jobber
play

Jobber Automating Inter-Tenant Trust in The Cloud Andy Sayler - PowerPoint PPT Presentation

Jun 25, 2023 •393 likes •1k views

Jobber Automating Inter-Tenant Trust in The Cloud Andy Sayler Eric Keller Dirk Grunwald How can we make the Data Center... more efficient? more secure? more manageable? Over 50% Enterprise Companies Use Cloud Infrastructure* * Cohen,

  1. Jobber Automating Inter-Tenant Trust in The Cloud Andy Sayler Eric Keller Dirk Grunwald

  2. How can we make the Data Center... more efficient? more secure? more manageable?

  3. Over 50% Enterprise Companies Use Cloud Infrastructure* * Cohen, Reuven. The Cloud Hits the Mainstream: More than Half of U.S. Businesses Now Use Cloud Computing . Forbes. April 16th, 2013.

  4. 10% to 40% of all Data Center Traffic is Inter-Tenant Traffic* * BALLANI, H., JANG, K., AND KARAGIANNIS, T. Chatty Tenants and the Cloud Network Sharing Problem. Proc. of NSDI (2013).

  5. Ad Network ↔ Web Host CDN ↔ ISP NSA ↔ Google, Yahoo, Etc

  6. emphasis is on isolation hindering inter-tenant traffic Tenant Tenant Tenant A B C

  7. all traffic is untrusted Tenant Tenant Tenant A B C

  8. manual static configuration Tenant Tenant Tenant A B C

  9. misconfiguration is a major security problem Tenant Tenant Tenant A B C

  10. extra overhead prone to error untapped potential Tenant Tenant Tenant A B C

  11. optimize trusted traffic Tenant Tenant Tenant A B C

  12. optimize trusted traffic while filtering untrusted traffic Tenant Tenant Tenant A B C

  13. automatically Tenant Tenant Tenant A B C

  14. Jobber a dynamic network security architecture designed to handle the volatile nature of the cloud and the desire for optimized inter-tenant communication

  15. Jobber Components

  16. How can we securely designate trusted and untrusted traffic?

  17. trust networks

  18. Introduction Based Routing * Social Relationships Behavioral Reputation ... * FRAZIER, G., DUONG, Q., WELLMAN, M., AND PETERSEN, E. Incentivizing responsible networking via introduction-based routing. Trust and Trustworthy Computing 6740 (2011).

  19. Introduction Based Routing Host M Host Q Host G

  20. Introduction Based Routing Host M Host Q Host G

  21. Introduction Based Routing Host M Host Q Host G

  22. Introduction Based Routing Host M X Host Q Host G

  23. How can we automatically ascertain and track reputation?

  24. sensor frameworks

  25. Open Source Frameworks (nagios, ...) Platform-Specific Frameworks (Amazon CloudWatch, ...) Custom Solutions (Big Data analytic tools, ..)

  26. Jobber Sensor Framework Data Collection Interface Intrusion Host Firewall Router Detection System ... Alerts Status Etc System Logs

  27. Jobber Sensor Framework Behavior Classification Layer Sampling and Throttling Layer Data Collection Interface Intrusion Host Firewall Router Detection System ... Alerts Status Etc System Logs

  28. Jobber Sensor Tenant Reputation Database Framework Tenant Aggregation Layer Behavior Classification Layer Sampling and Throttling Layer Data Collection Interface Intrusion Host Firewall Router Detection System ... Alerts Status Etc System Logs

  29. Jobber Server Jobber Tenant Reputation Query Interface Sensor Tenant Reputation Database Framework Tenant Aggregation Layer Behavior Classification Layer Sampling and Throttling Layer Data Collection Interface Intrusion Host Firewall Router Detection System ... Alerts Status Etc System Logs

  30. How can we control network and resource access?

  31. programmable routing

  32. Standardized Interfaces (OpenFlow, MPLS, GRE, ...) Cloud Platforms (EC2, OpenStack, ...) Vendor Systems (Cisco, HP, ...)

  34. Jobber Architectures

  35. Data Center Legacy vs Future Host Modified vs Unmodified Jobber Routing Active vs Passive IBR Distributed vs Centralized

  36. Legacy Data Center Host Aware

  37. Jobber Jobber Server Server Security Security Middlebox Middlebox Jobber Client Jobber Client Jobber Client Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  38. Jobber Jobber Server Server Security Security Middlebox Middlebox 1 Jobber Client Jobber Client Jobber Client Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  39. 2 Jobber Jobber Server Server Security Security Middlebox Middlebox 1 Jobber Client Jobber Client Jobber Client Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  40. 2 Jobber Jobber Server Server Security Security Middlebox Middlebox 1 Jobber Client Jobber Client Jobber Client 3 Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  41. Legacy Legacy SDN Aware Agnostic Agnostic Deployable Yes Today Unmodified No Host Passive No Routing Central IBR No Coordination

  42. Legacy Data Center Host Unaware

  43. Jobber Jobber Server Server VPC Sensor VPC Sensor Router Router Framework Framework Security Security Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  44. Jobber Jobber Server Server VPC Sensor VPC Sensor Router Router Framework Framework 1 Security Security Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  45. 2 Jobber Jobber Server Server VPC Sensor VPC Sensor Router Router Framework Framework 1 Security Security Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  46. 2 Jobber Jobber Server Server VPC Sensor VPC Sensor Router Router Framework Framework 1 Security Security 3 Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  47. Legacy Legacy SDN Aware Agnostic Agnostic Deployable Yes Yes Today Unmodified No Yes Host Passive No No Routing Central IBR No No Coordination

  48. SDN Data Center Host Unaware

  49. Data Center Network Provider SDN Controller Provider SDN Provider Jobber Client Switch Jobber Jobber Server Server Sensor Sensor Framework Framework Security Security Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  50. Data Center Network Provider SDN Controller Provider SDN Provider Jobber Client Switch 1 Jobber Jobber Server Server Sensor Sensor Framework Framework Security Security Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  51. Data Center Network Provider SDN Controller Provider SDN Provider Jobber Client Switch 2 1 Jobber Jobber Server Server Sensor Sensor Framework Framework Security Security Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  52. Data Center Network Provider SDN Controller Provider SDN Provider Jobber Client Switch 2 1 Jobber Jobber Server Server 3 Sensor Sensor Framework Framework Security Security Middlebox Middlebox Local Local Local Local Local Local Apps Firewall Apps Firewall Apps Firewall Virtual Machine Virtual Machine Virtual Machine Tenant A Tenant B

  53. Legacy Legacy SDN Aware Agnostic Agnostic Deployable Yes Yes No Today Unmodified No Yes Yes Host Passive No No Yes Routing Central IBR No No Yes Coordination

  54. Current Status

  55. Complete Multi-Architecture Design Proof-of-concept Prototype In Progress Full-system Prototype for SDN Arch. Partial Prototypes for Legacy Archs. To Do Performance Analysis & Evaluation Usability Analysis & Evaluation

  56. How can we make the datacenter... more efficient? more secure? more manageable?

  57. Jobber Provides... efficiency via direct inter-tenant communication security via introduction-based-routing manageability via automatic network control

  58. Questions

  59. Graduated or Binary Trust Designations? Acceptable Overhead? Performance Requirements? Best Architecture? Jobber as a Service? Economics of IBR?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Nytt fra NMKL for Vannringen p Svalbard 03.05.12 Urd Bente Andersen leder Nnk

Nytt fra NMKL for Vannringen p Svalbard 03.05.12 Urd Bente Andersen leder Nnk

Nordic Committee on Food Analysis www.nmkl.org Nytt fra NMKL for Vannringen p Svalbard 03.05.12 Urd Bente Andersen leder Nnk Vannringen/03.05.12/NMKL/UBA 1 Nytt fra NMKL Litt om NMKL Organisering Hvordan vi jobber

998 views • 15 slides
Measuring the Adoption of Route Origin Validation and Filtering Andreas Reuter

Measuring the Adoption of Route Origin Validation and Filtering Andreas Reuter

Measuring the Adoption of Route Origin Validation and Filtering Andreas Reuter (andreas.reuter@fu-berlin.de) Joint work with Randy Bush, Ethan Katz-Bassett, Italo Cunha, Thomas C. Schmidt, and Matthias Whlisch PEERING The BGP Testbed The BGP

1.56k views • 52 slides
Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich Ian Goldberg 20 June 2017 EPFL Summer Research Institute Censorship Censors may monitor, alter or block traffic that enters or leaves their area

909 views • 53 slides
Agenda Topology Discovery Background Limitations using mrinfo-rec A new probing tool:

Agenda Topology Discovery Background Limitations using mrinfo-rec A new probing tool:

MERLIN Measure the Router Level of the INternet Pascal Mrindol, Benoit Donnet, Jean-Jacques Pansiot, Matthew Luckie, Young Hyun Kaiserslautern - June 2011 Next Generation Internet 2011 Agenda Topology Discovery Background Limitations

414 views • 9 slides
Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting,

Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting,

GRNET Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting, Dubrovnik, Croatia Contents 2 Firewall-On-Demand Motivation & Technology background Implementation Future plans &

470 views • 26 slides
Performance Evaluation of Open Virtual Routers M.Siraj Rathore siraj@kth.se Outline Network

Performance Evaluation of Open Virtual Routers M.Siraj Rathore siraj@kth.se Outline Network

Performance Evaluation of Open Virtual Routers M.Siraj Rathore siraj@kth.se Outline Network Virtualization PC based Virtual Routers Challenges Virtual Router Design Performance Evaluation Conclusion Network

619 views • 17 slides
2Q19 Supplemental Slides John McCallion Chief Financial Officer Cautionary Statement on

2Q19 Supplemental Slides John McCallion Chief Financial Officer Cautionary Statement on

2Q19 Supplemental Slides John McCallion Chief Financial Officer Cautionary Statement on Forward-Looking Statements This presentation may contain or refer to forward-looking statements. Forward-looking statements give expectations or forecasts

510 views • 21 slides
NON-GAAP FINANCIAL MEASURES Quarter Ended March 31, 2020 1 NON-GAAP FINANCIAL MEASURES We

NON-GAAP FINANCIAL MEASURES Quarter Ended March 31, 2020 1 NON-GAAP FINANCIAL MEASURES We

NON-GAAP FINANCIAL MEASURES Quarter Ended March 31, 2020 1 NON-GAAP FINANCIAL MEASURES We believe that revenues, net income and net income attributable to common stockholders (NICS), as defined by U.S. generally accepted accounting principles

447 views • 18 slides
Jersey Funds Association Accounting update 23 September 2020 Agenda Recap of last year

Jersey Funds Association Accounting update 23 September 2020 Agenda Recap of last year

Jersey Funds Association Accounting update 23 September 2020 Agenda Recap of last year Going concern considerations Fair value considerations Debt modifications and exchanges IFRS 16: Rent concessions Page 2 Section divider

436 views • 40 slides
EXCLUSION PROGRAM STE Program Regulations Workshop Tuesday, June 27, 2017 State Personnel Board

EXCLUSION PROGRAM STE Program Regulations Workshop Tuesday, June 27, 2017 State Personnel Board

SALES AND USE TAX EXCLUSION PROGRAM STE Program Regulations Workshop Tuesday, June 27, 2017 State Personnel Board Building 801 Capitol Mall, Room 150 Sacramento, CA 95814 Or via Webinar Live Captioning is available at:

228 views • 21 slides
Ca Care e Improvem ement for or Ser Serious I Illnes ess Patien ents NCIOM Task Force on

Ca Care e Improvem ement for or Ser Serious I Illnes ess Patien ents NCIOM Task Force on

Ca Care e Improvem ement for or Ser Serious I Illnes ess Patien ents NCIOM Task Force on Serious Illness Care April 12, 2019 Who are the seriously ill? They have: o Serious medical condition or many complex comorbidities o High

521 views • 9 slides
Rua Dr. Xavier Sigaud 150 Urca Rio de Janeiro RJ 22290-180 Prof. Mark Thomson, DUNE

Rua Dr. Xavier Sigaud 150 Urca Rio de Janeiro RJ 22290-180 Prof. Mark Thomson, DUNE

Rua Dr. Xavier Sigaud 150 Urca Rio de Janeiro RJ 22290-180 Prof. Mark Thomson, DUNE spokesperson Prof. Robert Wilson, IB chair Dear professors DUNE is one of the leading HEP experiments and one that is meant to be a truly international

162 views • 3 slides
Evaluating Your Practices Financial Health Disclaimer This webinar may be recorded. This

Evaluating Your Practices Financial Health Disclaimer This webinar may be recorded. This

Evaluating Your Practices Financial Health Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some state laws. This should not be used as legal advice. Itentive

740 views • 47 slides
Cash Flow, Inventory, and Your Financial Health Ollin Sykes, CPA, CTIP, CMA Scott Sykes, CPA

Cash Flow, Inventory, and Your Financial Health Ollin Sykes, CPA, CTIP, CMA Scott Sykes, CPA

10/18/19 1 Cash Flow, Inventory, and Your Financial Health Ollin Sykes, CPA, CTIP, CMA Scott Sykes, CPA Sykes & Company, P.A. 2 1 10/18/19 Disclosures There are no relevant financial relationships with ACCME- defined commercial

726 views • 27 slides
A86045 Accoun,ng and Financial Repor,ng (2017/2018) Session 15 Non-Financial Liabili,es

A86045 Accoun,ng and Financial Repor,ng (2017/2018) Session 15 Non-Financial Liabili,es

A86045 Accoun,ng and Financial Repor,ng (2017/2018) Session 15 Non-Financial Liabili,es (Provisions, Con,ngent Liabili,es and Assets) Paul G. Smith B.A., F.C.A. SESSION 15 OVERVIEW AND OBJECTIVES A 86045 Accoun,ng and Financial 2 Repor,ng

1.23k views • 57 slides
Plenary 5: Future of Transfer Pricing Moving towards Profit Split? Panelists Chi Chung

Plenary 5: Future of Transfer Pricing Moving towards Profit Split? Panelists Chi Chung

Plenary 5: Future of Transfer Pricing Moving towards Profit Split? Panelists Chi Chung (Academia Sinica, Host) Sangmo Shin (National Tax Service, Korea) Oscar Burakoff (Deloitte, USA) Hsiu-Ling Sung (Taxation Administration,

629 views • 42 slides
TOWARDS A MODERN APPROACH TO RISK MANAGEMENT Alex Hutton - @alexhutton I AM HERE ON MY OWN. I

TOWARDS A MODERN APPROACH TO RISK MANAGEMENT Alex Hutton - @alexhutton I AM HERE ON MY OWN. I

TOWARDS A MODERN APPROACH TO RISK MANAGEMENT Alex Hutton - @alexhutton I AM HERE ON MY OWN. I AM NOT SPEAKING ON BEHALF OF ZIONS BANCORP First, some inspiration: A New Approach for Managing Operational Risk Addressing the Issues Underlying

1.73k views • 147 slides
Polarion User Event Enterprise Architect 11 and more Peter Lieber, SparxSystems Central Europe

Polarion User Event Enterprise Architect 11 and more Peter Lieber, SparxSystems Central Europe

Polarion User Event Enterprise Architect 11 and more Peter Lieber, SparxSystems Central Europe Central Europe Central Europe Sparx Systems Central Europe Portfolio Enterprise Architect (auch) Deutschsprachiger Support Premium

782 views • 20 slides
CS 5150 So(ware Engineering 8. Models for Requirements William Y. Arms Models for Requirements

CS 5150 So(ware Engineering 8. Models for Requirements William Y. Arms Models for Requirements

Cornell University Compu1ng and Informa1on Science CS 5150 So(ware Engineering 8. Models for Requirements William Y. Arms Models for Requirements As you build understanding of the requirements through viewpoint analysis, scenarios, use

325 views • 30 slides
The e European opean Op Open en Scien cience ce Clo loud ud as an enabler abler for r da

The e European opean Op Open en Scien cience ce Clo loud ud as an enabler abler for r da

The e European opean Op Open en Scien cience ce Clo loud ud as an enabler abler for r da data ta dr driven iven science cience Un Unit ited ed Natio ions/I ns/Ita taly ly Worksh kshop op on the Open n Univ iverse rse

520 views • 20 slides
Malware Analysis Connecting Variants and Versions Arun Lakhotia University of Louisiana at

Malware Analysis Connecting Variants and Versions Arun Lakhotia University of Louisiana at

Malware Analysis Connecting Variants and Versions Arun Lakhotia University of Louisiana at Lafayette 1 ISSISP 2014 (C) Lakhotia 7/19/2017 Demo 2 ISSISP 2014 (C) Lakhotia 7/19/2017 MAGIC Connect Summary FOLLOW THS LINK:

691 views • 67 slides
Welfare-Enhancing Distributional Eects of Central Bank Asset Purchases Andreas Schabert

Welfare-Enhancing Distributional Eects of Central Bank Asset Purchases Andreas Schabert

Welfare-Enhancing Distributional Eects of Central Bank Asset Purchases Andreas Schabert University of Cologne November, 2017 2 I INTRODUCTION II THE MODEL III WELFARE ENHANCING ASSET PURCHASES IV STATE CONTINGENCY V CONCLUSION 3

497 views • 36 slides
Investment Adviser Regulation with Compliance Officer Perspectives October 6, 2017 Moderator:

Investment Adviser Regulation with Compliance Officer Perspectives October 6, 2017 Moderator:

Developments in Broker-Dealer and Investment Adviser Regulation with Compliance Officer Perspectives October 6, 2017 Moderator: Shane B. Hansen, Warner Norcross & Judd Kris Easter Guidroz, Securities and Exchange Commission Jennifer

666 views • 13 slides
Participant Direction 201: Support Brokerage in Participant Direction Services Suzanne Crisp,

Participant Direction 201: Support Brokerage in Participant Direction Services Suzanne Crisp,

Participant Direction 201: Support Brokerage in Participant Direction Services Suzanne Crisp, Director of Program Design and Implementation Merle Edwards-Orr, Director of Veteran Initiatives May 29, 2015 Goals for Today Examine the

552 views • 31 slides

More recommend