cloudinomicon
play

Cloudinomicon :: Idempotent Infrastructure, Survivable Systems - PowerPoint PPT Presentation

Oct 02, 2023 •150 likes •925 views

Cloudinomicon :: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity v1.1 2 The Internet Is Over* So The Clouds Got that going for it... * Everybody knows you cant argue with royalty

  1. Cloudinomicon :: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity v1.1

  2. 2 The Internet Is Over* So The Cloud’s Got that going for it... * Everybody knows you can’t argue with royalty

  3. Hustle & Flow + Key Takeaways + Fist Pump the Cloud: Jersey Shore Security + Blame the French + Shifts In Thinking + Idempotent Infrastructure + Survivable Systems + Information Centricity + Wrap-Up

  4. 4 Key Takeaways + Not All Public Cloud IaaS Offerings Are Created Equal. Differentiation Based Upon Networking, Security, Transparency/Visibility & Forensics + Public IaaS Clouds Can Most Definitely Be Deployed As Securely Or Even More Securely Than Those In An Enterprise... + ...However, They Require Profound Architectural, Operational, Technology, Security and Compliance Model Changes + Time To Get The Bell Bottoms Out Of The Closet: What’s Old Is New Again - Survivable Systems & Information Centricity

  5. Fist Pump The Cloud 5 The Car Crash You Just Can’t Stop Watching Four Horsemen Of the Virtualization Security Apocalypse The Frogs Who Desired a King: A Virtualization & Cloud Computing Fable Set To Interpretive Dance Cloudifornication : Indiscriminate Information Intercourse Involving Internet Infrastructure

  6. Blame The French:: Siege Warfare & the Trebuchet...

  7. Technically Blame the 7 Greeks & Romans... + Introduced in ~12th century by the French who bettered the design elements of the catapult & ballista + The trebuchet utilized a sling to double the power of the engine and throw its projectile twice as far + Catapults were efficient mechanisms for lobbing loads of 50-60 pounds + Trebuchets could throw stones of up to 300 pounds and at great distance

  8. A Better Mousetrap But A More Complex Operational Model + The sling trebuchet was a marriage of previous catapult design, application of better physics & advanced physical science. + It works on a simple principle, but there was nothing simple about making sure a sling trebuchet was built or operated with precision...* *http://www.medieval-castle-siege-weapons.com/sling-trebuchet.html

  9. 9 WTF Does That Have To Do With Cloud? + Evolutionary application of revolutionary ideas* + Caused quite a stir and a wholesale shift in strategy + Laid the foundation for even more ass-kicking innovation + Automation, FTW! * Gravity. Who Knew?

  10. Shifts In Thinking* IT Evolves *2001
‐
Carnegie
Mellon
University.

Informa:on
Survivability:

A
New
Execu:ve
Perspec:ve

  11. 11 Centralized To Global

  12. 12 Bounded To Unbounded

  13. 13 Insular To Networked

  14. 14 Nostradamus Predictable To Asynchronous

  15. 15 Single To Shared Responsibility

  16. 16 Overhead To Essential

  17. 17 Security To Survivability

  18. 18 Static To Dynamic* *I Added This One

  19. 19 Manual To Automated* *I Added This One

  20. Shifts In Thinking: IT Infrastructure Evolves + Consolidating From Servers To Pooled Resources Of Compute + Network & Storage Moving From Dedicated Switches & Local Disk To Clusters And Fabrics, Implemented In Both Hardware And Software + Escaping From Tightly-Coupled Hardware/Software Affinity To Distributed Computing Enabled By Virtualization + Transitioning From Infrastructure To Composeable Service Layers

  21. 21 Public Cloud... + Not All Public Clouds Are Created Equal Or For The Same Purpose + Scale Enabled By Abstracted & Idempotent Infrastructure* + Massive Data Centers With Hundreds Of Thousands Of Cores, Huge Storage And Bandwidth + Extremely Agile, Heavily Virtualized, Mostly Automated & Hugely Software Driven + Management Via API

  22. “Enterprise” IaaS 22 Quandry: To Boldly Go... Private : Leverage Virtualization To Yield Higher Efficiency In Service Delivery, Agility And Meet Existing Security And Compliance. Infrastructure Exposed. General Preservation Of Existing Architectural Blueprints But With Virtualized/Converged Infrastructure. Primarily Hardware Infrastructure Enabled & Enterprise-Class Virtualization Layers Public : Fundamental Re-Architecture Of Application, Operations & Service Delivery Leveraging Virtualization & Automation. Massive Abstraction. Focuses On Scale, Lower Costs And Homogeneity At Infrastructure Layers. Primarily Software Enabled

  23. Public Cloud: All About Gracefully Giving Up Direct Operational Control Over Infrastructure

  24. Across 24 The Great Divide... Therein lies the problem... + Huge monocultures of custom hardware and software layers abstracted for your pleasure + It’s the functional equivalent of Siebel: don’t fit the software to the business, change the business to fit the software. + ...not necessarily a bad thing, but cultural, operational, security, and compliance issues are daunting.

  25. Shifts In Thinking: The Evolution Of Security Past Present Tomorrow (?) Attack Origin/ External/ Internal & External/ Ubiquitous/Economic & Motivation Notoriety Leverage “CyberTerror” Defensive Amorphous Perimeters & Re-Perimeterized & Perimeters & Firewalls Strategy Firewalls /VPNs Self-Asserting Defense Approach Infrastructure-Centric Application-Centric Information-Centric (Id)entity IP Address Discrete User Credentials Federated Trust Management Application Monolithic Apps Mash-Ups Distributed Functions Deployment HW/SW Application/Resource Virtualization-Enabled Virtualization 1.0 Resources Affinity Cloud Data Location/ Islands of Data/ Re-Distributed Data Data Warehouses/Structured & Un-Structured Type Structured Marts & Metadata

  26. What Cloud Means To Security + Focus on sustaining the business/mission Tomorrow (?) in the face of an ongoing attack; requires a holistic perspective (not siloed) Ubiquitous/Economic & “CyberTerror” + Depends on the ability of networked systems to provide continuity of Re-Perimeterized & Self-Asserting Defense essential services, albeit degraded , in the presence of attacks, failures, or Information-Centric accidents + Requires that only the critical assets Federated Trust need the highest level of protection + Complements current risk Distributed Functions management approaches that are part of an organization’s business practices Virtualiza:on‐Enabled
 Cloud + Includes (but is broader than) traditional information security Re-Distributed Data Marts & Metadata

  27. 27 We Need Risk Ritalin There Be Monsters Here... + Suffering From Security Attention Deficit Disorder & Lack Of Holistic Approach + Threat Model Velocity And Innovation Of Attacker > Defender + Security Doesn’t Scale (By Design) + Defense In Width... + Economic Model Does Not Incentivize Solutions That Solve Problems

  28. ‘Round & ‘Round We Go... Display Compute Mainframes Achtung! Divergent Models Data Bandwidth The Cloud Centralized Unreliable/Slow Web2.0 Client/Server Reliable/Fast More Reliable/Faster Mostly Distributed Mostly Centralized Mostly Reliable/Fast b u t e d D i s t r i Web1.0 * Credit: Gunnar Peterson

  29. Revenge Of The Hamsters... The Security Hamster Sine Wave of Pain Network Centricity Control Deployment/Investment Focus User Centricity Information Centricity Application Centricity Host Centricity Time * With Apologies to Andy Jaquith & His Hamster...

  30. Revenge Of The Hamsters... The Security Hamster Sine Wave of Pain We Are Here Network Centricity Control Deployment/Investment Focus User Centricity Information Centricity Application Cloud Centricity Host Centricity Deployment Is Here Time * With Apologies to Andy Jaquith & His Hamster...

  31. Deconstruction Content & Context - Infostructure Apps, Data, Metadata, Services Glue & Guts - Metastructure IPAM, IAM, BGP , DNS, SSL, PKI Sprockets & Moving Parts - Infrastructure Compute, Network, Storage

  32. 32 Idempotent Infrastructure

  33. 33 Idempotent? idempotent | ˈī dem ˌ p ō t ə nt| Mathematics adjective denoting an element of a set that is unchanged in value when multiplied or otherwise operated on by itself. noun an element of this type. ORIGIN late 19th cent.: from Latin idem ‘same’ + potent In computer science, the term idempotent is used to describe methods or subroutine calls that can safely be called multiple times , as invoking the procedure a single time or multiple times has the same result ; Infrastructure * wikipedia: http://en.wikipedia.org/wiki/Idempotence

  34. Idempotency & 34 Public IaaS Cloud + Homogeneity Provides Foundation For Scale [out] + Does Not Always Imply Commodity Hardware + Maximize Density & Modularity Of Resources + Iteratively Extensible + Constant Deployment Model (Agile) Of Software Driven “Infrastructure” + Code As Infrastructure + But Elasticity Isn’t Always The Infrastructure Biggest Problem To Solve...

  35. Attack Of the stack 35 + Some Examples Of The Growing Number Of Available Cloud “Operating Systems”: + OpenStack.org + Cloud.com CloudStack + Citrix XenCloud + VMware vCloud + Enomaly ECP + RedHat Cloud Foundations + Nimbula Director + Eucalyptus Enterprise Edition + The Stuff That Makes It Tick Underneath Is Interesting & Important to Discuss

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Line Maintenance Keeping assets in service Scheduled and un-scheduled line maintenance Scheduled

Line Maintenance Keeping assets in service Scheduled and un-scheduled line maintenance Scheduled

Line Maintenance Keeping assets in service Scheduled and un-scheduled line maintenance Scheduled maintenance Facility Human Factors Time Weather Scheduled maintenance Resource Suitably qualified staff

845 views • 14 slides
Certifying the Global Optimality of Graph Cuts via Semidefinite Programming: A Theoretic

Certifying the Global Optimality of Graph Cuts via Semidefinite Programming: A Theoretic

Certifying the Global Optimality of Graph Cuts via Semidefinite Programming: A Theoretic Guarantee for Spectral Clustering Shuyang Ling Courant Institute of Mathematical Sciences, NYU Aug 13, 2018 Joint work with Prof. Thomas Strohmer at UC

613 views • 43 slides
A JCR view of the world a-jcr-folder a-subfolder a-jcr-node propertyA : Nodes have 0..N

A JCR view of the world a-jcr-folder a-subfolder a-jcr-node propertyA : Nodes have 0..N

A JCR view of the world 1 A JCR view of the world a-jcr-folder a-subfolder a-jcr-node propertyA : Nodes have 0..N properties anotherProperty : Another value Everything is content, everything is a tree Bertrand Delacretaz, Senior Developer,

268 views • 16 slides
We Have Your Back A Worker Safety Collaborative An Initiative of the Florida Hospital Association

We Have Your Back A Worker Safety Collaborative An Initiative of the Florida Hospital Association

1 We Have Your Back A Worker Safety Collaborative An Initiative of the Florida Hospital Association WORKER SAFETY WEDNESDAY WEBINAR SERIES: SELECTING THE RIGHT PATIENT LIFT EQUIPMENT FOR YOUR FACILITY - LESSONS LEARNED WEDNESDAY, JUNE 28,

487 views • 34 slides
Server-side OSGi with Apache Sling Felix Meschberger Day Management AG 124 About Felix

Server-side OSGi with Apache Sling Felix Meschberger Day Management AG 124 About Felix

Server-side OSGi with Apache Sling Felix Meschberger Day Management AG 124 About Felix Meschberger > Senior Developer, Day Management AG > fmeschbe@day.com > http://blog.meschberger.ch > VP Apache Sling > Apache

584 views • 32 slides
CrashSim: An Efficient Algorithm for Computing SimRank over Static and Temporal Graphs Mo Li 1,2 ,

CrashSim: An Efficient Algorithm for Computing SimRank over Static and Temporal Graphs Mo Li 1,2 ,

CrashSim: An Efficient Algorithm for Computing SimRank over Static and Temporal Graphs Mo Li 1,2 , Farhana M. Choudhury 2 , Renata Borovica-Gajic 2 , Zhiqiong Wang 1 , Junchang Xin 1,* , Jianxin Li 3 1 Northeastern University, CN 2 University of

593 views • 24 slides
Path Diagrams James H. Steiger Department of Psychology and Human Development Vanderbilt

Path Diagrams James H. Steiger Department of Psychology and Human Development Vanderbilt

Path Diagrams James H. Steiger Department of Psychology and Human Development Vanderbilt University James H. Steiger (Vanderbilt University) Path Diagrams 1 / 24 Path Diagrams Introduction 1 Path Diagram Basics 2 Exceptions and

501 views • 24 slides
1 Peter Series Lesson #009 March 26, 2015 Dean Bible Ministries www.deanbibleministries.org

1 Peter Series Lesson #009 March 26, 2015 Dean Bible Ministries www.deanbibleministries.org

1 Peter Series Lesson #009 March 26, 2015 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. C HOICE ; F OREKNOWLEDGE 1 P ETER 1:1 1 Pet. 1:1, Peter, an apostle of Jesus Christ, To the pilgrims of the Dispersion in

961 views • 41 slides
An Empirical Evaluation of Machine Learning Approaches for Angry Birds Anjali Narayan-Chen, Liqi

An Empirical Evaluation of Machine Learning Approaches for Angry Birds Anjali Narayan-Chen, Liqi

An Empirical Evaluation of Machine Learning Approaches for Angry Birds Anjali Narayan-Chen, Liqi Xu, & Jude Shavlik University of Wisconsin-Madison Presented in Beijing at the 23rd International Joint Conference on Artificial Intelligence ,

417 views • 27 slides
Prepare for Battle 1 Samuel 17 1 Samuel 16:6 & 7 6 When . . . Samuel saw Eliab [he] thought,

Prepare for Battle 1 Samuel 17 1 Samuel 16:6 & 7 6 When . . . Samuel saw Eliab [he] thought,

Prepare for Battle 1 Samuel 17 1 Samuel 16:6 & 7 6 When . . . Samuel saw Eliab [he] thought, Surely the L ORD S anointed stands here before the L ORD . 7 But the L ORD said to Samuel, Do not consider his appearance or his

667 views • 48 slides
Search Advertiser Fraud Joe DeBlasio, UC San Diego Saikat Guha, Microsoft Research, India

Search Advertiser Fraud Joe DeBlasio, UC San Diego Saikat Guha, Microsoft Research, India

Exploring the Dynamics of Search Advertiser Fraud Joe DeBlasio, UC San Diego Saikat Guha, Microsoft Research, India Geoffrey M. Voelker, UC San Diego Alex C. Snoeren, UC San Diego 2 Search Ad Fraud = Deceptive Advertising Search Ad Fraud

357 views • 31 slides
1 Samuel 22:1-2 NIV 1 David left Gath and escaped to the cave of Adullam. When his brothers and

1 Samuel 22:1-2 NIV 1 David left Gath and escaped to the cave of Adullam. When his brothers and

1 Samuel 22:1-2 NIV 1 David left Gath and escaped to the cave of Adullam. When his brothers and his fathers household heard about it, they went down to him there. 2 All those who were in distress or in debt or discontented gathered around

148 views • 14 slides
1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

288 views • 9 slides
15-721 DATABASE SYSTEMS Lecture #10 Query Execution & Scheduling Andy Pavlo / /

15-721 DATABASE SYSTEMS Lecture #10 Query Execution & Scheduling Andy Pavlo / /

15-721 DATABASE SYSTEMS Lecture #10 Query Execution & Scheduling Andy Pavlo / / Carnegie Mellon University / / Spring 2016 2 TODAYS AGENDA Process Models Query Parallelization Data Placement Scheduling 10 Crack Commandments

1.07k views • 84 slides
!"#$%&'&()*+,-&./)&0*./& !"#$#%&'()*+,#-.'/0123%#&'4565'

!"#$%&'&()*+,-&./)&0*./& !"#$#%&'()*+,#-.'/0123%#&'4565'

!"#$%&'&()*+,-&./)&0*./& !"#$#%&'()*+,#-.'/0123%#&'4565' 1/2.&23+4.&5)&6& & ! 7+"28+%'4-*93&#*&'3%'&9#':+;2"/-'/%;':+<3"#'!!' ! 4=/*9#'7+>?/-#'@+2%;/8+%' A

2.52k views • 196 slides
Rehab and Safe Patient Handling: Avoid Injury in the Workplace Stephanie Bendinelli, PT, DPT,

Rehab and Safe Patient Handling: Avoid Injury in the Workplace Stephanie Bendinelli, PT, DPT,

1/6/2020 Rehab and Safe Patient Handling: Avoid Injury in the Workplace Stephanie Bendinelli, PT, DPT, CSPHC Ashley Hursh, PT, MPT, CSPHC Disclosure Stephanie Bendinelli and Ashley Hursh have no financial disclosures that would be of

159 views • 13 slides
4 4 Mr. Robert Dawson/ Mr. Erik Shay JROTC Program for Accreditation (JPA) 4 th Brigade JROTC

4 4 Mr. Robert Dawson/ Mr. Erik Shay JROTC Program for Accreditation (JPA) 4 th Brigade JROTC

4 4 Mr. Robert Dawson/ Mr. Erik Shay JROTC Program for Accreditation (JPA) 4 th Brigade JROTC 4 JROTC Program for Accreditation Cadet Command Regulation 145-8-3 (15 January 2017) The JROTC Program for Accreditation (JPA) will be used

1.62k views • 124 slides
Focusing on Tighter Integration of CAT Tools and Corpora Milo Jakubek Translating and the

Focusing on Tighter Integration of CAT Tools and Corpora Milo Jakubek Translating and the

milos.jakubicek@sketchengine.co.uk Focusing on Tighter Integration of CAT Tools and Corpora Milo Jakubek Translating and the Computer 38 London, November 17, 2016 Milo Jakubek (Lexical Computing) CAT Tools and Corpora Nov 17,

258 views • 12 slides
Networks & Protocols INF566 - X2010 - 2012 Lecture 1(a) - Objectives, Outline, Evaluation

Networks & Protocols INF566 - X2010 - 2012 Lecture 1(a) - Objectives, Outline, Evaluation

Networks & Protocols INF566 - X2010 - 2012 Lecture 1(a) - Objectives, Outline, Evaluation thomas@thomasclausen.org http://www.thomasclausen.org mark@townsley.net http://www.townsley.net/ 1 Teaching Staff Thomas Clausen

791 views • 45 slides
4/20/2018 Welcome Special Kids, Special Care NICU Consortium Meeting April 25, 2018 Huffington

4/20/2018 Welcome Special Kids, Special Care NICU Consortium Meeting April 25, 2018 Huffington

4/20/2018 Welcome Special Kids, Special Care NICU Consortium Meeting April 25, 2018 Huffington Post 9:15 am Dr. Jens Top 10 Fun and Easy Strategies for Primitive Reflex Integration, In Infants and Children Jennifer Spiric, PT, DPT, Kids In

517 views • 14 slides
2010 ADA Facilities and Equipment STANDARDS Kaylan M. Dunlap, CASp, ADAC, LPTA Evan Terry

2010 ADA Facilities and Equipment STANDARDS Kaylan M. Dunlap, CASp, ADAC, LPTA Evan Terry

Accessible Medical Facilities and 8/29/2018 Equipment Accessible Medical 2010 ADA Facilities and Equipment STANDARDS Kaylan M. Dunlap, CASp, ADAC, LPTA Evan Terry Associates, LLC Learning Objectives Review accessibility requirements

631 views • 47 slides
Speech Technologies and Its Impact on Clinical Decision Making Rose Reedy, BSN, RN, C and JAMES

Speech Technologies and Its Impact on Clinical Decision Making Rose Reedy, BSN, RN, C and JAMES

Speech Technologies and Its Impact on Clinical Decision Making Rose Reedy, BSN, RN, C and JAMES ZADINSKY, MS Case Study: Dwight David Eisenhower Army Medical Center This case study provides an overview of one military treatment facility's (MTF)

113 views • 9 slides
Malware: Viruses CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula,

Malware: Viruses CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula,

Malware: Viruses CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca Portnoff, Nate

555 views • 28 slides
Evading/Attacking NIDS Insertion, Evasion, DoS Attacks Proposed Solutions Traf fi c

Evading/Attacking NIDS Insertion, Evasion, DoS Attacks Proposed Solutions Traf fi c

Agenda Network ID Systems Architecture, Problems Evading/Attacking NIDS Insertion, Evasion, DoS Attacks Proposed Solutions Traf fi c Normalization Priyank Porwal Active Mapping COMP 290 Network Intrusion Detection

397 views • 11 slides

More recommend