VuMicrosoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son Vuvncson
 
TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0Robb Boyd
 
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)Dan Wendlandt
 
Dropwizard and Friends
Dropwizard and FriendsDropwizard and Friends
Dropwizard and FriendsYun Zhi Lin
 
Nano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyNano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyYun Zhi Lin
 

Mais conteúdo relacionado

Mais procurados

Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Jürgen Ambrosi
 
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment Manager
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment ManagerVMworld 2015: Managing Users: A Deep Dive into VMware User Environment Manager
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment ManagerVMworld
 
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on Demand
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on DemandLinux VDI with OpenStack – How to Deliver Linux Virtual Desktops on Demand
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on DemandLeostream
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Presentation cloud orchestration
Presentation cloud orchestrationPresentation cloud orchestration
Presentation cloud orchestrationxKinAnx
 
Jump Start your XenApp 7.5 Deployment
Jump Start your XenApp 7.5 DeploymentJump Start your XenApp 7.5 Deployment
Jump Start your XenApp 7.5 DeploymentDavid McGeough
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...actualtechmedia
 
2021 March Pravega Community Meeting
2021 March Pravega Community Meeting2021 March Pravega Community Meeting
2021 March Pravega Community MeetingDerek Moore
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
Choosing PaaS: Cisco and Open Source Options: an overview
Choosing PaaS: Cisco and Open Source Options: an overviewChoosing PaaS: Cisco and Open Source Options: an overview
Choosing PaaS: Cisco and Open Source Options: an overviewCisco DevNet
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeDenis Gundarev
 
XenDesktop and XenApp - 2015 summary & bit of future
XenDesktop and XenApp - 2015 summary & bit of futureXenDesktop and XenApp - 2015 summary & bit of future
XenDesktop and XenApp - 2015 summary & bit of futureMarketingArrowECS_CZ
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
Microsoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son VuMicrosoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son Vuvncson
 
TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0Robb Boyd
 
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)Dan Wendlandt
 

Mais procurados (20)

Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail
 
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment Manager
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment ManagerVMworld 2015: Managing Users: A Deep Dive into VMware User Environment Manager
VMworld 2015: Managing Users: A Deep Dive into VMware User Environment Manager
 
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on Demand
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on DemandLinux VDI with OpenStack – How to Deliver Linux Virtual Desktops on Demand
Linux VDI with OpenStack – How to Deliver Linux Virtual Desktops on Demand
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Presentation cloud orchestration
Presentation cloud orchestrationPresentation cloud orchestration
Presentation cloud orchestration
 
Jump Start your XenApp 7.5 Deployment
Jump Start your XenApp 7.5 DeploymentJump Start your XenApp 7.5 Deployment
Jump Start your XenApp 7.5 Deployment
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
Conquering Disaster Recovery Challenges and Out-of-Control Data with the Hybr...
 
2021 March Pravega Community Meeting
2021 March Pravega Community Meeting2021 March Pravega Community Meeting
2021 March Pravega Community Meeting
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
Choosing PaaS: Cisco and Open Source Options: an overview
Choosing PaaS: Cisco and Open Source Options: an overviewChoosing PaaS: Cisco and Open Source Options: an overview
Choosing PaaS: Cisco and Open Source Options: an overview
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternative
 
XenDesktop and XenApp - 2015 summary & bit of future
XenDesktop and XenApp - 2015 summary & bit of futureXenDesktop and XenApp - 2015 summary & bit of future
XenDesktop and XenApp - 2015 summary & bit of future
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack Summit
 
Microsoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son VuMicrosoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son Vu
 
TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0
 
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
 

Destaque

Dropwizard and Friends
Dropwizard and FriendsDropwizard and Friends
Dropwizard and FriendsYun Zhi Lin
 
Nano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyNano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyYun Zhi Lin
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...CA Technologies
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...Adi Gazit Blecher
 
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0WebNMS
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)VMware
 
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...CA Technologies
 
Expectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkExpectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkOpen Networking Summits
 
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...CA Technologies
 
NFV management and orchestration framework architecture
NFV management and orchestration framework architectureNFV management and orchestration framework architecture
NFV management and orchestration framework architecturesidneel
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinZivaro Inc
 

Destaque (13)

Dropwizard and Friends
Dropwizard and FriendsDropwizard and Friends
Dropwizard and Friends
 
Nano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyNano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security Journey
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
 
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
 
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
 
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
 
Expectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkExpectation for SDN as Carrier's Network
Expectation for SDN as Carrier's Network
 
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
 
NFV management and orchestration framework architecture
NFV management and orchestration framework architectureNFV management and orchestration framework architecture
NFV management and orchestration framework architecture
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
 

Semelhante a Andy Kennedy - Scottish VMUG April 2016

VMworld 2014: How I Learned to Stop Worrying and Love the Public Cloud
VMworld 2014: How I Learned to Stop Worrying and Love the Public CloudVMworld 2014: How I Learned to Stop Worrying and Love the Public Cloud
VMworld 2014: How I Learned to Stop Worrying and Love the Public CloudVMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of NetworkingOpenStack Korea Community
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Ryan Koop
 
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMUG IT
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?Safe Swiss Cloud
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 VMwareJenn
 
OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?NAIM Networks, Inc.
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
Secure SDN
Secure SDNSecure SDN
Secure SDNAPNIC
 

Semelhante a Andy Kennedy - Scottish VMUG April 2016 (20)

VMworld 2014: How I Learned to Stop Worrying and Love the Public Cloud
VMworld 2014: How I Learned to Stop Worrying and Love the Public CloudVMworld 2014: How I Learned to Stop Worrying and Love the Public Cloud
VMworld 2014: How I Learned to Stop Worrying and Love the Public Cloud
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014
 
Sdn primer pdf
Sdn primer pdfSdn primer pdf
Sdn primer pdf
 
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 
What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014
 
OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Secure SDN
Secure SDNSecure SDN
Secure SDN
 

Último

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Último (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Andy Kennedy - Scottish VMUG April 2016

  • 1. 1 ScottishVMUG April, 2016 From untrust to zero trust… Securing what comes next for the SDDC Andy Kennedy (@packetdiscards) Networking & Security Business Unit, EMEA +44 7766 250030 akennedy@vmware.com
  • 2. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 2
  • 3. From untrust to zero trust… Securing what comes next for the SDDC © 2016 VMware Inc. All rights reserved. Andy Kennedy (@packetdiscards) Networking & Security Business Unit, EMEA +44 7766 250030 akennedy@vmware.com
  • 4. From Shadow IT to the Next Unit of Compute - The blind spot indicator for cyber security 4
  • 8. One Cloud Any Application Any Device 8
  • 9. Bridging Two Worlds Mobile Cloud Era Client-Server Era
  • 10. High-Level Architecture Isolation Segmentation ServiceInsertion GuestIntrosepction Orchestration Configuration Management DR Backup & recovery Log Management SIEM Operations Dashboard Virtual Domain RBAC / AAAPolicy Management Policy Enforcement Monitoring & Analytics Backup & Disaster Recovery Physical Domain Hybrid CloudInfrastructure People & Process
  • 11. Operations App Team 3rd Platform Enables New Types of Apps in the Mobile-CloudEra Hardware OS Application App Team x86 OS Application Operations App Team x86 Linux Application 1st Platform (Servers) 2nd Platform (Virtualization) 3rd Platform (Cloud) x86 Linux
  • 12. Major NSX use cases Intra-Datacenter Micro-Segmentation DMZAnywhere Secure User Environments Security IT Automating IT Developer Clouds Multi-tenantInfrastructure Agility Disaster Recovery Metro Pooling Hybrid Cloud Networking Application Continuity
  • 14. 14
  • 15. 15
  • 16. 16
  • 17. 17
  • 18. Topology Driven Security Little or no lateral controls inside perimeter Internet Internet
  • 19. Topology Driven Security Internet Internet Operationally Infeasible
  • 20. 20 Centralized firewalls • Create firewall rules before provisioning • Update firewall rules when movingor changing • Delete firewall rules when app decommissioned • Problem increases with more east-westtraffic Internet The challenge of topology driven security in the SDDC
  • 21. Internet How an SDDC Approach Makes Micro-segmentation Feasible 21 Security policy Perimeter firewalls Cloud Management Platform
  • 22. Creating a zero trust model Isolation Explicit allow comm. Secure communications Structured secure comms. NGFW IPS IPS NGFW IPS WAF And align your controls to what you are protecting AllowHTTPS
  • 25. Developer IT Challenges with Containers Different Units of Management Partial Visibility Limited Security No Compatability Tools 25
  • 26. Containers without compromise Today Container Engine Linux vSphere Integrated Containers 26
  • 27. Security Today vSphere Integrated Containers Hardware Level IsolationOS Level Isolation 27
  • 29. Docker libnetwork – Options 29 – Bridge: Implements a way to configure new networks as isolated L2 bridges on single Docker hosts. The scope is ‘local’ – Overlay: Implements VXLAN based overlay networking to create L2 segments to attach containers running on multiple Docker Hosts. – Remote: Implements an API to externalize network functions to 3rd party vendor / solutions. Bridge Networking Multi-Host (Overlay) Driver Remote (Vendor) Driver
  • 30. Docker libnetwork – The Container Network Model (CNM) 30 • Sandbox – A Sandbox contains the configuration of a container's network stack. This includes management of the container's interfaces, routing table and DNS settings. An implementation of a Sandbox could be a Linux Network Namespace, a FreeBSD Jail or other similar concept. • Endpoint – An Endpoint joins a Sandbox to a Network. An implementation of an Endpoint could be a veth pair, an Open vSwitch internal port or similar • Network – A Network is a group of Endpoints that are able to communicate with each-other directly. An implementation of a Network could be a VXLAN Segment, a Linuxbridge, a VLAN, etc. Source: https://github.com /docker/li bnetwork/bl ob/m aster/docs/ design.md External network G/w Bridge
  • 31. Containers – do we still need a Hypervisor? 31 Privilege escalation can lead to container host compromise Vault Vault Website Website Website Website Internet Database Port 80 Internal network Confidential Information
  • 32. Containers – do we still need a Hypervisor? 32 Lack of isolation allows an attacker to move around Vault Vault Website Website Website Website Internet Database Port 80 Internal network Confidential Information
  • 33. Containers – do we still need a Hypervisor? 33 NSX provides segmentation, visibility and integration Website Website Website Website Internet Port 80 Internal network Physical Network Infrastructure Vault Vault Database Datacenter HONEY POT VULNERABILITY SCANNER Micro- segmentation Alert Connection to data center
  • 34. vSphere Integrated Containers Latest… 34 https://github.com/vmware/vic http://blogs.vmware.com/cloudnative/introducing-vsphere-integrated-containers-open-source-software/
  • 35. Hypervisor (ESXi & KVM) Minion VM Pod vif DFW eth1 Pod eth2 vif DLR Minion VM Pod vif DFW eth2 Pod eth1 vif eth0 Minion Mgmt. IP Stack eth0 Minion Mgmt. IP Stack mgmt network Lx bridge Lx bridge Lx bridge Lx bridge mgmt network Kubernetes - POC
  • 38. Micro- segmentation Alert Connection to data center Benefits of NSX and containers 38 Micro- segmentation Alert Connection to data center • Micro-segmentation to establish clear boundaries • Stop compromises at container or application level • Central visibility into connectivity acrossthe data center • Per-flow tracking • Alerts for suspicious behavior • Virtual taps at a per- container level • Integration with the rest of your IT infrastructure • Monitoring, incident response, forensics • Access to databases, backup, system updates
  • 40. Public Cloud – The New Silo Infrastructure? 40
  • 41. The Challenge: Connectivity Across Multiple Clouds 41
  • 42. Data Center IT Administrator Internet … AWS Cloud Developer 42 Ubiquitous Security for Public Cloud Workloads
  • 43. NSX + Public Cloud + Containers 43 Sydney Hong Kong Palo Alto Chicago Dallas Virginia Seattle 500 Web Servers 7 data centers 3 continents 2 public clouds + 1 on premise …in 5 minutes https://www.youtube.com/watch?v=RBJ-KoAM-OQ
  • 45. 45
  • 46. EMC Smarts for NSX – Virtual + Physical Topology Virtual Network Physical Network Logical Switch Logical Router Leaf01 Spine01 Hypervisor
  • 47. Hyper-V On-Premises Data Center Public Cloud 3rd Gen Applications Virtual Desktop Mobile Devices 47 Design for the New & Accommodate The Old
  • 48. Network Virtualization Next Steps with VMware NSX 48 virtualizeyournetwork.com The online resource for the people, teams and organizationsthat are adopting networkvirtualization communities.vmware.com Connect and engage with network virtualization experts and fellow VMware NSX users vmware.com/go/NVtraining Build knowledge and expertise for the next step in your career labs.hol.vmware.com Test drive the capabilities of VMware NSX
  • 49. Technology Previews 49 https://youtu.be/RBJ-KoAM-OQ https://youtu.be/bjodui_ZhM8 Containers & Public Cloud Tech Preview Distributed Network Encryption Tech Preview Kubernetes & NSX Tech Preview