Secure Mission-Centric Operations in Cloud Computing
|
|
- Claude Neal
- 5 years ago
- Views:
Transcription
1 Secure Mission-Centric Operations in Cloud Computing Massimiliano Albanese, Sushil Jajodia, Ravi Jhawar, Vincenzo Piuri George Mason University, USA Università degli Studi di Milano, Italy ARO Workshop on Cloud Security George Mason University, USA March 11-12, /39
2 Outline Motivation System overview Mission and Cloud infrastructure Mission deployment framework Secure mission deployment Static mission deployment Dynamic mission deployment Incremental vulnerability analysis Mission protection Dependability in the mission interpreter 2/39
3 Motivation (1) Cloud computing is becoming increasingly popular + Flexibility in obtaining and releasing computing resources + Lower entry and usage costs + Effective for applications with high scalability requirements Growing interest among users to leverage Cloud-based services to execute critical missions Exacerbate the need to ensure high security and availability of the system and the missions 3/39
4 Motivation (2) Cloud computing infrastructure is highly complex Vulnerable to various cyber-attacks Subject to a large number of failures Outside the control scope of the user s organization Existing solutions individually focus on the security of the infrastructure and the mission Do not take into account the interdependencies between them Techniques to securely operate missions in vulnerable Cloud environments are necessary 4/39
5 Secure Mission Deployment and Protection Deploy mission tasks such that their exposure to vulnerabilities in the infrastructure is minimum Static and dynamic versions of the problem Protect the hosts and network links used by the mission Static protection hardens all the resources for entire duration of mission execution Dynamic protection hardens resources corresponding to computation still to be executed Response to incidents 5/39
6 System Overview Mission A mission is a composition of a set of tasks M={τ 1,...,τ m } Replicate critical tasks to improve the fault tolerance and resilience of the mission A replicated task set for τ k is the set R k ={τ l k }={τ1 k,...,τ r k k } Mission is then a composition of all the tasks in the replicated task sets T = {t i } = τ k M R k R 1={τ 1 1, τ 2 1 } R 2={τ 1 2, τ 2 2, τ 3 2 } t 3 t 4 t 1 t 2 t 5 t 6 R 3={τ 1 3 } 6/39
7 System Overview Cloud Infrastructure h 12 h 13 h 14 h 15 Subnet 3 h 8 h 7 Router B Internet Router A Subnet 2 h 9 h 10 h 1 Subnet 1 h 6 h 11 h 2 h 3 h 4 h 5 Data center 1 Data center 2 7/39
8 System Overview Cloud Infrastructure h 12 h 13 h 14 h 15 t 1 t 2 Subnet 3 h 8 h 7 Router B Internet Router A Subnet 2 h 9 h 10 h 1 Subnet 1 h 6 h 11 h 2 h 3 h 4 h 5 Data center 1 Data center 2 Hosts may be vulnerable to various cyber-attacks (e.g., Subnet 1: compromised, Subnet 2: vulnerable, Subnet 3: highly secure) 7/39
9 System Overview Cloud Infrastructure h 12 h 13 h 14 h 15 t 1 t 2 Subnet 3 h 8 h 7 Router B Internet Router A Subnet 2 h 9 h 10 h 1 Subnet 1 h 6 h 11 h 2 h 3 h 4 h 5 Data center 1 Data center 2 Tasks may have vulnerability tolerance capability (e.g., Task 1 can handle buffer overflow attacks using memory management mechanisms) 7/39
10 Mission Deployment Framework Overview τ 1 τ 2 τ 3 Abstract tasks High level task models t 1 t 2 t 3 t 4 t 5 Task instances t 1 h 1 t 2 t 3 t 4 t 5 h 2 h 3 h 4 Allocation 8/39
11 Mission Deployment 9/39
12 Static Mission Deployment Each host h H is associated with a vulnerability value V h tol(t) provides an estimate of the maximum level of vulnerability the task can be exposed to Task allocation problem with two sub-problems Map each task to an appropriate VM image in the repository Allocate VMs on suitable physical hosts in the Cloud t 1 t 2 t 3 t 4 t 5 I 1 I 2 I 3 I 4 I 5 h 1 h 2 h 3 h 4 T VM Image a:t H H 10/39
13 Selecting VM Images Challenge: Develop techniques to assess security of VM images at run-time and an automated security-driven search scheme to deploy mission tasks VM images encapsulate the entire software stack and determine the initial state of running VM instances Most Cloud IaaS require users to manually select VM images; in public Cloud services, VM images have critical vulnerabilities Objective: Select VM images that satisfy both functional requirements and security policy of mission tasks 11/39
14 Allocating VMs on Cloud Infrastructure (1) Challenge: Develop approximation algorithms to find suboptimal allocation solution in a time-efficient manner Objective is to minimize exposure of mission tasks to the vulnerabilities in the Cloud infrastructure Satisfy additional dependability constraints (e.g., host s capacity and task s vulnerability tolerance constraint) 12/39
15 Allocating VMs on Cloud Infrastructure (2) Root Root Task t1 (t1, h1) (t1, h4) Task t2 (t2, h1) (t2, h2) (t2, h3) (t2, h4) (t2, h1) (t2, h2) (t2, h3) (t2, h4) Task t3 h1 h2 h3 h4 h1 h2 h3 h4 h1 h2 h3 h4 h1 h2 h3 h4 h1 h2 h3 h4 h1 h2 h3 h4 h1 h2 h3 h4 h1 h2 h3 h4 Possible solution: Use A -based state-space search approach State is a possible choice for allocating a task on a host (t i,h j ) Root state is the initial state where no task is allocated Operation generates child states for a given state s Goal state is a state in which all the tasks have been allocated (leaf) Solution path is the path from root state to any goal state 13/39
16 Allocating VMs on Cloud Infrastructure (3) Objective is to find the solution path with minimum vulnerability value Cost function is the vulnerability measure of complete allocation fvul(s) = gvul(s) + hvul(s) gvul(s) is the total minimum vulnerability due to task allocation from the root state to the current state s hvul(s) is the lower-bound vulnerability estimate of the allocation from the current state to any goal state hvul(s) is computed using an admissible heuristic Improves search performance while not compromising optimality 14/39
17 Allocating VMs on Cloud Infrastructure (4) Traversal scheme expands the states and generates the solution path starting from the root state The state with minimum fvul(s) value is considered and its successors are generated (unless s corresponds to the goal state) For each successor s of s Vulnerability cost gvul is calculated If s is already visited, and if its real cost is less than that of the current successor, it is dropped, and hvul(s ) value is estimated The fvul(s )=gvul(s )+hvul(s ) value is determined and stored The parent state s is marked as visited 15/39
18 Example - Allocating VMs on Cloud Infrastructure (5) Host Network Residual CPU capacity, Vulnerability level Task Application CPU Requirement, Vulnerability tolerance h 1 0.5, 0.3 t 1 0.4, 0.2 h 2 0.7, 0.1 t 2 0.4, 0.2 h 3 0.3, 0.2 t 3 0.3, 0.4 h 4 0.5, 0.2 V ti,hj h 1 h 2 h 3 h 4 t t t root t 1, h 2 t 1, h t 2, h t 3, h t 3, h t 3, h State-space tree nodes expansion sequence 16/39
19 Allocating VMs on Cloud Infrastructure (6) Number of search steps with and without the estimation heuristic 5 10 tasks (with heuristic) 5 10 tasks (uniform cost) 200 Search steps Number of hosts 17/39
20 Allocating VMs on Cloud Infrastructure (7) Quality of the solution wrt the (i) mission and (ii) globally across the Cloud infrastructure tasks Approximation ratio Number of hosts Approximation ratio Number of hosts 18/39
21 Allocating VMs on Cloud Infrastructure (8) Scalability of the proposed approach tasks 15 Time (s) Number of hosts hosts 20 Time (s) Number of tasks 19/39
22 Dynamic Mission Deployment (1) Each task is associated with temporal constraints (e.g., a task may only run after another task) Critical missions must complete within a certain amount of time Possible solution: Complex task scheduling solution that takes into account the capability of the VM while computing the solution 20/39
23 Dynamic Mission Deployment (2) Challenge: Schedule mission tasks on the hosts 1 To minimize their exposure to the vulnerabilities in the network 2 To ensure their deadlines are met task t 1 Mission execution timeline task 2 (2s) t 2 t 3 t time s 0 task 1 task 4 s 1 s 2 (3s) (4s) s 3 task 3 (3s) Critical tasks (e.g., task t 3 ) must be placed on highly reliable host Adopt scheduling schemes such as greedy heuristics, genetic algorithms, tabu search, A to solve the scheduling problem 21/39
24 Incremental Vulnerability Analysis (1) Challenge: Develop a scalable scheme to estimate the increase V ti,h j in vulnerability level of host h j due to deployment of task t i An allocation introduces new services (tasks, VMs) on a host and increases its vulnerability by V Perform what-if analysis during mission deployment 22/39
25 Incremental Vulnerability Analysis (2) Possible solution: Instead of recomputing the vulnerability from-scratch, apply an incremental algorithm on attack graph 1 Event-based approach 2 Identify the changed parts of the graph and calculate the changed vulnerability 3 Combine the results with already computed results c 2 e 2 c 3 e 3 c 1 e 1 Conditions Exploits c 4 23/39
26 Incremental Vulnerability Analysis (2) Possible solution: Instead of recomputing the vulnerability from-scratch, apply an incremental algorithm on attack graph 1 Event-based approach 2 Identify the changed parts of the graph and calculate the changed vulnerability 3 Combine the results with already computed results c 2 e 2 Conditions c 3 c 5 c 1 Exploits e 3 e 5 e 1 c 4 23/39
27 Mission Protection 24/39
28 Static Network Hardening Challenge: Given a mission is deployed in the Cloud, protect the resources used by the mission tasks In the static version, all the hosts and network links are protected for the entire duration of mission execution h12 h13 h14 h15 t1 t2 Subnet 3 h8 h7 Router B Internet Router A Subnet 2 h9 h10 h1 Subnet 1 h6 h11 h2 h3 h4 h5 Possible solution: Build on top of previous work for network hardening 25/39
29 Dynamic Mission Protection Challenge: At any point in time, find a cost-optimal time-varying strategy to harden the resources not yet used by the mission Dynamic protection minimizes the disruption that hardening strategy causes to legitimate users Possible solution: Efficient technique that analyzes huge streams of security threats at real-time For example, use of attack graphs to track where the attacker is going (the penetration path) 26/39
30 Dependability in the Mission Interpreter 27/39
31 Dependability Support for Mission Interpreter Realize the notion of Dependability as a Service Dependability schemes based on the virtualization technology (e.g., checkpointing virtual machine instances) + introduce dependability in a transparent manner + offers high level of generality + Possible to change dependability properties based on business needs Construct dependability mechanisms at runtime Mission centric Service Level Agreement (SLA) 28/39
32 Dependability as a Service Build and deliver the service by orchestrating a set of micro-protocols Realize dependability techniques as independent, stand-alone, configurable modules (web services) Operate at the level of virtual machine instances VM instance replication technique h 1 h 2 h 3 h 4 F T M 29/39
33 Dependability as a Service Build and deliver the service by orchestrating a set of micro-protocols Realize dependability techniques as independent, stand-alone, configurable modules (web services) Operate at the level of virtual machine instances VM instance replication technique h 1 h 2 h 3 h 4 F T M 29/39
34 Dependability as a Service Build and deliver the service by orchestrating a set of micro-protocols Realize dependability techniques as independent, stand-alone, configurable modules (web services) Operate at the level of virtual machine instances Failure detection using hearbeat test 29/39
35 Example of a comprehensive dependability solution A fault tolerance policy: ft_sol[ invoke:ft_unit(vm-instances replication) invoke:ft_unit(failure detection) do{ execute(failure detection ft_unit) }while(no failures) if(failure detected) invoke:ft_unit(masking mechanism) invoke:ft_unit(recovery mechanism) ] 30/39
36 Example of a comprehensive dependability solution A fault tolerance policy: ft_sol[ invoke:ft_unit(vm-instances replication) invoke:ft_unit(failure detection) do{ execute(failure detection ft_unit) }while(no failures) if(failure detected) invoke:ft_unit(masking mechanism) invoke:ft_unit(recovery mechanism) ] Replica Group h 1 h 2 h 3 h 4 30/39
37 Example of a comprehensive dependability solution A fault tolerance policy: ft_sol[ invoke:ft_unit(vm-instances replication) invoke:ft_unit(failure detection) do{ execute(failure detection ft_unit) }while(no failures) if(failure detected) invoke:ft_unit(masking mechanism) invoke:ft_unit(recovery mechanism) ] Replica Group h 1 h 2 h 3 h 4 30/39
38 Example of a comprehensive dependability solution A fault tolerance policy: ft_sol[ invoke:ft_unit(vm-instances replication) invoke:ft_unit(failure detection) do{ execute(failure detection ft_unit) }while(no failures) if(failure detected) invoke:ft_unit(masking mechanism) invoke:ft_unit(recovery mechanism) ] Replica Group h 1 h 2 h 3 h 4 30/39
39 Example of a comprehensive dependability solution A fault tolerance policy: ft_sol[ invoke:ft_unit(vm-instances replication) invoke:ft_unit(failure detection) do{ execute(failure detection ft_unit) }while(no failures) if(failure detected) invoke:ft_unit(masking mechanism) invoke:ft_unit(recovery mechanism) ] Replica Group h 1 h 2 h 3 h 4 30/39
40 Configuration of a Dependability Solution (1) Based on the affect of failures on mission s tasks Using Fault trees and Markov chains ToR Top of Rack Switch AccR Access Router AggS Aggregate Switch LB Load Balancer 31/39
41 Configuration of a Dependability Solution (2) Analyze the properties of typical dependability mechanisms For example, semi-active replication Primary, Backup (λ failure rate, µ recovery rate, k constant) (1 k)µ (1 k)µ 2λ λ 1,1 1,0 0,0 kµ kµ 32/39
42 Identify possible deployment levels Based on data published by Kim et al. in PRDC 09, Smith et al. in IBM Systems Journal 08, Undheim et al. in Grid 11 Availability values for each replication mechanism at different deployment levels Same Cluster Same Data center, Diff. Data centers diff. clusters Semi-Active Semi-Passive Passive /39
43 Replica Placement Constraints Location and performance requirements of replicas can be specified using constraints Global constraints Resource Capacity Infrastructure oriented constraints Forbid, Count Application oriented constraints Restrict, Distribute, Latency 34/39
44 Example - Distribute Constraint To avoid single points of failure among replicated tasks Two tasks are never located on the same physical host h 1 h 10 v 1 h 2 h 5 h 6 h 7 v 3 v 2 h 3 h 4 h 8 h 9 35/39
45 Example - Distribute Constraint To avoid single points of failure among replicated tasks Two tasks are never located on the same physical host h 1 h 10 v 1 h 2 h 5 h 6 h 7 v 3 v 2 h 3 h 4 h 8 h 9 35/39
46 Example - Distribute Constraint To avoid single points of failure among replicated tasks Two tasks are never located on the same physical host h 1 h 10 v 1 h 2 h 5 h 6 h 7 v 3 v 2 h 3 h 4 h 8 h 9 35/39
47 Example - Distribute Constraint To avoid single points of failure among replicated tasks Two tasks are never located on the same physical host h 1 h 10 v 1 h 2 h 5 h 6 h 7 v 3 v 2 h 3 h 4 h 8 h 9 35/39
48 Conclusions Mission-centric techniques to improve the security and fault tolerance in Cloud computing Secure mission deployment techniques (allocation and scheduling) Static and dynamic mission protection by network hardening Provide complementary dependability support to the mission interpreter as a service 36/39
49 Acknowledgments This work is supported by the Army Research Office under award number W911NF , and by the Office of Naval Research under award number N /39
50 Publications Chapters in Books R. Jhawar, V. Piuri, "Fault Tolerance and Resilience in Cloud Computing Environments" in Computer and Information Security Handbook, 2nd Edition, J. Vacca (ed.), Morgan Kaufmann, 2013 (to appear) International Journals Articles R. Jhawar, V. Piuri, M. Santambrogio, "Fault Tolerance Management in Cloud Computing: A System-Level Perspective," Systems Journal, IEEE, vol.pp, no.99 C. A. Ardagna, R. Jhawar, V. Piuri, "Dependability Certification of Services: A Model-Based Approach", (under submission) International Conferences and Workshops M. Albanese, S. Jajodia, R. Jhawar, V. Piuri, "Secure Mission Deployment in Vulnerable Networks", (under submission) 38/39
51 Publications C.A. Ardagna, E. Damiani, R. Jhawar, and V. Piuri, "A Model-Based Approach to Reliability Certification of Services," in Proc. of the 6th IEEE Int l Conference on Digital Ecosystem Technologies - Complex Environment Engineering, Campione d Italia, Italy, June, 2012 R. Jhawar, and V. Piuri, "Fault Tolerance Management in IaaS Clouds," in Proc. of the 1st IEEE-AESS Conference in Europe about Space and Satellite Telecommunications, Rome, Italy, October 2-5, 2012 R. Jhawar, V. Piuri, and P. Samarati, "Supporting Security Requirements for Resource Management in Cloud Computing," in Proc. of the 15th IEEE Int l Conference on Computational Science and Engineering, Paphos, Cyprus, December 5-7, 2012 R. Jhawar, V. Piuri, and M. Santambrogio, "A Comprehensive Conceptual System-Level Approach to Fault Tolerance in Cloud Computing," in 2012 IEEE Int l Systems Conference, Vancouver, BC, Canada, March 19-22, /39
Dependability in Cloud Computing
FACOLTÀ DI SCIENZE MATEMATICHE, FISICHE E NATURALI DIPARTIMENTO DI INFORMATICA DOTTORATO DI RICERCA IN INFORMATICA SCUOLA DI DOTTORATO IN INFORMATICA, XXVI CICLO Dependability in Cloud Computing RELATORE
More informationIntroducing VMware Validated Designs for Software-Defined Data Center
Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design 4.0 VMware Validated Design for Software-Defined Data Center 4.0 You can find the most up-to-date technical
More informationIntroducing VMware Validated Designs for Software-Defined Data Center
Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design for Software-Defined Data Center 4.0 This document supports the version of each product listed and supports
More informationNetwork-Aware Resource Allocation in Distributed Clouds
Dissertation Research Summary Thesis Advisor: Asst. Prof. Dr. Tolga Ovatman Istanbul Technical University Department of Computer Engineering E-mail: aralat@itu.edu.tr April 4, 2016 Short Bio Research and
More informationIntroducing VMware Validated Designs for Software-Defined Data Center
Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design for Software-Defined Data Center 3.0 This document supports the version of each product listed and supports
More informationSECURE SYNCHRONIZATION FOR FAULT TOLERANCE IN DISTRIBUTED ENVIRONMENT
SCUR SYNCHRONIZATION FOR FAULT TOLRANC IN DISTRIBUTD NVIRONNT 1. adhumathi, 2 B.Vinitha subashini Department Of Computer Science & ngineering, 1 madhu.bubbu@gmail.com, 2 vinithasubashini@gmail.com Abstract
More information288 IEEE SYSTEMS JOURNAL, VOL. 7, NO. 2, JUNE 2013
288 IEEE SYSTEMS JOURNAL, VOL. 7, NO. 2, JUNE 2013 Fault Tolerance Management in Cloud Computing: A System-Level Perspective Ravi Jhawar, Graduate Student Member, IEEE, Vincenzo Piuri, Fellow, IEEE, and
More informationCompTIA Security+ Study Guide (SY0-501)
CompTIA Security+ Study Guide (SY0-501) Syllabus Session 1 At the end of this session, students will understand what risk is and the basics of what it means to have security in an organization. This includes
More informationVMware vsphere 4. The Best Platform for Building Cloud Infrastructures
Table of Contents Get the efficiency and low cost of cloud computing with uncompromising control over service levels and with the freedom of choice................ 3 Key Benefits........................................................
More informationModeling for Fault Tolerance in Cloud Computing Environment
Journal of Computer Sciences and Applications, 2016, Vol. 4, No. 1, 9-13 Available online at http://pubs.sciepub.com/jcsa/4/1/2 Science and Education Publishing DOI:10.12691/jcsa-4-1-2 Modeling for Fault
More informationAn Introduction to Virtualization and Cloud Technologies to Support Grid Computing
New Paradigms: Clouds, Virtualization and Co. EGEE08, Istanbul, September 25, 2008 An Introduction to Virtualization and Cloud Technologies to Support Grid Computing Distributed Systems Architecture Research
More informationDisaster Recovery Guide
Disaster Recovery Guide DR in Virtualized Environments Powered by PREFACE Disaster Recovery in a Virtualized World In today s always-on, information-driven organizations, business continuity depends completely
More informationHedvig as backup target for Veeam
Hedvig as backup target for Veeam Solution Whitepaper Version 1.0 April 2018 Table of contents Executive overview... 3 Introduction... 3 Solution components... 4 Hedvig... 4 Hedvig Virtual Disk (vdisk)...
More informationIntroducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1
Introducing VMware Validated Design Use Cases Modified on 21 DEC 2017 VMware Validated Design 4.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationEMC Business Continuity for Microsoft Applications
EMC Business Continuity for Microsoft Applications Enabled by EMC Celerra, EMC MirrorView/A, EMC Celerra Replicator, VMware Site Recovery Manager, and VMware vsphere 4 Copyright 2009 EMC Corporation. All
More informationTHE DATACENTER AS A COMPUTER AND COURSE REVIEW
THE DATACENTER A A COMPUTER AND COURE REVIEW George Porter June 8, 2018 ATTRIBUTION These slides are released under an Attribution-NonCommercial-hareAlike 3.0 Unported (CC BY-NC-A 3.0) Creative Commons
More informationSRM University, Kattankulathur Department of Information Technology IT1019 Information Storage and Management Model Examination
SRM University, Kattankulathur Department of Information Technology IT1019 Information Storage and Management Model Examination Degree/Yr/Sem :B.Tech/III/VI Date: 03/05/2017 Max. Marks: 100 marks Duration:
More informationA Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist
A Survival Guide to Continuity of Operations David B. Little Senior Principal Product Specialist Customer Perspective: Recovery Time & Objective Asynchronous Replication Synchronous Replication WAN Clustering
More informationDifferentiating Your Datacentre in the Networked Future John Duffin
Differentiating Your Datacentre in the Networked Future John Duffin Managing Director, South Asia. Uptime Institute July 2017 2017 Uptime Institute, LLC The Global Datacentre Authority 2 2017 Uptime Institute,
More informationVMware vsphere Clusters in Security Zones
SOLUTION OVERVIEW VMware vsan VMware vsphere Clusters in Security Zones A security zone, also referred to as a DMZ," is a sub-network that is designed to provide tightly controlled connectivity to an organization
More informationWindows Server : Configuring Advanced Windows Server 2012 Services R2. Upcoming Dates. Course Description.
Windows Server 2012 20412: Configuring Advanced Windows Server 2012 Services R2 Gain the skills and knowledge necessary to perform advanced management and provisioning of services within Windows Server
More informationHyper-Converged Infrastructure: Providing New Opportunities for Improved Availability
Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability IT teams in companies of all sizes face constant pressure to meet the Availability requirements of today s Always-On
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationvsan Security Zone Deployment First Published On: Last Updated On:
First Published On: 06-14-2017 Last Updated On: 11-20-2017 1 1. vsan Security Zone Deployment 1.1.Solution Overview Table of Contents 2 1. vsan Security Zone Deployment 3 1.1 Solution Overview VMware vsphere
More informationWindows Azure Services - At Different Levels
Windows Azure Windows Azure Services - At Different Levels SaaS eg : MS Office 365 Paas eg : Azure SQL Database, Azure websites, Azure Content Delivery Network (CDN), Azure BizTalk Services, and Azure
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationTHE VMTURBO CLOUD CONTROL PLANE
THE VMTURBO CLOUD CONTROL PLANE Software-Driven Control for the Software-Defined Data Center EXECUTIVE SUMMARY The Software-Defined Datacenter (SDDC) has the potential to extend the agility, operational
More informationProtecting Mission-Critical Application Environments The Top 5 Challenges and Solutions for Backup and Recovery
White Paper Business Continuity Protecting Mission-Critical Application Environments The Top 5 Challenges and Solutions for Backup and Recovery Table of Contents Executive Summary... 1 Key Facts About
More informationNET EXPERT SOLUTIONS PVT LTD
Module 1: Implementing Advanced Network Services In this module students will be able to configure advanced features for Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), and configure
More informationWhy Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard
Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard In my view, Microsoft Azure is fast becoming the trusted platform of choice for SMB and Enterprise customers.
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationVMware vcloud Air Accelerator Service
DATASHEET AT A GLANCE The VMware vcloud Air Accelerator Service assists customers with extending their private VMware vsphere environment to a VMware vcloud Air public cloud. This Accelerator Service engagement
More informationTITLE. the IT Landscape
The Impact of Hyperconverged Infrastructure on the IT Landscape 1 TITLE Drivers for adoption Lower TCO Speed and Agility Scale Easily Operational Simplicity Hyper-converged Integrated storage & compute
More informationAn Empirical Study of High Availability in Stream Processing Systems
An Empirical Study of High Availability in Stream Processing Systems Yu Gu, Zhe Zhang, Fan Ye, Hao Yang, Minkyong Kim, Hui Lei, Zhen Liu Stream Processing Model software operators (PEs) Ω Unexpected machine
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationAWS Solution Architecture Patterns
AWS Solution Architecture Patterns Objectives Key objectives of this chapter AWS reference architecture catalog Overview of some AWS solution architecture patterns 1.1 AWS Architecture Center The AWS Architecture
More informationARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin
ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &
More informationCLOUD GOVERNANCE SPECIALIST Certification
CLOUD GOVERNANCE SPECIALIST Certification The Cloud Professional (CCP) program from Arcitura is dedicated to excellence in the fields of cloud computing technology, mechanisms, platforms, architecture,
More informationChallenges in Data Stream Processing
Università degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Challenges in Data Stream Processing Corso di Sistemi e Architetture per Big Data A.A. 2016/17 Valeria
More informationDrive digital transformation with an enterprise-grade Managed Private Cloud
Singtel Business Product Factsheet Brochure Managed Private Defense Cloud Services Drive digital transformation with an enterprise-grade Managed Private Cloud Singtel Managed Private Cloud enables enterprises
More informationRedefine Data Protection: Next Generation Backup And Business Continuity
Redefine Data Protection: Next Generation Backup And Business Continuity 1 Business Is Being Redefined Leveraging the Power of Technology Megatrends CLOUD MOBILE SOCIAL BIG DATA 2 Creating New Next Gen
More informationTable of Contents HOL HCI
Table of Contents Lab Overview - - Getting Started with VxRail... 2 VxRail Lab Overview... 3 Module 1 - VxRail Initial Configuration (15 minutes)... 5 Introduction - Configure a newly deployed VxRail Appliance...
More informationIntroduction. Delivering Management as Agile as the Cloud: Enabling New Architectures with CA Technologies Virtual Network Assurance Solution
Delivering Management as Agile as the Cloud: Enabling New Architectures with CA Technologies Virtual Network Assurance Solution Introduction Service providers and IT departments of every type are seeking
More informationA Quantitative Framework for Cyber Moving Target Defenses
A Quantitative Framework for Cyber Moving Target Defenses Warren Connell 29 Aug 17 Massimiliano Albanese, co-director Daniel Menascé, co-director Sushil Jajodia Rajesh Ganesan 7/6/2017 1 Outline Introduction
More informationDistributed Invocation of Composite Web Services
Distributed Invocation of Composite Web Services Chang-Sup Park 1 and Soyeon Park 2 1. Department of Internet Information Engineering, University of Suwon, Korea park@suwon.ac.kr 2. Department of Computer
More informationINTRUSION DETECTION AND CORRELATION. Challenges and Solutions
INTRUSION DETECTION AND CORRELATION Challenges and Solutions Advances in Information Security Sushil Jajodia Consulting editor Center for Secure Information Systems George Mason University Fairfax, VA
More informationCOMP6511A: Large-Scale Distributed Systems. Windows Azure. Lin Gu. Hong Kong University of Science and Technology Spring, 2014
COMP6511A: Large-Scale Distributed Systems Windows Azure Lin Gu Hong Kong University of Science and Technology Spring, 2014 Cloud Systems Infrastructure as a (IaaS): basic compute and storage resources
More information#techsummitch
www.thomasmaurer.ch #techsummitch Justin Incarnato Justin Incarnato Microsoft Principal PM - Azure Stack Hyper-scale Hybrid Power of Azure in your datacenter Azure Stack Enterprise-proven On-premises
More informationHypervisors and Server Flash Satyam Vaghani
Hypervisors and Server Flash Satyam Vaghani Agenda r Case for server flash in SDDC r Technology implications of marrying hypervisors with server flash r Empirical data r Conclusion and open issues 2 Reference
More informationCA Automation Capabilities A Technical Look at Process and Runbook Automation. Tom Kouhsari and AJ Dennis
CA Automation Capabilities A Technical Look at Process and Runbook Automation Tom Kouhsari and AJ Dennis Terms of This Presentation This presentation was based on current information and resource allocations
More informationNC Education Cloud Feasibility Report
1 NC Education Cloud Feasibility Report 1. Problem Definition and rationale North Carolina districts are generally ill-equipped to manage production server infrastructure. Server infrastructure is most
More informationIntroducing VMware Validated Designs for Software-Defined Data Center
Introducing VMware Validated Designs for Software-Defined Data Center 13 FEB 2018 VMware Validated Design 4.2 VMware Validated Design for Software-Defined Data Center 4.2 You can find the most up-to-date
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationLecture 9: MIMD Architectures
Lecture 9: MIMD Architectures Introduction and classification Symmetric multiprocessors NUMA architecture Clusters Zebo Peng, IDA, LiTH 1 Introduction MIMD: a set of general purpose processors is connected
More informationConquer New Digital Frontiers with leading Public Cloud Platforms.
Singtel Business Product Factsheet Brochure Managed Defense Public Cloud Services Conquer New Digital Frontiers with leading Public Cloud Platforms. Singtel Managed Public Cloud supports enterprises in
More informationMapping a Dynamic Prefix Tree on a P2P Network
Mapping a Dynamic Prefix Tree on a P2P Network Eddy Caron, Frédéric Desprez, Cédric Tedeschi GRAAL WG - October 26, 2006 Outline 1 Introduction 2 Related Work 3 DLPT architecture 4 Mapping 5 Conclusion
More informationRA-GRS, 130 replication support, ZRS, 130
Index A, B Agile approach advantages, 168 continuous software delivery, 167 definition, 167 disadvantages, 169 sprints, 167 168 Amazon Web Services (AWS) failure, 88 CloudTrail Service, 21 CloudWatch Service,
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationTHE ULTIMATE RETAILER'S GUIDE TO SD-WAN PART ONE: EXPLAINED
THE ULTIMATE RETAILER'S GUIDE TO SD-WAN PART ONE: SD-WAN EXPLAINED SD-WAN DE-MYSTIFIED IDC predicts that the SD-WAN market will be worth $2.1bn in Europe by 2021*. That s a staggering 92% growth year on
More informationCloudVision Macro-Segmentation Service
CloudVision Macro-Segmentation Service Inside Address network-based security as a pool of resources, stitch security to applications and transactions, scale on-demand, automate deployment and mitigation,
More informationA guide for IT professionals. implementing the hybrid cloud
A guide for IT professionals implementing the hybrid cloud A guide for IT professionals implementing the hybrid cloud Cloud technology is maturing and advancing rapidly. And for schools today, hybrid cloud
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationCraig Blitz Oracle Coherence Product Management
Software Architecture for Highly Available, Scalable Trading Apps: Meeting Low-Latency Requirements Intentionally Craig Blitz Oracle Coherence Product Management 1 Copyright 2011, Oracle and/or its affiliates.
More informationPLEXXI HCN FOR VMWARE ENVIRONMENTS
PLEXXI HCN FOR VMWARE ENVIRONMENTS SOLUTION BRIEF FEATURING Plexxi s pre-built, VMware Integration Pack makes Plexxi integration with VMware simple and straightforward. Fully-automated network configuration,
More informationEMC Data Protection for Microsoft
EMC Data Protection for Microsoft Featuring Industry Perspectives from IDC 7 November 2013 Ashish Nadkarni, IDC Research Director, Storage Systems @Ashish_Nadkarni Phil George, EMC Backup Recovery Systems
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationOnline Services Security v2.1
Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction
More informationRubicon: Scalable Bounded Verification of Web Applications
Joseph P. Near Research Statement My research focuses on developing domain-specific static analyses to improve software security and reliability. In contrast to existing approaches, my techniques leverage
More informationDell EMC. VxRack System FLEX Architecture Overview
Dell EMC VxRack System FLEX Architecture Overview Document revision 1.6 October 2017 Revision history Date Document revision Description of changes October 2017 1.6 Editorial updates Updated Cisco Nexus
More informationVblock Infrastructure Packages: Accelerating Deployment of the Private Cloud
Vblock Infrastructure Packages: Accelerating Deployment of the Private Cloud Roberto Missana - Channel Product Sales Specialist Data Center, Cisco 1 IT is undergoing a transformation Enterprise IT solutions
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationA Cost-oriented oriented Tool to Support Server Consolidation
A Cost-oriented oriented Tool to Support Server Consolidation Danilo Ardagna Politecnico di Milano Italy Summary Research objectives and Motivation Server Consolidation design phases and variables Empirical
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationOracle Database 10G. Lindsey M. Pickle, Jr. Senior Solution Specialist Database Technologies Oracle Corporation
Oracle 10G Lindsey M. Pickle, Jr. Senior Solution Specialist Technologies Oracle Corporation Oracle 10g Goals Highest Availability, Reliability, Security Highest Performance, Scalability Problem: Islands
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCLOUD ARCHITECT Certification. Cloud Architect
CLOUD ARCHITECT Certification Cloud Architect The Cloud Professional (CCP) program from Arcitura is dedicated to excellence in the fields of cloud computing technology, mechanisms, platforms, architecture,
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationIntroducing VMware Validated Designs for Software-Defined Data Center
Introducing VMware Validated Designs for Software-Defined Data Center 17 JUL 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.3 You can find the most up-to-date
More informationIT Service Quality amidst a World Gone Cloud. June 2012 V: 2.0
IT Service Quality amidst a World Gone Cloud June 2012 V: 2.0 Agenda A World Gone Cloud (federal perspective) Impacts to IT Infrastructures Impacts to ITIL-based Service/Quality Retooling ITIL Quality
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Co-residency side-channel attacks in clouds Stealing secrets (e.g., keys) VM VM
More informationConfiguring Advanced Windows Server 2012 Services
Configuring Advanced Windows Server 2012 Services Course 20412D - Five days - Instructor-led - Hands-on Introduction Get hands-on instruction and practice configuring advanced Windows Server 2012, including
More informationNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Context: Infrastructure-as-a-Service Clouds Client API Cloud Controller Machine
More informationHeading Off Correlated Failures through Independence-as-a-Service
Heading Off Correlated Failures through Independence-as-a-Service Ennan Zhai 1 Ruichuan Chen 2, David Isaac Wolinsky 1, Bryan Ford 1 1 Yale University 2 Bell Labs/Alcatel-Lucent Background Cloud services
More informationCOMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM
Network + Networking NH5200 Fundamentals COURSE TITLE: Network+ Networking Fundamentals 104 Total Hours 66 Theory Hours 38 Laboratory Hours COURSE OVERVIEW: After completing this course, students will
More informationEmpowering the Service Economy with SLA-aware Infrastructures in the project
Empowering the Service Economy with SLA-aware Infrastructures in the project SLA@SOI ETSI Workshop Grids, Clouds & Service Infrastructures, Sophia Antipolis, Dec 2-3, 2009 Ramin Yahyapour Technische Universität
More informationLenovo Database Configuration Guide
Lenovo Database Configuration Guide for Microsoft SQL Server OLTP on ThinkAgile SXM Reduce time to value with validated hardware configurations up to 2 million TPM in a DS14v2 VM SQL Server in an Infrastructure
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationA Global Operating System «from the Things to the Clouds»
GRUPPO TELECOM ITALIA EAI International Conference on Software Defined Wireless Networks and Cognitive Technologies for IoT Rome, 26th October 2015 A Global Operating System «from the Things to the Clouds»
More informationAn Optimized Virtual Machine Migration Algorithm for Energy Efficient Data Centers
International Journal of Engineering Science Invention (IJESI) ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 8 Issue 01 Ver. II Jan 2019 PP 38-45 An Optimized Virtual Machine Migration Algorithm
More informationDell EMC. VxBlock Systems for VMware NSX 6.2 Architecture Overview
Dell EMC VxBlock Systems for VMware NSX 6.2 Architecture Overview Document revision 1.6 December 2018 Revision history Date Document revision Description of changes December 2018 1.6 Remove note about
More informationCopyright 2016 EMC Corporation. All rights reserved.
1 BUILDING BUSINESS RESILIENCY Isolated Recovery Services NAZIR VELLANI (ERNST & YOUNG) & DAVID EDBORG (EMC GLOBAL SERVICES) 2 PRESENTERS Nazir Vellani (EY) Senior Manager Tel: +1 214 596 8985 Email: nazir.vellani@ey.com
More informationProtect Your End-of-Life Windows Server 2003 Operating System
Protect Your End-of-Life Windows Server 2003 Operating System Your guide to mitigating risks in your Windows Server 2003 Systems after the end of support End of Support is Not the End of Business When
More information<Insert Picture Here> Enterprise Data Management using Grid Technology
Enterprise Data using Grid Technology Kriangsak Tiawsirisup Sales Consulting Manager Oracle Corporation (Thailand) 3 Related Data Centre Trends. Service Oriented Architecture Flexibility
More informationEFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,
More informationAn Evaluation of Load Balancing between Server Platforms inside a Data Center
www.ijcsi.org https://doi.org/10.20943/01201702.6771 67 An Evaluation of Load Balancing between Server Platforms inside a Data Center Amer Tahseen Abu Jassar Faculty of sciences and information technologies,
More informationEnabling Smart Energy as a Service via 5G Mobile Network advances. The Energy as a Service: when the Smart Energy uses the 5G technology
Enabling Smart Energy as a Service via 5G Mobile Network advances The Energy as a Service: when the Smart Energy uses the 5G technology Ljubljana, 5G PPP Phase 3 Stakeholders Info day October 17 2017 Fiorentino
More informationDynamic control and Resource management for Mission Critical Multi-tier Applications in Cloud Data Center
Institute Institute of of Advanced Advanced Engineering Engineering and and Science Science International Journal of Electrical and Computer Engineering (IJECE) Vol. 6, No. 3, June 206, pp. 023 030 ISSN:
More informationStellar performance for a virtualized world
IBM Systems and Technology IBM System Storage Stellar performance for a virtualized world IBM storage systems leverage VMware technology 2 Stellar performance for a virtualized world Highlights Leverages
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More information