SlideShare a Scribd company logo

Enterprise grade firewall and ssl termination to ac by will stevens

Download as PPTX, PDF
B
buildacloud

CloudOps has add support for enterprise grade security products in ACS. CloudOps has developed an integration with the Palo Alto Networks firewall appliance to enable ACS to orchestrate network features such as network creation, Source NAT, Static NAT, Port Forwarding and Firewall rules on the Palo Alto device. Additionally, CloudOps has extended ACS to support SSL certificate management as well as SSL termination by external load balancers. The existing ACS NetScaler plugin has been improved to support this new SSL termination functionality. The talk will cover the features added as well as a basic overview of how they are used. Will Stevens is the Lead Developer at CloudOps. He has been directly involved in extending ACS to support more enterprise grade security functionality. Will has over 10 years experience as a software developer and is primarily focused on cloud integrations at CloudOps.

Technology
1 of 26
Enterprise Grade Security and SSL termination in ACS 4.3 December 3rd, 2013 @cloudops_ www.cloudops.com
Introductions • Will Stevens – Lead Developer @ CloudOps • CloudOps builds and operates clouds of all shapes and sizes • Develops cloud infrastructure solutions and operational models • 24x7x365 managed service for CloudStack based cloud infrastructures • Customers are global • Based in Montreal, Canada @cloudops_ www.cloudops.com
To be covered… • Palo Alto Networks firewall appliance integration – Feature overview – Challenges and decisions • SSL Termination added to ACS and implemented for NetScaler – Certificate management – SSL Termination overview @cloudops_ www.cloudops.com
Motivations for Palo Alto integration CloudStack virtual router: For Advanced Networking it often handles NAT, LB, FW, VPN in addition to DHCP, DNS. Great approach for horizontally scaled commodity networking services BUT can be a bottleneck and a bit of a black box security wise @cloudops_ www.cloudops.com
More reasons why • Customer driven - Palo Alto is an increasingly popular enterprise security product • Many enterprises require greater visibility and advanced policies (i.e. content filtering, heuristics, intrusion detection) • Use cases: Enterprise private clouds, PCI compliance, service providers to enterprise @cloudops_ www.cloudops.com
Resulting network services • CloudStack Virtual Router – DHCP – DNS • Palo Alto Service Provider – Source NAT – Firewall Rules (Ingress & Egress) – Static NAT – Port Forwarding @cloudops_ www.cloudops.com
Overview of the implementation @cloudops_ www.cloudops.com
Pre-configure the Palo Alto device • Setup a Virtual Router on the Palo Alto to handle the routing of the Public traffic • Setup a Static Route for the next hop @cloudops_ www.cloudops.com
Pre-configure the Palo Alto device • Setup the Public and Private interfaces on the PA • Pre-configure the Public interface according to the Public IP range in CS @cloudops_ www.cloudops.com
Add the PA as a service provider • Add the PA device as a guest network service provider • Enable the provider @cloudops_ www.cloudops.com
Create a Network Offering • Expose the PA through a network offering • PA provides: Source NAT, Static NAT, Port Forwarding and Firewall services • Enable the new offering @cloudops_ www.cloudops.com
Use the Palo Alto • Add a network using the service offering • Launch a VM on the new network @cloudops_ www.cloudops.com
What actually happened • A Source NAT IP is allocated on ‘ae1’ • A guest network has been setup on ‘ae2’ • A Source NAT rule now connects the guest network to the public IP • A policy isolates the guest network @cloudops_ www.cloudops.com
Egress firewall rules @cloudops_ www.cloudops.com
Ingress firewall rules @cloudops_ www.cloudops.com
Static NAT rules @cloudops_ www.cloudops.com
Port Forwarding rules @cloudops_ www.cloudops.com
Support for Palo Alto profiles • Added support for Palo Alto Networks ‘Security Profile Groups’ and ‘Log Forwarding Profiles’ • Globally configured at the device level (for now) and are associated with every ‘allow’ firewall rule • Enables basic support for IDS/IPS/Network AV threats, Wildfire (Anti-Malware), Data Protection, URL Filtering @cloudops_ www.cloudops.com
PA VM Appliance Support • Special considerations to support the Palo Alto virtual appliance • Simplify the implementation to the lowest common denominator • Using sub-interfaces instead of ‘vsys’ for configuration isolation • Ensuring support for the Palo Alto VM appliance enables support for Palo Alto running on the NetScaler SDX (currently in beta) @cloudops_ www.cloudops.com
Known limitations • Requires some initial configuration, it is not entirely plug and play (yet) • Currently only supports a single Public IP range • Public IP usage tracking is currently not handled • Fine grain control of ICMP is currently not handled • Not validating SSL certificates when ACS communicates with the Palo Alto device @cloudops_ www.cloudops.com
Changing gears… Next up: SSL Termination in ACS… @cloudops_ www.cloudops.com
SSL Termination in ACS • Developed by Syed Ahmed @ CloudOps • To be released in ACS 4.3 • Added Certificate management – – – – Supports Supports Supports Supports certificate verification certificate trust chains self-signed certificates encrypted private keys • Added a generic SSL Termination implementation to ACS for external load balancers • Added SSL Termination support for the NetScaler by extending the existing NetScalerplugin @cloudops_ www.cloudops.com
SSL Termination workflow Add SSL Termination 1) To create an SSL vserver on the NetScaler, use createLoadBalancerRule with the lb_protocol parameter set to SSL. 2) Upload the certificate to ACS using UploadSslCert(cert, key, chain, password_for_key) 3) Assign the certificate to the load balancer rule AssignCertToLoadBalancer(cert_id, lb_rule_id) Remove SSL Termination 1) Remove the cert from the load balancer removeFromLoadBalance(cert_id, lb_rule_id) 2) Remove the certificate @cloudops_ deleteSslCert(cert_id) www.cloudops.com
Associated APIs • Certificate Management – uploadSSLCert – deleteSSLCert – listSSLCerts • Load Balancer changes/additions – createLoadBalancerRule • use ‘lb_protocol=SSL’ to enable SSL termination – assignToLoadBalancerRule – removeFromLoadBalancerRule @cloudops_ www.cloudops.com
Additional notes • The implementation is not yet available in the UI, only via the API • Each certificate can be bound to multiple load balancer rules • Each load balancer rule can only be bound to one certificate – The bound certificate can be part of a chain • Does not support revocation lists (yet) FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Ter mination+Support @cloudops_ www.cloudops.com
Questions ? Will Stevens www.cloudops.com @cloudops_ @cloudops_ www.cloudops.com

Recommended

How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...
How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...
How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...Vietnam Open Infrastructure User Group
 
Avoiding cloud lock-in
Avoiding cloud lock-inAvoiding cloud lock-in
Avoiding cloud lock-inSebastien Goasguen
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC Amazon Web Services
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
 

Recommended

How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...
How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...
How we Upgraded Public Cloud From Juno to Queens with Minimal Downtime? | Ngu...Vietnam Open Infrastructure User Group
 
Avoiding cloud lock-in
Avoiding cloud lock-inAvoiding cloud lock-in
Avoiding cloud lock-inSebastien Goasguen
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC Amazon Web Services
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetTim Nolet
 
OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)Mark Voelker
 
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...Mark Voelker
 
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's HotOpenStack Korea Community
 
Day 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudDay 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudAmazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...Amazon Web Services
 
When networks meets apps (open stack atlanta)
When networks meets apps (open stack atlanta)When networks meets apps (open stack atlanta)
When networks meets apps (open stack atlanta)Nati Shalom
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationopenstackindia
 
CloudStack IPv6 in production
CloudStack IPv6 in productionCloudStack IPv6 in production
CloudStack IPv6 in productionShapeBlue
 
OpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformOpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformChinaNetCloud
 
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...Edureka!
 
Mastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesMastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesRoozbeh Shafiee
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Optionsjohn homer alvero
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
 
CloudStack news
CloudStack newsCloudStack news
CloudStack newsShapeBlue
 
OPNFV & OpenStack
OPNFV & OpenStackOPNFV & OpenStack
OPNFV & OpenStackopenstackindia
 
OpenStack in the Enterprise
OpenStack in the EnterpriseOpenStack in the Enterprise
OpenStack in the EnterpriseTesora
 
Recruitment -hrd 2 report (1)
Recruitment -hrd 2 report (1)Recruitment -hrd 2 report (1)
Recruitment -hrd 2 report (1)Emmanuel Nadela
 
依納五穗種子-公民記者分享-中部聚會
依納五穗種子-公民記者分享-中部聚會 依納五穗種子-公民記者分享-中部聚會
依納五穗種子-公民記者分享-中部聚會 peopo
 

More Related Content

What's hot

Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetTim Nolet
 
OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)Mark Voelker
 
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...Mark Voelker
 
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's HotOpenStack Korea Community
 
Day 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudDay 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudAmazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...Amazon Web Services
 
When networks meets apps (open stack atlanta)
When networks meets apps (open stack atlanta)When networks meets apps (open stack atlanta)
When networks meets apps (open stack atlanta)Nati Shalom
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationopenstackindia
 
CloudStack IPv6 in production
CloudStack IPv6 in productionCloudStack IPv6 in production
CloudStack IPv6 in productionShapeBlue
 
OpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformOpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformChinaNetCloud
 
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...Edureka!
 
Mastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesMastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesRoozbeh Shafiee
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Optionsjohn homer alvero
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
 
CloudStack news
CloudStack newsCloudStack news
CloudStack newsShapeBlue
 
OpenStack in the Enterprise
OpenStack in the EnterpriseOpenStack in the Enterprise
OpenStack in the EnterpriseTesora
 

What's hot (20)

Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
 
OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)
 
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...
OpenStack + VMware: Deploy, Upgrade, & Operate a Powerful Production OpenStac...
 
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
 
Day 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudDay 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS Cloud
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
 
When networks meets apps (open stack atlanta)
When networks meets apps (open stack atlanta)When networks meets apps (open stack atlanta)
When networks meets apps (open stack atlanta)
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world application
 
CloudStack IPv6 in production
CloudStack IPv6 in productionCloudStack IPv6 in production
CloudStack IPv6 in production
 
OpsStack--Integrated Operation Platform
OpsStack--Integrated Operation PlatformOpsStack--Integrated Operation Platform
OpsStack--Integrated Operation Platform
 
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...
OpenStack Tutorial For Beginners | OpenStack Tutorial | OpenStack Training | ...
 
Mastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller NodesMastering OpenStack - Episode 06 - Controller Nodes
Mastering OpenStack - Episode 06 - Controller Nodes
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Options
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
 
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
 
CloudStack news
CloudStack newsCloudStack news
CloudStack news
 
OPNFV & OpenStack
OPNFV & OpenStackOPNFV & OpenStack
OPNFV & OpenStack
 
OpenStack in the Enterprise
OpenStack in the EnterpriseOpenStack in the Enterprise
OpenStack in the Enterprise
 

Viewers also liked

Recruitment -hrd 2 report (1)
Recruitment -hrd 2 report (1)Recruitment -hrd 2 report (1)
Recruitment -hrd 2 report (1)Emmanuel Nadela
 
依納五穗種子-公民記者分享-中部聚會
依納五穗種子-公民記者分享-中部聚會 依納五穗種子-公民記者分享-中部聚會
依納五穗種子-公民記者分享-中部聚會 peopo
 
Redmine 260 300_new_feature
Redmine 260 300_new_featureRedmine 260 300_new_feature
Redmine 260 300_new_featureJun Naitoh
 
08级第七批警务援助队绵竹教学实践活动自我鉴定报告
08级第七批警务援助队绵竹教学实践活动自我鉴定报告08级第七批警务援助队绵竹教学实践活动自我鉴定报告
08级第七批警务援助队绵竹教学实践活动自我鉴定报告Luchuan Wang
 
China, Law and the Foreigner: Mutual Engagements on a Global Stage
China, Law and the Foreigner: Mutual Engagements on a Global StageChina, Law and the Foreigner: Mutual Engagements on a Global Stage
China, Law and the Foreigner: Mutual Engagements on a Global StageLarry Catá Backer
 
Final slideshow hrd 2013 report
Final slideshow hrd 2013 reportFinal slideshow hrd 2013 report
Final slideshow hrd 2013 reportCHRDnet
 
盧廣《中國的污染》
盧廣《中國的污染》盧廣《中國的污染》
盧廣《中國的污染》saymynames
 
Notafilia moedas comunitárias de portugal
Notafilia moedas comunitárias de portugalNotafilia moedas comunitárias de portugal
Notafilia moedas comunitárias de portugalMiguel Yasuyuki Hirota
 
Managing scalable infrastructure based on monitoring
Managing scalable infrastructure based on monitoringManaging scalable infrastructure based on monitoring
Managing scalable infrastructure based on monitoringForthscale
 
CHRD’s image gallery of the year in human rights defense in China
CHRD’s image gallery of the year in human rights defense in ChinaCHRD’s image gallery of the year in human rights defense in China
CHRD’s image gallery of the year in human rights defense in ChinaCHRDnet
 
220913 being righteous in an unrighteous corrupted society
220913 being righteous in an unrighteous corrupted society220913 being righteous in an unrighteous corrupted society
220913 being righteous in an unrighteous corrupted societyterry5428
 
「通貨と持続可能性: 見失われた関連性」要約
「通貨と持続可能性: 見失われた関連性」要約「通貨と持続可能性: 見失われた関連性」要約
「通貨と持続可能性: 見失われた関連性」要約Miguel Yasuyuki Hirota
 
nature23-公民記者分享-中部聚會
nature23-公民記者分享-中部聚會 nature23-公民記者分享-中部聚會
nature23-公民記者分享-中部聚會 peopo
 
Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...
Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...
Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...CHRDnet
 
ellenlee-公民記者分享-中部聚會
ellenlee-公民記者分享-中部聚會 ellenlee-公民記者分享-中部聚會
ellenlee-公民記者分享-中部聚會 peopo
 

Viewers also liked (20)

Recruitment -hrd 2 report (1)
Recruitment -hrd 2 report (1)Recruitment -hrd 2 report (1)
Recruitment -hrd 2 report (1)
 
依納五穗種子-公民記者分享-中部聚會
依納五穗種子-公民記者分享-中部聚會 依納五穗種子-公民記者分享-中部聚會
依納五穗種子-公民記者分享-中部聚會
 
Redmine 260 300_new_feature
Redmine 260 300_new_featureRedmine 260 300_new_feature
Redmine 260 300_new_feature
 
08级第七批警务援助队绵竹教学实践活动自我鉴定报告
08级第七批警务援助队绵竹教学实践活动自我鉴定报告08级第七批警务援助队绵竹教学实践活动自我鉴定报告
08级第七批警务援助队绵竹教学实践活动自我鉴定报告
 
China, Law and the Foreigner: Mutual Engagements on a Global Stage
China, Law and the Foreigner: Mutual Engagements on a Global StageChina, Law and the Foreigner: Mutual Engagements on a Global Stage
China, Law and the Foreigner: Mutual Engagements on a Global Stage
 
Final slideshow hrd 2013 report
Final slideshow hrd 2013 reportFinal slideshow hrd 2013 report
Final slideshow hrd 2013 report
 
盧廣《中國的污染》
盧廣《中國的污染》盧廣《中國的污染》
盧廣《中國的污染》
 
Notafilia moedas comunitárias de portugal
Notafilia moedas comunitárias de portugalNotafilia moedas comunitárias de portugal
Notafilia moedas comunitárias de portugal
 
La ONU
La ONULa ONU
La ONU
 
Managing scalable infrastructure based on monitoring
Managing scalable infrastructure based on monitoringManaging scalable infrastructure based on monitoring
Managing scalable infrastructure based on monitoring
 
CHRD’s image gallery of the year in human rights defense in China
CHRD’s image gallery of the year in human rights defense in ChinaCHRD’s image gallery of the year in human rights defense in China
CHRD’s image gallery of the year in human rights defense in China
 
220913 being righteous in an unrighteous corrupted society
220913 being righteous in an unrighteous corrupted society220913 being righteous in an unrighteous corrupted society
220913 being righteous in an unrighteous corrupted society
 
PM 2.5
PM 2.5PM 2.5
PM 2.5
 
It from bit
It from bitIt from bit
It from bit
 
「通貨と持続可能性: 見失われた関連性」要約
「通貨と持続可能性: 見失われた関連性」要約「通貨と持続可能性: 見失われた関連性」要約
「通貨と持続可能性: 見失われた関連性」要約
 
nature23-公民記者分享-中部聚會
nature23-公民記者分享-中部聚會 nature23-公民記者分享-中部聚會
nature23-公民記者分享-中部聚會
 
what it means for PKP to offer Article Level Metrics
what it means for PKP to offer Article Level Metricswhat it means for PKP to offer Article Level Metrics
what it means for PKP to offer Article Level Metrics
 
南海大餐pdf
南海大餐pdf南海大餐pdf
南海大餐pdf
 
Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...
Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...
Harsh Climate for Human Rights Defenders in China:2014 in Photos 中国大陆人权捍卫者面临严...
 
ellenlee-公民記者分享-中部聚會
ellenlee-公民記者分享-中部聚會 ellenlee-公民記者分享-中部聚會
ellenlee-公民記者分享-中部聚會
 

Similar to Enterprise grade firewall and ssl termination to ac by will stevens

Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...
Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...
Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...buildacloud
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Getting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStackGetting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStackProdosh Banerjee
 
As a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons LearntAs a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons LearntAnimesh Singh
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittalbuildacloud
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingShannon McFarland
 
OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies
OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies
OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies Jakub Pavlik
 
CloudStack challenges for China customers
CloudStack challenges for China customersCloudStack challenges for China customers
CloudStack challenges for China customersgavin_lee
 
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Amazon Web Services
 
Utilizing Public AND Private Clouds with Bright Cluster Manager
Utilizing Public AND Private Clouds with Bright Cluster ManagerUtilizing Public AND Private Clouds with Bright Cluster Manager
Utilizing Public AND Private Clouds with Bright Cluster ManagerIan Lumb
 
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Duc Lai Trung Minh
 
PLNOG 17 - Grzegorz Kornacki - F5 and OpenStack
PLNOG 17 - Grzegorz Kornacki - F5 and OpenStackPLNOG 17 - Grzegorz Kornacki - F5 and OpenStack
PLNOG 17 - Grzegorz Kornacki - F5 and OpenStackPROIDEA
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS2nd Watch
 
Améliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelAméliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelOdinot Stanislas
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsFab Fusaro
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOpsCisco DevNet
 

Similar to Enterprise grade firewall and ssl termination to ac by will stevens (20)

Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...
Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...
Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Getting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStackGetting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStack
 
As a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons LearntAs a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons Learnt
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
 
OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies
OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies
OpenStack Ousts vCenter for DevOps and Unites IT Silos at AVG Technologies
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
 
CloudStack challenges for China customers
CloudStack challenges for China customersCloudStack challenges for China customers
CloudStack challenges for China customers
 
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
 
Utilizing Public AND Private Clouds with Bright Cluster Manager
Utilizing Public AND Private Clouds with Bright Cluster ManagerUtilizing Public AND Private Clouds with Bright Cluster Manager
Utilizing Public AND Private Clouds with Bright Cluster Manager
 
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
 
PLNOG 17 - Grzegorz Kornacki - F5 and OpenStack
PLNOG 17 - Grzegorz Kornacki - F5 and OpenStackPLNOG 17 - Grzegorz Kornacki - F5 and OpenStack
PLNOG 17 - Grzegorz Kornacki - F5 and OpenStack
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS
 
Améliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelAméliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies Intel
 
Chapter08
Chapter08Chapter08
Chapter08
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOps
 

More from buildacloud

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati
Policy Based SDN Solution for DC and Branch Office by Suresh BoddapatiPolicy Based SDN Solution for DC and Branch Office by Suresh Boddapati
Policy Based SDN Solution for DC and Branch Office by Suresh Boddapatibuildacloud
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribibuildacloud
 
Jenkins, jclouds, CloudStack, and CentOS by David Nalley
Jenkins, jclouds, CloudStack, and CentOS by David NalleyJenkins, jclouds, CloudStack, and CentOS by David Nalley
Jenkins, jclouds, CloudStack, and CentOS by David Nalleybuildacloud
 
Intro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew KirchIntro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew Kirchbuildacloud
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowskibuildacloud
 
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex HenevaldCloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex Henevaldbuildacloud
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalleybuildacloud
 
Managing infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike CohenManaging infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike Cohenbuildacloud
 
Intro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew KirchIntro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew Kirchbuildacloud
 
Monitoring CloudStack in context with Converged Infrastructure by Mike Turnlund
Monitoring CloudStack in context with Converged Infrastructure by Mike TurnlundMonitoring CloudStack in context with Converged Infrastructure by Mike Turnlund
Monitoring CloudStack in context with Converged Infrastructure by Mike Turnlundbuildacloud
 
Rest api design by george reese
Rest api design by george reeseRest api design by george reese
Rest api design by george reesebuildacloud
 
State of the cloud by reuven cohen
State of the cloud by reuven cohenState of the cloud by reuven cohen
State of the cloud by reuven cohenbuildacloud
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicekbuildacloud
 
DevCloud - Setup and Demo on Apache CloudStack
DevCloud - Setup and Demo on Apache CloudStack DevCloud - Setup and Demo on Apache CloudStack
DevCloud - Setup and Demo on Apache CloudStack buildacloud
 
Cloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper ContrailCloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper Contrailbuildacloud
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski buildacloud
 
CloudStack University by Sebastien Goasguen
CloudStack University by Sebastien GoasguenCloudStack University by Sebastien Goasguen
CloudStack University by Sebastien Goasguenbuildacloud
 
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadil
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian StadilBuilding Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadil
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadilbuildacloud
 
Cloudstack Continuous Delivery
Cloudstack Continuous DeliveryCloudstack Continuous Delivery
Cloudstack Continuous Deliverybuildacloud
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStackbuildacloud
 

More from buildacloud (20)

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati
Policy Based SDN Solution for DC and Branch Office by Suresh BoddapatiPolicy Based SDN Solution for DC and Branch Office by Suresh Boddapati
Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribi
 
Jenkins, jclouds, CloudStack, and CentOS by David Nalley
Jenkins, jclouds, CloudStack, and CentOS by David NalleyJenkins, jclouds, CloudStack, and CentOS by David Nalley
Jenkins, jclouds, CloudStack, and CentOS by David Nalley
 
Intro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew KirchIntro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew Kirch
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowski
 
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex HenevaldCloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalley
 
Managing infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike CohenManaging infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike Cohen
 
Intro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew KirchIntro to Zenoss by Andrew Kirch
Intro to Zenoss by Andrew Kirch
 
Monitoring CloudStack in context with Converged Infrastructure by Mike Turnlund
Monitoring CloudStack in context with Converged Infrastructure by Mike TurnlundMonitoring CloudStack in context with Converged Infrastructure by Mike Turnlund
Monitoring CloudStack in context with Converged Infrastructure by Mike Turnlund
 
Rest api design by george reese
Rest api design by george reeseRest api design by george reese
Rest api design by george reese
 
State of the cloud by reuven cohen
State of the cloud by reuven cohenState of the cloud by reuven cohen
State of the cloud by reuven cohen
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
 
DevCloud - Setup and Demo on Apache CloudStack
DevCloud - Setup and Demo on Apache CloudStack DevCloud - Setup and Demo on Apache CloudStack
DevCloud - Setup and Demo on Apache CloudStack
 
Cloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper ContrailCloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper Contrail
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
 
CloudStack University by Sebastien Goasguen
CloudStack University by Sebastien GoasguenCloudStack University by Sebastien Goasguen
CloudStack University by Sebastien Goasguen
 
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadil
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian StadilBuilding Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadil
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadil
 
Cloudstack Continuous Delivery
Cloudstack Continuous DeliveryCloudstack Continuous Delivery
Cloudstack Continuous Delivery
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStack
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Enterprise grade firewall and ssl termination to ac by will stevens

  • 1. Enterprise Grade Security and SSL termination in ACS 4.3 December 3rd, 2013 @cloudops_ www.cloudops.com
  • 2. Introductions • Will Stevens – Lead Developer @ CloudOps • CloudOps builds and operates clouds of all shapes and sizes • Develops cloud infrastructure solutions and operational models • 24x7x365 managed service for CloudStack based cloud infrastructures • Customers are global • Based in Montreal, Canada @cloudops_ www.cloudops.com
  • 3. To be covered… • Palo Alto Networks firewall appliance integration – Feature overview – Challenges and decisions • SSL Termination added to ACS and implemented for NetScaler – Certificate management – SSL Termination overview @cloudops_ www.cloudops.com
  • 4. Motivations for Palo Alto integration CloudStack virtual router: For Advanced Networking it often handles NAT, LB, FW, VPN in addition to DHCP, DNS. Great approach for horizontally scaled commodity networking services BUT can be a bottleneck and a bit of a black box security wise @cloudops_ www.cloudops.com
  • 5. More reasons why • Customer driven - Palo Alto is an increasingly popular enterprise security product • Many enterprises require greater visibility and advanced policies (i.e. content filtering, heuristics, intrusion detection) • Use cases: Enterprise private clouds, PCI compliance, service providers to enterprise @cloudops_ www.cloudops.com
  • 6. Resulting network services • CloudStack Virtual Router – DHCP – DNS • Palo Alto Service Provider – Source NAT – Firewall Rules (Ingress & Egress) – Static NAT – Port Forwarding @cloudops_ www.cloudops.com
  • 7. Overview of the implementation @cloudops_ www.cloudops.com
  • 8. Pre-configure the Palo Alto device • Setup a Virtual Router on the Palo Alto to handle the routing of the Public traffic • Setup a Static Route for the next hop @cloudops_ www.cloudops.com
  • 9. Pre-configure the Palo Alto device • Setup the Public and Private interfaces on the PA • Pre-configure the Public interface according to the Public IP range in CS @cloudops_ www.cloudops.com
  • 10. Add the PA as a service provider • Add the PA device as a guest network service provider • Enable the provider @cloudops_ www.cloudops.com
  • 11. Create a Network Offering • Expose the PA through a network offering • PA provides: Source NAT, Static NAT, Port Forwarding and Firewall services • Enable the new offering @cloudops_ www.cloudops.com
  • 12. Use the Palo Alto • Add a network using the service offering • Launch a VM on the new network @cloudops_ www.cloudops.com
  • 13. What actually happened • A Source NAT IP is allocated on ‘ae1’ • A guest network has been setup on ‘ae2’ • A Source NAT rule now connects the guest network to the public IP • A policy isolates the guest network @cloudops_ www.cloudops.com
  • 18. Support for Palo Alto profiles • Added support for Palo Alto Networks ‘Security Profile Groups’ and ‘Log Forwarding Profiles’ • Globally configured at the device level (for now) and are associated with every ‘allow’ firewall rule • Enables basic support for IDS/IPS/Network AV threats, Wildfire (Anti-Malware), Data Protection, URL Filtering @cloudops_ www.cloudops.com
  • 19. PA VM Appliance Support • Special considerations to support the Palo Alto virtual appliance • Simplify the implementation to the lowest common denominator • Using sub-interfaces instead of ‘vsys’ for configuration isolation • Ensuring support for the Palo Alto VM appliance enables support for Palo Alto running on the NetScaler SDX (currently in beta) @cloudops_ www.cloudops.com
  • 20. Known limitations • Requires some initial configuration, it is not entirely plug and play (yet) • Currently only supports a single Public IP range • Public IP usage tracking is currently not handled • Fine grain control of ICMP is currently not handled • Not validating SSL certificates when ACS communicates with the Palo Alto device @cloudops_ www.cloudops.com
  • 21. Changing gears… Next up: SSL Termination in ACS… @cloudops_ www.cloudops.com
  • 22. SSL Termination in ACS • Developed by Syed Ahmed @ CloudOps • To be released in ACS 4.3 • Added Certificate management – – – – Supports Supports Supports Supports certificate verification certificate trust chains self-signed certificates encrypted private keys • Added a generic SSL Termination implementation to ACS for external load balancers • Added SSL Termination support for the NetScaler by extending the existing NetScalerplugin @cloudops_ www.cloudops.com
  • 23. SSL Termination workflow Add SSL Termination 1) To create an SSL vserver on the NetScaler, use createLoadBalancerRule with the lb_protocol parameter set to SSL. 2) Upload the certificate to ACS using UploadSslCert(cert, key, chain, password_for_key) 3) Assign the certificate to the load balancer rule AssignCertToLoadBalancer(cert_id, lb_rule_id) Remove SSL Termination 1) Remove the cert from the load balancer removeFromLoadBalance(cert_id, lb_rule_id) 2) Remove the certificate @cloudops_ deleteSslCert(cert_id) www.cloudops.com
  • 24. Associated APIs • Certificate Management – uploadSSLCert – deleteSSLCert – listSSLCerts • Load Balancer changes/additions – createLoadBalancerRule • use ‘lb_protocol=SSL’ to enable SSL termination – assignToLoadBalancerRule – removeFromLoadBalancerRule @cloudops_ www.cloudops.com
  • 25. Additional notes • The implementation is not yet available in the UI, only via the API • Each certificate can be bound to multiple load balancer rules • Each load balancer rule can only be bound to one certificate – The bound certificate can be part of a chain • Does not support revocation lists (yet) FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Ter mination+Support @cloudops_ www.cloudops.com

Editor's Notes

  1. TheCloudStack VR provides DHCP and DNS in this service offering.