CLOUD COMPUTING SECURITY
|
|
- Lewis Farmer
- 8 years ago
- Views:
Transcription
1 CLOUD COMPUTING SECURITY HP Labs G-Cloud A Secure Cloud Infrastructure Frederic Gittler Cloud and Security Laboratory, HP Labs
2 Covering A few words about HP Labs An outline of Cloud Computing Business drivers, Goals, etc. Cloud Security - Stakeholders and their issues - Routes of attack - Properties required Secure services - Control over security properties Infrastructure design - Virtual machines, networks and storage - Sensors and monitoring 2
3 HP LABS AROUND THE WORLD Global talent, local innovation AMERICAS 46 university collaborations in the Americas Guadalajara Advanced Prototyping Center $1M 29 projects with HP Brazil R&D DARPA, DOE, US Army, MPO external funding NSF Post-Docs support $1M UC Discovery awards EMEA 10 university collaborations in EMEA 4 EU FP7 consortia, UK Tech Strategy Board awards UK CASE PhD support APJ 7 university collaborations in the Asia-Pacific Region A*STAR and EDB support, Singapore ST. PETERSBURG BEIJING BRISTOL PALO ALTO SINGAPORE HAIFA BANGALORE 3
4 HP LABS RESEARCH AREAS Innovation at every touchpoint of information Service & Solutions Printing & Content Delivery Mobile & Immersive Experience Networking & Communications Sustainability Cloud & Security Intelligent Infrastructure Information Analytics 4
5 A long history 1996 SmartFrog OpenCall 2000 Cells Proposal Sanger Williams F The Painter DreamWorks SE3D Cells v G-Cloud Demo Service Sensors Data Sharing 5
6 Cloud Services IT delivered as a logical service, available on demand, charged by usage Logical Service: details of delivery hidden On Demand: scales up and down immediately and seamlessly Charged by Usage: metering and billing of services, pay for what you use Cloud computing is computation offered as a service 6
7 Cloud computing Concepts Multi-tenancy Shared service infrastructure, running simultaneous collocated workloads, for multiple customers Dynamic sharing for flexibility and utilisation efficiency Cloud-scale infrastructure Commodity scale-out hardware Targeting extreme economies of scale Ubiquitous access Using portable client devices Any where, any time 7
8 Cloud Computing benefits Cost management Benefit from economies of scale Avoids cost of over-provisioning Reduction in up-front capital investment, switch to expense more in line with business needs Risk reduction Someone else worries about running the data-centre, protecting your data, and providing disaster recovery Reduces risk of under-provisioning Flexibility Add/remove services on demand Scale up and down as needed rapidly Ubiquity Access from any place, any device, any time 8
9 Barriers to adoption Security, Regulatory, Data locality concerns Concerns about lock-in, lack of multi-vendor options Challenge of migrating from in-house (or outsourced) apps Trust in the service vendors Service levels Stability Geographic presence Vested Interests 9
10 Roles in the Cloud The Cloud 10
11 Roles in the Cloud community public private private 11
12 Roles in the Cloud install and administer community public private Infrastructure Provider private 12
13 Roles in the Cloud Service Developer App Store community public private Infrastructure Provider private 13
14 Roles in the Cloud Service Provider Service Developer App Store community public private Infrastructure Provider private 14
15 Roles in the Cloud procure Service Provider Service Developer App Store community public private Infrastructure Provider private 15
16 Roles in the Cloud procure Service Provider Service Developer App Store community public private Infrastructure Provider private 16
17 Roles in the Cloud Service Provider Service Developer App Store administer community public private Infrastructure Provider private 17
18 Roles in the Cloud Service Provider Service Developer App Store community service public composed private Infrastructure Provider private 18
19 Roles in the Cloud Service Provider Service Developer App Store Infrastructure Provider community public multi-tenanted private private 19
20 Roles in the Cloud Service Provider Service Developer App Store Service Users community service public private Infrastructure Provider private 20
21 Roles in the Cloud Service Provider Service Developer App Store Service Users community service public private Infrastructure Provider private Social Attack 21 Engineered Attack Cyber-Criminal
22 22
23 a Cell is a container for a service - including all its virtualized infrastructure 23
24 24
25 spec 25
26 26
27 27
28 external internet routing and firewall rules 28
29 spec 29
30 30
31 31
32 bipartite agreement 32
33 Model-Based Describe desired end-point Can freely update the description of the end-point Allow the system to create it Asynchronous convergence for scale and performance Errors and status reported relative to model Provides uniformity of mechanism 33
34 Model-Based: Why Declarative Enables analysis and tool support Cross-model properties and policies Basis for compliance and transparent management Enables different principals to sign different parts of the model, independent of right of model submission, and mapping into enterprise IT roles Enables IT best practice Inherently idempotent Hugely simplifies interaction model, improves security Enables back-end asynchrony and parallelism for scale and performance Template descriptions of services Simplifies service packaging Ease of integration with a Cloud Marketplace Easy to map transactional interfaces to model-based; hard to do the other way around and maintain the advantages 34
35 Infrastructure Models cell vnet HTTP Only vnet VM VM VM VVol VVol VVol VVol VVol Topology managed by grants Communication managed by rules 35
36 Future Modelling Currently we provide explicit description of topology and some security properties However, this is but the start. Support for loose models and constraints Models that are configured according to user or business-level concepts Order-dependencies Declarative description of state transitions and dependencies on the state Specification of QoS policies linked through sensor framework, constraints and dependencies, to create auto-flexing models Specification of service high-availability policies Automatically mapped into placement and recovery decisions Federation properties Specification of additional security policies Guiding placement and other aspects such as providing security probes Semantic controls over data sharing 36
37 Infrastructure Virtualization To build the isolation, we need virtualized environments Virtualization introduces security issues But there are ways around it, for example placement algorithms can keep sensitive workloads apart from each other Virtualization enables new security and isolation techniques sitting below the virtual machine allows a range of control points, sensors and mitigations that are impossible in a physical world Indeed virtualization can be seen as the KEY to producing secure multitenanted systems 37
38 Infrastructure Integrity We must protect the cloud at all costs Threats come from Services run upon it Direct attacks from outside Internal administrators We must understand these threats, and the paths that they may use to undermine the cloud We must provide a number of engineering solutions to deal with the threats Minimize attack surface, defence in depth Provide a framework for countermeasures Sensors to detect attacks, both attempts and successes Mitigations to remove attempted and successful attacks Diagnosing attacks by turning sensor data into diagnoses 38
39 Threats identification mitigation prevention detection 39
40 Service Core 40
41 Service utility controllers supporting services server and storage nodes 41
42 Service VMs (trusted virtualization) VNets utility controllers (diverter, rules) server and storage nodes VVols (CoWs, caching) supporting services 42
43 Service VMs (KVM) VNets utility controllers (diverter, rules) system orchestration server and storage nodes VVols (CoWs, caching) supporting services 43
44 Virtual Networking Goals Support full layer-3 unicast, multicast and broadcast packets Create the illusion of subnets and routing Provide all the inter-vm and subnet routing policies Strong and secure separation VM VM Single shared physical network 44
45 Virtual Storage CopyA CopyB COW volume A RW RW COW volume B RO Origin image CopyA VM VM CopyB LVM+ Storage area network LVM+ 45
46 Virtualization Security: Threat The main requirement is that the core virtualization technology is secure What happens if a VM successfully breaks out of its container and takes over the host? Dom 0 Dom U Hypervisor Physical host 46
47 Virtualization Security: Prevention Use trusted virtualization technologies to minimize risk of attack and reduce impact Subdivide the Hypervisor and DOM0 into smaller, simpler, more secure parts and limiting the impact of success Dom U Hypervisor Physical host 47
48 Virtualization Security: Host Compromise Provide host peer-peer detection of dom0 misbehaviour Dom 0 Dom U?? Hypervisor Physical host 48
49 Sensors Aim to detect: Illegal Actions System components detecting or initiating abnormal activity with other system components: this is either a bug or a successful attack and needs immediate attention Attempts of user VMs to communicate with disallowed targets Abnormal behaviour Sudden changes in profiles of IO or CPU usage Requests for VMs or other resources beyond reasonable or specified limits Excessive churn in topology Sudden widening of network rules Sensors are implemented everywhere 49
50 Sensors: System Dom 0 Dom 0 Dom 0 Dom 0 Dom 0 Dom 0 Dom 0 Dom 0 Dom 0 System components inter-communicate in limited ways System VM System VM System VM System VMs System components can verify requests for reasonableness 50
51 Enforcing and Sensing: IO Enforcement Points and I/O Sensors, e.g. dropped or illegal packets writes to protected areas Storage IO Dom U Hypervisor Network IO Includes checks on System VMs 51
52 Service Integrity A virused or malicious service is not strictly a threat to the integrity of the whole cloud, however... We must prevent (where possible) attacks on another services by providing robust isolation and detection of attack attempts We must detect when an attack succeeds by monitoring from outside of the service spotting abnormalities in behaviour forensic examination of service VMs We must be able to mitigate when an attack is detected Shutting down, restarting or freezing VMs or services 52
53 Service Sensors We want to allow service writers to be able to create sensors that monitor their own services run outside of the service, looking in, and undetectable to it service owners have a better view of the service semantics can be offered by 3 rd party monitoring specialists (NSA for USG) that do not have any privileged access to core system capability Virtualization gives control over what one compartment can do or see with another compartment. We can use the fact that one virtual machine can (given permission) look into the memory space of another. Interpose itself into an IO path of another. 53
54 Sensor VMs Invisible to the service VM Dom 0 Sensor inspection of VM memory Service Viruses and root-kits cannot hide by altering OS or disabling virus checkers Enabled by an API in the hypervisor Needs care to ensure that it doesn t become another vector for attack! Hypervisor 54
55 Sensor VMs Dom 0 Sensor Service inspection of VM IO Hypervisor Deployable by the service provider, infrastructure provider or trusted 3 rd party 55
56 Sensor VM properties It s hard to detect the presence of the sensors. It s impossible to hide the code or IO from the sensors We can see if the OS tables have been manipulated We can look for evidence of the use of different virus components We do not look only for specific attacks We gain evidence to suggest the existence of malware. We can see into disc and network buffers We can sit in the IO path and carry out specific deep inspection 56
57 Our Demonstrator 57
58
Cloud Computing Paradigm
Cloud Computing Paradigm Julio Guijarro Automated Infrastructure Lab HP Labs Bristol, UK 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationProactively Secure Your Cloud Computing Platform
Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Agenda 1 Cloud
More informationAlways On Infrastructure for Software as a Ser vice
Solution Brief: Always On Infrastructure for Software as a Ser vice WITH EGENERA CLOUD SUITE SOFTWARE Egenera, Inc. 80 Central St. Boxborough, MA 01719 Phone: 978.206.6300 www.egenera.com Introduction
More informationIaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures
IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction
More informationCloud Computing Trends
UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Computing Trends What is cloud computing? Cloud computing refers to the apps and services delivered over the internet. Software delivered
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationNetwork Performance Comparison of Multiple Virtual Machines
Network Performance Comparison of Multiple Virtual Machines Alexander Bogdanov 1 1 Institute forhigh-performance computing and the integrated systems, e-mail: bogdanov@csa.ru, Saint-Petersburg, Russia
More informationSoftware Defined Security Mechanisms for Critical Infrastructure Management
Software Defined Security Mechanisms for Critical Infrastructure Management SESSION: CRITICAL INFRASTRUCTURE PROTECTION Dr. Anastasios Zafeiropoulos, Senior R&D Architect, Contact: azafeiropoulos@ubitech.eu
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationCA Cloud Overview Benefits of the Hyper-V Cloud
Benefits of the Hyper-V Cloud For more information, please contact: Email: sales@canadianwebhosting.com Ph: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com) is an independent company, hereinafter
More informationMitigating Information Security Risks of Virtualization Technologies
Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization
More informationSecure Virtualization in the Federal Government
White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in
More informationCloud Optimize Your IT
Cloud Optimize Your IT Windows Server 2012 The information contained in this presentation relates to a pre-release product which may be substantially modified before it is commercially released. This pre-release
More informationOpen Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1
sm Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1 Open Data Center Alliance Usage: Virtual Machine (VM) Interoperability in a Hybrid Cloud
More informationDISTRIBUTED SYSTEMS AND CLOUD COMPUTING. A Comparative Study
DISTRIBUTED SYSTEMS AND CLOUD COMPUTING A Comparative Study Geographically distributed resources, such as storage devices, data sources, and computing power, are interconnected as a single, unified resource
More informationREMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION
REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network
More informationCloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam
Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software
More informationNetworks for Cloud Computing. Paul Murray, Senior Researcher Cloud and Security Lab HP Labs, Bristol 6/9/2011
Networks for Cloud Computing Paul Murray, Senior Researcher Cloud and Security Lab HP Labs, Bristol 6/9/2011 Data Centre Networks for Cloud Computing Multi-tenancy and Security Host multiple customers
More informationSolution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware
Introduction By leveraging the inherent benefits of a virtualization based platform, a Microsoft Exchange Server 2007 deployment on VMware Infrastructure 3 offers a variety of availability and recovery
More informationHow To Manage A Virtualization Server
Brain of the Virtualized Data Center Contents 1 Challenges of Server Virtualization... 3 1.1 The virtual network breaks traditional network boundaries... 3 1.2 The live migration function of VMs requires
More informationCloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University
Cloud computing: the state of the art and challenges Jānis Kampars Riga Technical University Presentation structure Enabling technologies Cloud computing defined Dealing with load in cloud computing Service
More informationSECURITY FOR VIRTUALIZATION: FINDING THE RIGHT BALANCE
SECURITY FOR VIRTUALIZATION: FINDING THE RIGHT BALANCE Combining protection and performance in your virtualized environment kaspersky.com/beready Introduction In the end, they re all servers and someone
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationNetwork Technologies for Next-generation Data Centers
Network Technologies for Next-generation Data Centers SDN-VE: Software Defined Networking for Virtual Environment Rami Cohen, IBM Haifa Research Lab September 2013 Data Center Network Defining and deploying
More informationSecure your Virtual World with Cyberoam
White paper Secure your Virtual World with Cyberoam www.cyberoam.com Virtualization The Why and the What... Rising Data Center costs... Ever-increasing demand for data storage... Under-utilized processors...
More informationThe Cloud, Virtualization, and Security
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationEnterprise Storage Solution for Hyper-V Private Cloud and VDI Deployments using Sanbolic s Melio Cloud Software Suite April 2011
Enterprise Storage Solution for Hyper-V Private Cloud and VDI Deployments using Sanbolic s Melio Cloud Software Suite April 2011 Executive Summary Large enterprise Hyper-V deployments with a large number
More informationHRG Assessment: Stratus everrun Enterprise
HRG Assessment: Stratus everrun Enterprise Today IT executive decision makers and their technology recommenders are faced with escalating demands for more effective technology based solutions while at
More informationSOFTWARE-DEFINED: MAKING CLOUDS MORE EFFICIENT. Julian Chesterfield, Director of Emerging Technologies
SOFTWARE-DEFINED: MAKING CLOUDS MORE EFFICIENT Julian Chesterfield, Director of Emerging Technologies DEFINING SOFTWARE DEFINED! FLEXIBILITY IN SOFTWARE Leveraging commodity CPU cycles to provide traditional
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationCoIP (Cloud over IP): The Future of Hybrid Networking
CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical
More informationWHITE PAPER: Egenera Cloud Suite for EMC VSPEX. The Proven Solution For Building Cloud Services
WHITE PAPER: Egenera Cloud Suite for EMC VSPEX The Proven Solution For Building Cloud Services Build, Manage and Protect Your Cloud with the VSPEX Certified Egenera Cloud Suite Today, organizations are
More informationInfrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS) (ENCS 691K Chapter 4) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ References 1. R. Moreno et al.,
More informationDatabase Security, Virtualization and Cloud Computing
Whitepaper Database Security, Virtualization and Cloud Computing The three key technology challenges in protecting sensitive data in modern IT architectures Including: Limitations of existing database
More informationUnlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre
Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for
More informationPrivate Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Cloud computing has completely transformed the way business organizations
More informationBeyond the cloud! a small overview of cloud challenges. Credits: NASA
Beyond the cloud a small overview of cloud challenges Credits: NASA Adrien Lebre / Ascola Project Team Cumulo NumBio - June 3rd, 2015 Looking back xxx Computing Meta / Cluster / Grid / Desktop / Hive /
More informationSoftware Define Storage (SDs) and its application to an Openstack Software Defined Infrastructure (SDi) implementation
Software Define Storage (SDs) and its application to an Openstack Software Defined Infrastructure (SDi) implementation This paper discusses how data centers, offering a cloud computing service, can deal
More informationSecurity and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto
Security and Privacy in Public Clouds David Lie Department of Electrical and Computer Engineering University of Toronto 1 Cloud Computing Cloud computing can (and is) applied to almost everything today.
More informationControl your corner of the cloud.
Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing
More informationIntroducing the Dynamic and Scalable Data Center
Introducing the Dynamic and Scalable Data Center Virtual Private Data Centers with Multiple QoS levels deliver scalable capacity while minimizing costs Ken Owens Technical VP - Security and Server Technologies
More informationSatish Mohan. Head Engineering. AMD Developer Conference, Bangalore
Satish Mohan Head Engineering AMD Developer Conference, Bangalore Open source software Allows developers worldwide to collaborate and benefit. Strategic elimination of vendor lock in OSS naturally creates
More informationA Pragmatic Approach to Network Security for Virtualized Computing Environments
WHITE PAPER A Pragmatic Approach to Network Security for Virtualized Computing Environments Sponsor: Palo Alto Networks Author: Mark Bouchard A Pragmatic Approach to Network Security for Virtualized Computing
More information5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP
5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP With support for Cisco ACE load balancer ending, organizations need to find an alternative. Contents Introduction 3 Advanced Architecture 3 Ease of
More informationIntel Service Assurance Administrator. Product Overview
Intel Service Assurance Administrator Product Overview Running Enterprise Workloads in the Cloud Enterprise IT wants to Start a private cloud initiative to service internal enterprise customers Find an
More informationThe Open Cloud Near-Term Infrastructure Trends in Cloud Computing
The Open Cloud Near-Term Infrastructure Trends in Cloud Computing Markus Leberecht BELNET Networking Conference 25-Oct-2012 1 Growth & IT Challenges Drive Need for Cloud Computing IT Pros Growth IT Challenges
More informationOpen Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY
sm Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY 1 Legal Notice This Open Data Center Alliance SM Usage: VM Interoperability is proprietary to the Open Data Center Alliance, Inc.
More informationThe Challenges of Securing Hosting Hyper-V Multi-Tenant Environments
#1 Management and Security for Windows Server and Hyper-V The Challenges of Securing Hosting Hyper-V Multi-Tenant Environments by Brien M. Posey In the not too distant past, VMware was the hypervisor of
More informationEnabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings
Solution Brief Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings Introduction Accelerating time to market, increasing IT agility to enable business strategies, and improving
More informationCloud Computing Security Issues And Methods to Overcome
Cloud Computing Security Issues And Methods to Overcome Manas M N 1, Nagalakshmi C K 2, Shobha G 3 MTech, Computer Science & Engineering, RVCE, Bangalore, India 1,2 Professor & HOD, Computer Science &
More informationVirtual Switching Without a Hypervisor for a More Secure Cloud
ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources
More informationDelivering Managed Services Using Next Generation Branch Architectures
Delivering Managed Services Using Next Generation Branch Architectures By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Versa Networks Executive Summary Network architectures for the WAN
More informationONE Cloud Services Secure Cloud Applications for E-Health
ONE Cloud Services Secure Cloud Applications for E-Health http://cloudbestpractices.net Cloud Solutions Roadmap The Cloud Best Practices Network (CBPN) specializes in pioneering and documenting best practice
More informationVMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic
VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of
More informationVIRTUALIZATION SECURITY IN THE REAL WORLD
VIRTUALIZATION SECURITY IN THE REAL WORLD Growing Technology Virtualization has become the standard for many corporate IT departments. The market for server virtualization infrastructure has matured, surpassing
More informationWhat are your firm s plans to adopt x86 server virtualization? Not interested
The benefits of server virtualization are widely accepted and the majority of organizations have deployed virtualization technologies. Organizations are virtualizing mission-critical workloads but must
More informationSecure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com
Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud
More informationCHAPTER 2 THEORETICAL FOUNDATION
CHAPTER 2 THEORETICAL FOUNDATION 2.1 Theoretical Foundation Cloud computing has become the recent trends in nowadays computing technology world. In order to understand the concept of cloud, people should
More informationBoosting Business Agility through Software-defined Networking
Executive Summary: Boosting Business Agility through Software-defined Networking Completing the last mile of virtualization Introduction Businesses have gained significant value from virtualizing server
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationSolidFire SF3010 All-SSD storage system with Citrix CloudPlatform 3.0.5 Reference Architecture
SolidFire SF3010 All-SSD storage system with Citrix CloudPlatform 3.0.5 Reference Architecture 2 This reference architecture is a guideline for deploying Citrix CloudPlatform, powered by Apache CloudStack,
More informationSecurity Challenges & Opportunities in Software Defined Networks (SDN)
Security Challenges & Opportunities in Software Defined Networks (SDN) June 30 th, 2015 SEC2 2015 Premier atelier sur la sécurité dans les Clouds Nizar KHEIR Cyber Security Researcher Orange Labs Products
More informationBuilding an AWS-Compatible Hybrid Cloud with OpenStack
Building an AWS-Compatible Hybrid Cloud with OpenStack AWS is Transforming IT Amazon Web Services (AWS) commands a significant lead in the public cloud services market, with revenue estimated to grow from
More informationData Center Content Delivery Network
BM 465E Distributed Systems Lecture 4 Networking (cont.) Mehmet Demirci Today Overlay networks Data centers Content delivery networks Overlay Network A virtual network built on top of another network Overlay
More informationVirtualisation security: Virtual machine monitoring and introspection
Virtualisation security: Virtual machine monitoring and introspection ISATION Increasingly, critical systems are being virtualised in the name of cost savings. At the same time, there has been an increase
More informationSecuring the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
More informationHow OpenFlow-based SDN can increase network security
How OpenFlow-based SDN can increase network security Charles Ferland, IBM System Networking Representing the ONF ferland@de.ibm.com +49 151 1265 0830 Important elements The objective is to build SDN networks
More informationGroup-Based Policy for OpenStack
Group-Based Policy for OpenStack Introduction Over the past four years, OpenStack has grown from a simple open source project to a major community-based initiative including thousands of contributors in
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More information9/26/2011. What is Virtualization? What are the different types of virtualization.
CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,
More informationVM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware
VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based
More informationVirtualization Essentials
Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically
More informationVIRTUALIZATION SECURITY OPTIONS: CHOOSE WISELY
VIRTUALIZATION SECURITY OPTIONS: CHOOSE WISELY With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next One Size Does Not Fit All 1 For virtualization security, there s no one size
More informationFuture of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST
Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service
More informationBrocade One Data Center Cloud-Optimized Networks
POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere
More informationNext Generation Firewalls and Sandboxing
Next Generation Firewalls and Sandboxing Joe Hughes, Director www.servicetech.co.uk Summary What is a Next Generation Firewall (NGFW)? Threat evolution Features Deployment Best practices What is Sandboxing?
More informationOpen Source Cloud Computing Management with OpenNebula
CloudCamp Campus Party July 2011, Valencia Open Source Cloud Computing Management with OpenNebula Javier Fontán Muiños dsa-research.org Distributed Systems Architecture Research Group Universidad Complutense
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More informationCloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment
CloudCenter Full Lifecycle Management An application-defined approach to deploying and managing applications in any datacenter or cloud environment CloudCenter Full Lifecycle Management Page 2 Table of
More informationPanel : Future Data Center Networks
Vijoy Pandey, Ph.D. CTO, Network IBM Distinguished Engineer vijoy.pandey@us.ibm.com Panel : Future Data Center Networks 2012 IBM Corporation Networking folks were poor Custom silicon or poor functionality
More informationLecture 02a Cloud Computing I
Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationSECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING
SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com
More informationUnisys ClearPath Forward Fabric Based Platform to Power the Weather Enterprise
Unisys ClearPath Forward Fabric Based Platform to Power the Weather Enterprise Introducing Unisys All in One software based weather platform designed to reduce server space, streamline operations, consolidate
More informationHybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group
Hybrid Cloud: Overview of Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group Agenda Why Hybrid cloud? Cisco Vision Hybrid Cloud Use Cases and ROI Architecture Overview Deployment Model and
More informationIBM QRadar as a Service
Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major
More informationEvaluation Methodology of Converged Cloud Environments
Krzysztof Zieliński Marcin Jarząb Sławomir Zieliński Karol Grzegorczyk Maciej Malawski Mariusz Zyśk Evaluation Methodology of Converged Cloud Environments Cloud Computing Cloud Computing enables convenient,
More informationENISA Cloud Computing Security Strategy
ENISA Cloud Computing Security Strategy Dr Giles Hogben European Network and Information Security Agency (ENISA) What is Cloud Computing? Isn t it just old hat? What is cloud computing ENISA s understanding
More informationConnecting to the Cloud with F5 BIG-IP Solutions and VMware VMotion
F5 Technical Brief Connecting to the Cloud with F5 BIG-IP Solutions and VMware VMotion F5 and VMware partner to enable live application and storage migrations between data centers and clouds, over short
More informationOpenFlow/SDN for IaaS Providers
OpenFlow/SDN for IaaS Providers Open Networking Summit 2011 Stanford University Paul Lappas & Ivan Batanov The Public Cloud Our Definition Shared infrastructure operated by a service provider where no
More informationSERVER 101 COMPUTE MEMORY DISK NETWORK
Cloud Computing ก ก ก SERVER 101 COMPUTE MEMORY DISK NETWORK SERVER 101 1 GHz = 1,000.000.000 Cycle/Second 1 CPU CYCLE VIRTUALIZATION 101 VIRTUALIZATION 101 VIRTUALIZATION 101 HISTORY YEAR 1800 YEARS LATER
More informationTotal Cloud Protection
Total Cloud Protection Data Center and Cloud Security Security for Your Unique Cloud Infrastructure A Trend Micro White Paper August 2011 I. INTRODUCTION Many businesses are looking to the cloud for increased
More informationDevelop a process for applying updates to systems, including verifying properties of the update. Create File Systems
RH413 Manage Software Updates Develop a process for applying updates to systems, including verifying properties of the update. Create File Systems Allocate an advanced file system layout, and use file
More informationSecurity and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser
Security and Billing for Azure Pack Presented by 5nine Software and Cloud Cruiser Meet our Speakers Symon Perriman VP of Business Development 5nine Software symon@5nine.com @SymonPerriman Paul Zinn Senior
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More information