SECURING A MARATHON INSTALLATION 2016
|
|
- Herbert Hill
- 6 years ago
- Views:
Transcription
1 MesosCon EU Gastón Kleiman SECURING A MARATHON INSTALLATION Mesosphere, Inc. All Rights Reserved. 1
2 Gastón Kleiman Distributed Systems Engineer Marathon/Mesos 2016 Mesosphere, Inc. All Rights Reserved. 2
3 WHY SHOULD YOU CARE? 2016 Mesosphere, Inc. All Rights Reserved. 3
4 Why should you care? 2016 Mesosphere, Inc. All Rights Reserved. 4
5 Why should you care? 1 OPEN CLUSTER = 100s of root shells Attackers are already attacking Mesos clusters 2016 Mesosphere, Inc. All Rights Reserved. 5
6 Why should you care? Multitenancy Admin-only operations Users from different teams Personally Identifiable Information Health, Finance, etc. Legal requirements for data protection and confidentiality 2016 Mesosphere, Inc. All Rights Reserved. 6
7 Attack Vectors External tools & scripts External Services Browser Mesos Master (leading) ZK Mesos Agent Executor/ Task CLI Scheduler Remote Executor/ Task 2016 Mesosphere, Inc. All Rights Reserved. 7
8 Attack Vectors External tools & scripts External Services Browser Mesos Master (leading) ZK Mesos Agent Executor/ Task CLI Scheduler Remote Executor/ Task 2016 Mesosphere, Inc. All Rights Reserved. 8
9 Attack Vectors Browser Mesos Master Marathon Leader CLI ZK External Scripts / API consumers 2016 Mesosphere, Inc. All Rights Reserved. 9
10 AGENDA Security Basics Building Blocks Mesos Framework Authentication Marathon <-> ZK Marathon <-> API consumers Custom AuthN + Fine-Grained AuthZ Securing your applications A reference: DC/OS integration 2016 Mesosphere, Inc. All Rights Reserved. 10
11 SECURITY BASICS 2016 Mesosphere, Inc. All Rights Reserved. 11
12 Building Blocks Mesos Framework Authentication Requires Mesos to be built with SASL support (./configure --with-sasl=/path/to/sasl2) Marathon --mesos_authentication_principal --mesos_authentication_secret_file Mesos Master --credentials (json file), --authenticate_frameworks 2016 Mesosphere, Inc. All Rights Reserved. 12
13 Building Blocks Mesos Framework Authentication Browser Mesos Master Marathon Leader CLI ZK External Scripts / API consumers 2016 Mesosphere, Inc. All Rights Reserved. 13
14 Building Blocks Marathon <--> Mesos Encryption Marathon Requires a TLS-enabled version of libmesos [LIBPROCESS_]SSL_ENABLED=1 LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false LIBPROCESS_SSL_KEY_FILE=key LIBPROCESS_SSL_CERT_FILE=cert LIBPROCESS_SSL_REQUIRE_CERT=1 LIBPROCESS_SSL_CA_FILE=ca bin/start Mesos Master Requires SSL support (./configure --enable-libevent --enable-ssl) LIBPROCESS_SSL_ENABLED=1 LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false LIBPROCESS_SSL_KEY_FILE=key LIBPROCESS_SSL_CERT_FILE=cert LIBPROCESS_SSL_REQUIRE_CERT=1 mesos-master.sh DIY: certificates distribution/rotation 2016 Mesosphere, Inc. All Rights Reserved. 14
15 Building Blocks Mesos Framework Authentication + Encryption Browser Mesos Master Marathon Leader CLI ZK External Scripts / API consumers 2016 Mesosphere, Inc. All Rights Reserved. 15
16 Building Blocks ZooKeeper ACLs ZK ACLs supported out of the box, just start Marathon with: --zk ACLs set by Marathon /marathon/leader - public /marathon/state - restricted access TO-DOs ZK traffic/data encryption An alternative way of passing the credentials, so that they re not visible to other users/processes 2016 Mesosphere, Inc. All Rights Reserved. 16
17 Building Blocks ZooKeeper ACLs Browser Mesos Master Marathon Leader CLI ZK External Scripts / API consumers 2016 Mesosphere, Inc. All Rights Reserved. 17
18 Building Blocks Marathon <-> API consumers - SSL encryption Start Marathon with: --ssl_keystore_path <jks path> --ssl_keystore_password <jks-password> [--leader_proxy_ssl_ignore_hostname] DIY certificate distribution/rotation DIY secrets (password) distribution 2016 Mesosphere, Inc. All Rights Reserved. 18
19 Building Blocks Marathon <-> API consumers - HTTP Basic Auth Start Marathon with: --http_credentials 'cptpicard:topsecretpa$$word' You really want to combine HTTP Basic Auth with SSL. Limitations Only one credential is supported Once a user has access, he can do everything No Single Sign-On support DIY credential rotation 2016 Mesosphere, Inc. All Rights Reserved. 19
20 Building Blocks Marathon <-> API consumers Browser Mesos Master Marathon Leader CLI ZK External Scripts / API consumers 2016 Mesosphere, Inc. All Rights Reserved. 20
21 Building Blocks Marathon <-> API consumers CAN WE DO BETTER? 2016 Mesosphere, Inc. All Rights Reserved. 21
22 Marathon Plugins 2015 Mesosphere, Inc. All Rights Reserved. 22
23 Building Blocks Security Plugins Examples Marathon example plugins (HTTP Basic Auth + static permissions/secrets) Third-party LDAP plugin 2016 Mesosphere, Inc. All Rights Reserved. 23
24 USER MARATHON AUTHENTICATOR AUTHORIZER GET /v2/apps 2016 Mesosphere, Inc. All Rights Reserved. 24
25 USER MARATHON AUTHENTICATOR AUTHORIZER GET /v2/apps authenticate(httprequest) 2016 Mesosphere, Inc. All Rights Reserved. 25
26 USER MARATHON AUTHENTICATOR AUTHORIZER GET /v2/apps authenticate(httprequest) Some(identity) 2016 Mesosphere, Inc. All Rights Reserved. 26
27 USER MARATHON AUTHENTICATOR AUTHORIZER GET /v2/apps authenticate(httprequest) Some(identity) authorize(identity, ViewRunSpec, app) 2016 Mesosphere, Inc. All Rights Reserved. 27
28 USER MARATHON AUTHENTICATOR AUTHORIZER GET /v2/apps authenticate(httprequest) Some(identity) authorize(identity, ViewRunSpec, app) ALLOW 2016 Mesosphere, Inc. All Rights Reserved. 28
29 USER MARATHON AUTHENTICATOR AUTHORIZER GET /v2/apps authenticate(httprequest) Some(identity) Once per RunSpec authorize(identity, ViewRunSpec, app) ALLOW/DENY 2016 Mesosphere, Inc. All Rights Reserved. 29
30 USER MARATHON AUTHENTICATOR AUTHORIZER GET /v2/apps authenticate(httprequest) Some(identity) authorize(identity, ViewRunSpec, app) ALLOW/DENY filtered apps 2016 Mesosphere, Inc. All Rights Reserved. 30
31 Security Plugins Authenticator Single Sign-on LDAP integration Kerberos integration JWT def authenticate(request: HttpRequest): Future[Option[Identity]] def handlenotauthenticated(request: HttpRequest, response: HttpResponse) 2016 Mesosphere, Inc. All Rights Reserved. 31
32 Security Plugins Authorizer Authorizer SUBJECT + ACTION + RESOURCE ALLOW/DENY Actions / Resources Create / View / Update / Delete RunSpec Create / View / Update / Delete Group View / Update Resource (Leader / Events / SystemConfig) def isauthorized[resource](principal: Identity, action: AuthorizedAction[Resource], resource: Resource): Boolean def handlenotauthorized(principal: Identity, response: HttpResponse) 2016 Mesosphere, Inc. All Rights Reserved. 32
33 Security Plugins Authorizer Fine-Grained ACLs ABAC (Attribute based access control) RBAC (Role based access control) Audit log Your only limit is your imagination 2016 Mesosphere, Inc. All Rights Reserved. 33
34 Building Blocks Security Plugins Browser Mesos Master Marathon Leader CLI ZK External Scripts / API consumers 2016 Mesosphere, Inc. All Rights Reserved. 34
35 Application Security Application Security DIY Secrets: Secrets API + RunSpecTaskProcessor plugin Network Segmentation (CNI/Docker User networking) Attach metadata for custom fine-grained AuthZ (RunSpecTaskProcessor) Remember: A CONTAINER IS NOT A VM 2016 Mesosphere, Inc. All Rights Reserved. 35
36 DC/OS Security Integration DC/OS (open-source) Single Sign-On OAuth integration Enterprise DC/OS LDAP integration Fine-grained ACLs Audit log Secrets management CA 2016 Mesosphere, Inc. All Rights Reserved. 36
37 DC/OS Security Integration Browser A d m i n R o u t e r Mesos-DNS, Cosmos, HistoryServer Mesos Master (leading) ZK IAM (LDAP, KDC, OAuth, SAML), CA, Secrets Store Mesos Agent Executor/ Task CLI Mesos Master ZK Scheduler Remote Executor/ Task 2016 Mesosphere, Inc. All Rights Reserved. 37
38 Thank you! Questions? 2016 Mesosphere, Inc. All Rights Reserved. 38
39 VISIT MESOSPHERE S BOOTH Located at D1, near the main entrance Office Hours: Gastón Thursday, right after this talk Learn more by visiting DCOS.io and Mesosphere.com 2016 Mesosphere, Inc. All Rights Reserved. 39
UPGRADING A MESOS CLUSTER
MesosCon 2016 - Greg Mann UPGRADING A MESOS CLUSTER 2016 Mesosphere, Inc. All Rights Reserved. 1 Greg Mann Software Engineer Mesos contributor Computational chemist Croissant enthusiast @greggomann 2016
More informationMesosphere and Percona Server for MongoDB. Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere)
Mesosphere and Percona Server for MongoDB Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere) Mesosphere DC/OS MICROSERVICES, CONTAINERS, & DEV TOOLS
More informationMesosphere and Percona Server for MongoDB. Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere)
Mesosphere and Percona Server for MongoDB Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere) Mesosphere DC/OS MICROSERVICES, CONTAINERS, & DEV TOOLS DATA SERVICES,
More informationSecuring the Elastic Stack
Securing the Elastic Stack Jay Modi, Security Software Engineer Tim Vernum, Security Software Engineer Elastic March 1st, 2018 @jaymode2001 @TimVernum Authentication Who are you? 3 Built-in Users elastic
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationMarathon & Metronome Mesosphere, Inc. All Rights Reserved. 1
Marathon & Metronome 2016 Mesosphere, Inc. All Rights Reserved. 1 About Marathon & Metronome Marathon Framework for long running services Metronome Framework for scheduled or one-off jobs 2016 Mesosphere,
More informationIssues Fixed in DC/OS
Release Notes for 1.10.4 These are the release notes for DC/OS 1.10.4. DOWNLOAD DC/OS OPEN SOURCE Issues Fixed in DC/OS 1.10.4 CORE-1375 - Docker executor does not hang due to lost messages. DOCS-2169
More informationCONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS
APACHE MESOS NYC MEETUP SEPTEMBER 22, 2016 CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS WHO WE ARE ROGER IGNAZIO SUNIL SHAH Tech Lead at Mesosphere @rogerignazio Product Manager at Mesosphere @ssk2
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More information@joerg_schad Nightmares of a Container Orchestration System
@joerg_schad Nightmares of a Container Orchestration System 2017 Mesosphere, Inc. All Rights Reserved. 1 Jörg Schad Distributed Systems Engineer @joerg_schad Jan Repnak Support Engineer/ Solution Architect
More informationTableau Server Security in Depth
Welcome # T C 1 8 Tableau Server Security in Depth Kacper Reiter Sr. Software Engineer Server and Cloud Platform Dinç Çiftçi Software Engineer Server and Cloud Platform Agenda General security model
More informationBig Data Security. Facing the challenge
Big Data Security Facing the challenge Experience the presentation xlic.es/v/e98605 About me Father of a 5 year old child Technical leader in Architecture and Security team at Stratio Sailing skipper 3
More informationSecrets Management in Mesos
Secrets Management in Mesos Vinod Kone (vinodkone@apache.org) MesosCon EU 2017 About me Apache Mesos PMC and Committer Engineering Manager for Mesos team @ Mesosphere Previously Tech Lead for Mesos team
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationCONTINUOUS DELIVERY WITH DC/OS AND JENKINS
SOFTWARE ARCHITECTURE NOVEMBER 15, 2016 CONTINUOUS DELIVERY WITH DC/OS AND JENKINS AGENDA Presentation Introduction to Apache Mesos and DC/OS Components that make up modern infrastructure Running Jenkins
More informationMongoDB Security Checklist
MongoDB Security Checklist Tim Vaillancourt Sr Technical Operations Architect, Percona Speaker Name `whoami` { name: tim, lastname: vaillancourt, employer: percona, techs: [ mongodb, mysql, cassandra,
More informationAdvantages of using DC/OS Azure infrastructure and the implementation architecture Bill of materials used to construct DC/OS and the ACS clusters
Reference implementation: The Azure Container Service DC/OS is a distributed operating system powered by Apache Mesos that treats collections of CPUs, RAM, networking and so on as a distributed kernel
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationIMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.
IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS VMware Identity Manager February 2017 V1 1 2 Table of Contents Overview... 5 Benefits of BIG-IP APM and Identity
More informationIntegrating a directory server
Integrating a directory server Knox Manage provides a directory service that integrates a client's directory server through a Lightweight Directory Access Protocol (LDAP)-based Active Directory service
More informationDistributed Data on Distributed Infrastructure. Claudius Weinberger & Kunal Kusoorkar, ArangoDB Jörg Schad, Mesosphere
Distributed Data on Distributed Infrastructure Claudius Weinberger & Kunal Kusoorkar, ArangoDB Jörg Schad, Mesosphere Kunal Kusoorkar Director Solutions Engineering, ArangoDB @neunhoef Jörg Schad Claudius
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationContainer-Native Applications
Container-Native Applications Security, Logging, Tracing Matthias Fuchs, @hias222 DOAG 2018 Exa & Middleware Days, 2018/06/19 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationCreating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions
Creating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions 2013-05-14, Vladimir Dzhuvinov Goals of the SDK Full implementation of the OIDC specs and all related OAuth
More informationThis document provides instructions for upgrading a DC/OS cluster.
Upgrading ENTERPRISE This document provides instructions for upgrading a DC/OS cluster. If this upgrade is performed on a supported OS with all prerequisites fulfilled, this upgrade should preserve the
More informationCA SSO Cloud-Enabled with SSO/Rest
CA SSO Cloud-Enabled with SSO/Rest SSO/Rest Solves Many Challenges Applications in the Cloud AJAX / Mobile / Thick Client Application Integration "Agent-less" Infrastructure Server-side Application Integration
More informationUsing DC/OS for Continuous Delivery
Using DC/OS for Continuous Delivery DevPulseCon 2017 Elizabeth K. Joseph, @pleia2 Mesosphere 1 Elizabeth K. Joseph, Developer Advocate, Mesosphere 15+ years working in open source communities 10+ years
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationBasic. $5/user per mo.
Product Suite Intelligent office suite Secure cloud-based file storage per user 30 GB Unlimited Unlimited Access across devices (computer, phone, or tablet) Works without an Internet connection Compatible
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationIntroduction to Cloudbreak
2 Introduction to Cloudbreak Date of Publish: 2019-02-06 https://docs.hortonworks.com/ Contents What is Cloudbreak... 3 Primary use cases... 3 Interfaces...3 Core concepts... 4 Architecture... 7 Cloudbreak
More informationEXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings
EXPERTS LIVE SUMMER NIGHT Close your datacenter and give your users-wings Stefan van der Wiele Robbert van der Zwan TSP EMS Blackbelt TSP EMS Netherlands EXPERTS LIVE SUMMER NIGHT Stefan van der Wiele
More informationScale your Docker containers with Mesos
Scale your Docker containers with Mesos Timothy Chen tim@mesosphere.io About me: - Distributed Systems Architect @ Mesosphere - Lead Containerization engineering - Apache Mesos, Drill PMC / Committer
More informationRead the following information carefully, before you begin an upgrade.
Read the following information carefully, before you begin an upgrade. Review Supported Upgrade Paths, page 1 Review Time Taken for Upgrade, page 1 Review Available Cisco APIC-EM Ports, page 2 Securing
More informationIntroduction to Mesos and the Datacenter Operating System
Introduction to Mesos and the Datacenter Operating System Artem Harutyunyan (artem@mesosphere.io) 2016 Mesosphere, Inc. All Rights Reserved. INTRO $ whoami ARTEM HARUTYUNYAN ALICE Offline (2004-2010) AliEn
More information2016 Mesosphere, Inc. All Rights Reserved.
MesosCon 2016 - Qian Zhang (IBM China), Avinash Sridharan, Jie Yu (Mesosphere) Container Network Interface (CNI) for Mesos: The `network/cni` isolator. 1 Qian Zhang Software Engineer zhangqxa@cn.ibm.com
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith
Enterprise Security: Advanced Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for Enterprise Server Portal for 10.5.x Features Strongly Recommend: Knowledge of Server and Portal for Security
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More informationNote: Currently (December 3, 2017), the new managed Kubernetes service on Azure (AKS) does not yet support Windows agents.
Create a Hybrid Kubernetes Linux/Windows Cluster in 7 Easy Steps Azure Container Service (ACS) makes it really easy to provision a Kubernetes cluster in Azure. Today, we'll walk through the steps to set
More informationAPI Security. PHP Tek Rob Richards
API Security PHP Tek 2012 Rob Richards rrichards@mashery.com Who am I? Rob Richards Mashery Email: rrichards@mashery.com Twitter: @mashery Slides: www.cdatazone.org WWW Danger! Danger! Traditional Web
More informationSecuring Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward
Securing Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward Security / 2018-11-22 About Me Farshad Abasi Based in:
More informationAPACHE COTTON. MySQL on Mesos. Yan Xu xujyan
APACHE COTTON MySQL on Mesos Yan Xu xujyan 1 SHORT HISTORY Mesos: cornerstone of Twitter s compute platform. MySQL: backbone of Twitter s data platform. Mysos: started as a hackweek project @twitter. Apache
More informationDeploying OAuth with Cisco Collaboration Solution Release 12.0
White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the
More informationData encryption & security. An overview
Data encryption & security An overview Agenda Make sure the data cannot be accessed without permission Physical security Network security Data security Give (some) people (some) access for some time Authentication
More informationQualys Cloud Platform (VM, PC) v8.x Release Notes
Qualys Cloud Platform (VM, PC) v8.x Release Notes Version 8.18.1 April 1, 2019 This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance.
More informationA Whirlwind Tour of Apache Mesos
A Whirlwind Tour of Apache Mesos About Herdy Senior Software Engineer at Citadel Technology Solutions (Singapore) The eternal student Find me on the internet: _hhandoko hhandoko hhandoko https://au.linkedin.com/in/herdyhandoko
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationThis topic discusses what's required of SAML IdPs in general and provides a step-by-step procedure for setting up a OneLogin IdP.
Adding a SAML identity provider This topic discusses what's required of SAML IdPs in general and provides a step-by-step procedure for setting up a OneLogin IdP. About adding a SAML identity provider DC/OS
More informationINDIGO-Datacloud Identity and Access Management Service
INDIGO-Datacloud Identity and Access Management Service RIA-653549 Presented by Andrea Ceccanti (INFN) andrea.ceccanti@cnaf.infn.it WLCG AuthZ WG Meeting Dec, 14th 2017 IAM overview INDIGO IAM The Identity
More informationOrchestration Ownage: Exploiting Container-Centric Datacenter Platforms
SESSION ID: CSV-R03 Orchestration Ownage: Exploiting Container-Centric Datacenter Platforms Bryce Kunz Senior Threat Specialist Adobe Mike Mellor Director, Information Security Adobe Intro Mike Mellor
More informationDeploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3
Deploying VMware Identity Manager in the DMZ SEPT 2018 VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationThe Modern Web Access Management Platform from on-premises to the Cloud
The Modern Web Access Management Platform from on-premises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and
More informationBuilding/Running Distributed Systems with Apache Mesos
Building/Running Distributed Systems with Apache Mesos Philly ETE April 8, 2015 Benjamin Hindman @benh $ whoami 2007-2012 2009-2010 - 2014 my other computer is a datacenter my other computer is a datacenter
More informationOneLogin SCIM. Table of Contents. Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6
OneLogin SCIM Table of Contents Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6 1 This guide provides set-up instructions for using LastPass with OneLogin as your Identity
More informationFront Office for NetBackup Guide Self-service backup & restore
Front Office for NetBackup Guide Self-service backup & restore Last updated August 6 2014 Contents 1.0 Solution Positioning... 3 1.1 For Service Providers... 3 1.2 For Enterprises... 3 2.0 Standard Services...
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017
ENTRUST CONNECTOR Installation and Configuration Guide Version 0.5.1 April 21, 2017 2017 CygnaCom Solutions, Inc. All rights reserved. Contents What is Entrust Connector... 4 Installation... 5 Prerequisites...
More informationOpenVMS Security Update 1M01
OpenVMS Update M0 Helmut Ammer TCSC München Agenda Ratings ITSEC E C & E B update on V6. TCSEC C Ramp -> > Common Criteria COE DII Current Projects: Enterprise Features & Projects History Per- Profiles
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationSecuring ArcGIS Server Services An Introduction
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Securing ArcGIS Server Services An Introduction David Cordes & Derek Law Esri - Redlands, CA Agenda Security
More informationVMware Horizon Workspace Security Features WHITE PAPER
VMware Horizon Workspace WHITE PAPER Table of Contents... Introduction.... 4 Horizon Workspace vapp Security.... 5 Virtual Machine Security Hardening.... 5 Authentication.... 6 Activation.... 6 Horizon
More informationEnabling Universal Authorization Models using Sentry
Enabling Universal Authorization Models using Sentry Hao Hao - hao.hao@cloudera.com Anne Yu - anneyu@cloudera.com Vancouver BC, Canada, May 9-12 2016 About us Software engineers at Cloudera Apache Sentry
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationSecuring ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationRed Hat Directory Server
Red Hat Directory Server HP User Society / DECUS 17. Mai 2006 Joachim Schröder Red Hat GmbH How Identity Management can Save In a one year period in a typical 10,000 user organization: 54,180 employee
More informationWSO2 Identity Management
WSO2 Identity Management Panagiotis Kranidiotis panagiotiskranidiotis@gmailcom 4 Νοεμβρίου 2017 Few things about me First engagement with open source technologies in 1995 Open source consultant and systems
More informationSunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS Mesosphere, Inc. All Rights Reserved.
Sunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS 1 Introduction MOBILE, SOCIAL & CLOUD ARE RAISING CUSTOMER EXPECTATIONS We need a way to deliver software so fast that our
More informationSecrets Management in Mesos. Vinod Kone Greg Mann
Secrets Management in Mesos Vinod Kone (vinodkone@apache.org) Greg Mann (grag@apache.org) Introduction Vinod Kone Apache Mesos committer / PMC member Tech Lead Manager @ Mesosphere JIRA / ReviewBoard username:
More informationMulti-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)
Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Jeremy Oakey - Sr. Director, Technical Marketing & Integrations BRKCLD-2008 Agenda Introduction Architecture
More informationBitnami OSQA for Huawei Enterprise Cloud
Bitnami OSQA for Huawei Enterprise Cloud Description OSQA is a question and answer system that helps manage and grow online communities similar to Stack Overflow. First steps with the Bitnami OSQA Stack
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More information@unterstein #bedcon. Operating microservices with Apache Mesos and DC/OS
@unterstein @dcos @bedcon #bedcon Operating microservices with Apache Mesos and DC/OS 1 Johannes Unterstein Software Engineer @Mesosphere @unterstein @unterstein.mesosphere 2017 Mesosphere, Inc. All Rights
More informationIntegrating AirWatch and VMware Identity Manager
Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationAWS Remote Access VPC Bundle
AWS Remote Access VPC Bundle Deployment Guide Last updated: April 11, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto CA 94301 USA http://www.aviatrix.com Tel: +1 844.262.3100 Page 1 of 12 TABLE
More informationAGILE DEVELOPMENT AND PAAS USING THE MESOSPHERE DCOS
Sunil Shah AGILE DEVELOPMENT AND PAAS USING THE MESOSPHERE DCOS 1 THE DATACENTER OPERATING SYSTEM (DCOS) 2 DCOS INTRODUCTION The Mesosphere Datacenter Operating System (DCOS) is a distributed operating
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationGPII Security. Washington DC, November 2015
GPII Security Washington DC, November 2015 Outline User data User's device GPII Configuration use cases Preferences access and privacy filtering Work still to do Demo GPII User Data Preferences Device
More informationDatabricks Enterprise Security Guide
Databricks Enterprise Security Guide 1 Databricks is committed to building a platform where data scientists, data engineers, and data analysts can trust that their data is secure. Through implementing
More informationTACACs+, RADIUS, LDAP, RSA, and SAML
This chapter contains the following sections: Overview, page 1 RADIUS, page 1 TACACS+ Authentication, page 2 User IDs in the APIC Bash Shell, page 2 Login Domains, page 3 LDAP/Active Directory Authentication,
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationPlatform Services Controller Administration. Modified on 27 JUN 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7
Platform Services Controller Administration Modified on 27 JUN 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7 You can find the most up-to-date technical documentation on the VMware website
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 070-220 Title : Designing Security for a Microsoft Windows 2000 Network
More informationConfiguring Apache Knox SSO
3 Configuring Apache Knox SSO Date of Publish: 2018-07-15 http://docs.hortonworks.com Contents Configuring Knox SSO... 3 Configuring an Identity Provider (IdP)... 4 Configuring an LDAP/AD Identity Provider
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationRed Hat JBoss Enterprise Application Platform 7.0
Red Hat JBoss Enterprise Application Platform 7.0 Security Architecture For Use with Red Hat JBoss Enterprise Application Platform 7.0 Last Updated: 2018-02-08 Red Hat JBoss Enterprise Application Platform
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationPlatform Services Controller Administration. Update 1 Modified on 11 DEC 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.
Platform Services Controller Administration Update 1 Modified on 11 DEC 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7 You can find the most up-to-date technical documentation on the VMware
More informationAbout This Document 3. Overview 3. System Requirements 3. Installation & Setup 4
About This Document 3 Overview 3 System Requirements 3 Installation & Setup 4 Step By Step Instructions 5 1. Login to Admin Console 6 2. Show Node Structure 7 3. Create SSO Node 8 4. Create SAML IdP 10
More informationIdentity Management In Red Hat Enterprise Linux. Dave Sirrine Solutions Architect
Identity Management In Red Hat Enterprise Linux Dave Sirrine Solutions Architect Agenda Goals of the Presentation 2 Identity Management problem space What Red Hat Identity Management solution is about?
More information