In Search of Segmentation

•

15 recomendaciones•265,530 vistas

The document discusses the challenges of implementing effective network segmentation across modern distributed systems. It outlines several common mechanisms used for segmentation, such as VPC networks, security groups, Docker networking, and eBPF/Calico policies. However, it notes that individually these approaches face issues with scalability, coordination, and potential for misconfiguration. The document advocates for a hierarchical approach to segmentation that enforces consistent policies across layers from IAM roles to security groups to individual networks or segments. It raises open questions around coordinating policy specification and management across the different available mechanisms.

Tecnología

In Search of Segmentation
Adrian Cockcroft @adrianco
Technology Fellow - Battery Ventures
February 2016

What does @adrianco do?
@adrianco
Technology Due
Diligence on Deals
Presentations at
Conferences
Presentations at
Companies
Technical
Advice for Portfolio
Companies
Program
Committee for
Conferences
Networking with
Interesting PeopleTinkering with
Technologies
Maintain
Relationship with
Cloud Vendors
http://www.slideshare.net/adriancockcroft

Airgaps closing
Industrial IoT
Security blanket perimeter firewalls
Datacenter to cloud transitions
New systems of engagement
http://peanuts.wikia.com/wiki/Linus'_security_blanket

A can talk to B
B can talk to C
A must not talk to C
A B C

Y and Z failure modes
must be independent so
X can always succeed
Y
X
Z

Availability requirements drive
a need for distributed
segmentation

Over-reliance on one
mechanism leads to abuse…

Lack of coordination across
many mechanisms leads to
fragility

Disclaimer:
I’m not a developer, I don’t have hands-on
experience with any of these mechanisms,
I’m looking for input where I’m wrong or
missed something.
Also, apologies if I didn’t namecheck your favorite project/product.

Datacenters/AWS Accounts
IAM/AD/LDAP Roles
VPC/VLAN Networks
Security Groups/Hypervisor
IPtables/Calico Policy
Docker Links/Weave Overlay
Ops
Dev

B
Accounts and Roles
Who can set policy for what?
Needs distributed policy management
A C

Network Segmentation
Who controls the network?
A B C

Network Segmentation
Datacenter policies are based on
separation of duties. Tickets,
Network admins and VLANs

Network Segmentation
AWS VPC networking uses
developer-driven automation,
loses separation of duties…

VPC Abuse Antipattern
Lots of small VPC networks for
microservices, end up in IP address
space capacity management hell…

Hypervisor and Security
Group Segmentation
Distributed firewall rules
A B CA B

Security Group Abuse Antipattern
Too many microservices need to be in the
same group, overloads configuration
limitations

Kernel eBPF & Calico
IPtables Segmentation
Distributed firewall rules
A B CA B

IPtables Segmentation
Can use IP Sets to scale
Managed in the container host OS
Separates routing reachability from access
policy

Docker & Weave
Segmentation
Docker daemon manages connections
B CA
B C

proxy:
build: ./proxy
ports:
- "8080:8080"
links:
- app
app:
build: ./app
links:
- db
db:
image: postgres
Docker Compose V1
proxy app db
8080

version: '2'
services:
proxy:
build: ./proxy
ports:
- "8080:8080"
networks:
- front
app:
build: ./app
networks:
- front
- back
db:
image: postgres
networks:
- back
networks:
front:
back:
Docker Compose V2
proxy app db
8080
front backfront

Docker Segmentation
Overlay network created and
managed by Docker or Weave.
DNS based lookups.

Segmentation Scalability
Real world microservices
architectures have hundreds to
thousands of distinct microservices

Segmentation Scalability
There’s often a few very popular
microservices that everyone else
wants to talk to

Datacenters/AWS Accounts
IAM/AD/LDAP Roles
VPC/VLAN Networks
Security Groups/Hypervisor
IPtables/Calico Policy
Docker Links/Weave Overlay
How to
coordinate
across all
these layers?
How to scale to 1000+ segments?

Hierarchical Segmentation
Enforced by IAM roles at every level
B CA
B C
E FD
E F
Security Group X Security Group Y
VPC Z - Manage a reasonable number of large network spaces
D
X
An AWS oriented example…
AWS Account - Manage across multiple accounts

Policy Specification Options
Docker Compose V2
Kubernetes/Mesos policy
Calico/Cisco Contiv
AWS IAM/AD Policies
How to
coordinate
any/all of
these?

Comments and Questions?
Adrian Cockcroft @adrianco
http://slideshare.com/adriancockcroft
Technology Fellow - Battery Ventures
See www.battery.com for a list of portfolio investments

Security
Visit http://www.battery.com/our-companies/ for a full list of all portfolio companies in which all Battery Funds have invested.
Palo Alto Networks
Enterprise IT
Operations &
Management
Big DataCompute
Networking
Storage

Más contenido relacionado

La actualidad más candente

You just got “done” with the transformation of your organization (or parts of it) to leverage more DevOps practices, and now the next hot thing is taking over the industry: containers, Cloud Native, SRE, GitOps, Kubernetes, etc. What’s a DevOps Manager to do? Throw away the last few years and rebrand the team as Cloud Native SREs? Technological advancement not only provides advancement in “what” a modern technology architecture looks like, it can also provide advancement in the processes and the day to day of an organization’s technology teams. We’ve seen this before in the move from mainframe to client-server, and client-server to Cloud. In this presentation I’ll talk about the relationship of DevOps to Cloud Native technologies, and help make sense of all the jargon - containers, microservices, orchestration (and Kubernetes), SRE, GitOps, etc. I’ll also talk about how some processes & practices in the world of DevOps change when leveraging these technologies. Attendees will leave with a base understanding of what a DevOps operating model looks like when leveraging modern Cloud Native technologies.

DevOps in a Cloud Native World

Michael Ducy

With the involvement of over a dozen vendors and Java user groups, 140 individual contributors and over half a dozen independent implementations, Eclipse MicroProfile is leading the way in seriously open cloud-native Java technologies. With MicroProfile, OpenJ9 and Open Liberty you can have fully open stack solution that is enterprise grade, perfectly compatible with microservice architecture and easy to use. Come to this session to learn how you can apply MicroProfile to build robust and scalable microservices without locking yourself into a single vendor.

Seriously Open Cloud Native Java Microservices

Jamie Coleman

How can you tell if meeting room A302 is occupied right now? Ask an API! The same Cisco Collab devices that provide high-quality video are also embedding a rich API where you can get real-time info and create a personalized experience with custom UI controls. In this talk, we’ll detail how to create controls to turn off the lights or take the curtains down, how to build interactive maps that show rooms occupation in React, or build a Maze game in Javascript and deploy it to the latest Cisco Collab devices. If you love modern user experiences, IoT, know a bit Javascript, come get inspired!

Meeting rooms are talking! are you listening?

Cisco DevNet

Join to explore concrete use cases implemented with the Administrative & Serviceability capabilities of Webex Teams (formally Cisco Spark) APIs. We'll cover how to manage Webex Teams Users but also track Spaces activity through the recently added /events API resource. Moreover, we will dig into the possibilities offered by the xAPI for Webex Teams-registered devices: discover Company Branding, People counting, and how to initiate Video Calls to Webex Teams & SIP addresses. This session is aimed at Webex Teams Administrators, Compliance Officers, and Cisco Collaboration Endpoints owners. DEVNET-3610 https://www.ciscolive.com/us/learn/sessions/session-catalog/?search=DEVNET-3610

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610

Cisco DevNet

Presented by: Jeff Luszcz, ZebraCatZebra Presented at All Things Open 2020 Abstract: Open Source powers the world, but you need to do more than use it. In this talk we will provide background on the most common types of open source licenses, business models, security issues and the processes required to help you remain secure and in compliance. We will discuss best practices, scanning tools, remediation, customer and partner expectations around OSS compliance and how to manage OSS during events such as a product release or M&A.

Open Source Licensing: Types, Strategies and Compliance

All Things Open

Cisco’s DX / MX / SX and Room Kit immersive telepresence room systems are highly customizable and configurable, providing multiple ways to integrate with room amenities like lighting, shades and projectors as well as provide customized user/presenter controls. Application developers can leverage the Cisco Collaboration Endpoint - CE API to examine meeting rooms utilization via people counting, but also initiate video calls. Join us for this overview and demo-rich session to learn how to create In-Room Controls, Javascript Macros and xAPI calls. DEVNET-2071 https://www.ciscolive.com/us/learn/sessions/session-catalog/?search=DEVNET-2071

Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...

Cisco DevNet

Overpowered Kubernetes: CI/CD for K8s on Enterprise IaaS by Juan Carlos Ruiz Rico Kubernetes has taken the container world by storm, becoming the popular choice for developers and operations teams alike to manage their container deployments at scale. In this session learn how Oracle's managed Kubernetes service combines the power of Kubernetes with the raw performance of Oracle Cloud Infrastructure. See how you can avoid the complexity of standing up and maintaining your own Kubernetes infrastructure while giving your containers direct access to native bare metal performance and empowering development teams to achieve continuous integration and continuous delivery goals with Wercker.

Overpowered Kubernetes: CI/CD for K8s on Enterprise IaaS

J On The Beach

A session in the DevNet Zone at Cisco Live, Berlin. As IT strives to become Fast IT, application architectures are undergoing fundamental disruption to enable faster development to deployment lifecycles. As part of this trend, the number of applications being created using microservices architectures and container technologies like Docker is exploding. This new "cloud native" framework makes deployments on-prem or public cloud seamless. In this session, we will look at these evolving trends and how several open source technologies have converged to provide enterprises the ability to innovate at unprecedented levels.

Enabling Fast IT using Containers, Microservices and DAVROS models: an overview

Cisco DevNet

API Design Principles Essential

Oracle Korea

MVC 1.0 / JSR 371

David Delabassee

Microservices are the new black. You've heard about them, you've read about them, you may have even implemented a few, but sooner or later you'll run into the age-old conundrum: How do I break my monolith apart? Where do I draw service boundaries? In this talk you will learn several widely-applicable strategies for decomposing your monolithic application, along with their respective risks and the appropriate mitigation strategies. These techniques are widely used at Wix, took us a long time to develop and have proven consistently effective; hopefully they will help you avoid the same battle scars.

The art of decomposing monoliths

Kfir Bloch

Adopt-a-JSR for JSON Processing 1.1, JSR 374

Heather VanCura

In this session, we explore features and functions of AWS IoT services. We first cover AWS IoT fundamentals and our partner ecosystem. Then we discuss AWS IoT services in greater detail, review best practices for IoT solutions, and look at some common architectural patterns. With this foundation in place, we explore a use case for IoT applications. Leave this session with an understanding of how to start building IoT applications with AWS IoT.

IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...

Amazon Web Services

2015 Q4 webrtc standards update

Alexandre Gouaillard

Another compilation method in java - AOT (Ahead of Time) compilation

Logico

Api more than payload (2021 Update)

Phil Wilkins

Introduction to Reactive Streams and Reactor 2.5

Stéphane Maldini

Melhore o Desenvolvimento do Time com DevOps na Nuvem

Bruno Borges

This presentation introduces the new Java EE 8 Security API JSR 375. Originally presented at Devoxx France 2015, the slides present the motivation behind the new JSR, some history, the expert group, and a summary of ideas. The slides were created after the expert group had been meeting for about a month, so the ideas are raw and undeveloped. However, the ideas in the slides do indicate the general direction the JSR is headed, with respect to modernizing, simplifying, and standardizing the Java EE Security API.

Finally, EE Security API JSR 375

Alex Kosowski

In this session we’ll highlight Microsoft’s open source offerings for Azure, and talk about how Java developers could benefit from using Azure services in their applications. The focus will be on real-world examples using Microsoft’s open source SDKs on GitHub and tools available for non-Microsoft developers, with a drill-down into our Java offerings and how they can enhance Java applications. We also want to gather feedback from attendees on some exciting new offerings designed to make it easier to deliver Java in the cloud. =========================================================================== Brian Benz is a Senior Program Manager, focusing on Java at Microsoft. These days Brian spends his time helping Java developers and customers recognize the value and benefits of working on the Cloud with Microsoft Azure. Brian is a former Philly area resident and used to attend Philly JUG many years ago.

Java on Azure

Philly JUG

La actualidad más candente (20)

DevOps in a Cloud Native World

Seriously Open Cloud Native Java Microservices

Meeting rooms are talking! are you listening?

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610

Open Source Licensing: Types, Strategies and Compliance

Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...

Overpowered Kubernetes: CI/CD for K8s on Enterprise IaaS

Enabling Fast IT using Containers, Microservices and DAVROS models: an overview

API Design Principles Essential

MVC 1.0 / JSR 371

The art of decomposing monoliths

Adopt-a-JSR for JSON Processing 1.1, JSR 374

IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...

2015 Q4 webrtc standards update

Another compilation method in java - AOT (Ahead of Time) compilation

Api more than payload (2021 Update)

Introduction to Reactive Streams and Reactor 2.5

Melhore o Desenvolvimento do Time com DevOps na Nuvem

Finally, EE Security API JSR 375

Java on Azure

Destacado

Production debugging is hard, and it’s getting harder. With architectures becoming more distributed and code more asynchronous and reactive, pinpointing and resolving errors that happen in production is no child’s game. This session covers some essential tools and more advanced techniques Scala developers can use to debug live applications and resolve errors quickly. It explores crucial techniques for distributed debugging - and some of the pitfalls that make resolution much harder, and can lead to downtime. The talk also touches on some little-known JVM tools and capabilities that give you super-deep visibility at high scale without making you restart it or attach debuggers.

Advanced Production Debugging

Takipi

Java 9: The (G1) GC Awakens!

Monica Beckwith

SQL is the winning language of Big Data. Whether you’re running a classic relational database, a column store (“NewSQL”), or a non-relational storage system (“NoSQL”), a powerful, declarative, SQL-based query language makes the difference. The SQL standard has evolved drastically in the past decades, and so have its commercial and open source implementations. In this fast-paced talk, we’re going to look at very peculiar and interesting data problems and how we can solve them with SQL. We’ll explore common table expressions, hierarchical SQL, table-valued functions, lateral joins, row value expressions, window functions, and advanced data types, such as XML and JSON. And we’ll look at Oracle’s mysterious MODEL and MATCH_RECOGNIZE clauses, devices whose mystery is only exceeded by their power. Most importantly, however, we’re going to learn that everyone can write advanced SQL. Once you learn the basics in these tricks, you’re going to love SQL even more.

10 SQL Tricks that You Didn't Think Were Possible

Lukas Eder

Scala Days NYC 2016

Martin Odersky

Java SE 8 best practices

Stephen Colebourne

Microservices + Oracle: A Bright Future

Kelly Goetsch

Destacado (6)

Advanced Production Debugging

Java 9: The (G1) GC Awakens!

10 SQL Tricks that You Didn't Think Were Possible

Scala Days NYC 2016

Java SE 8 best practices

Microservices + Oracle: A Bright Future

Similar a In Search of Segmentation

The Future of Cloud Innovation, featuring Adrian Cockcroft

Dun & Bradstreet Cloud Innovation Center

Programming the world with Docker

Patrick Chanezon

Hyperledger & blockchain meetup - Milano 23.10.2019

Carlo Ferrarini

Are you worried about granting too much access to resources on your Kubernetes cluster? With the extensible framework of Kubernetes, there is scarcely a day without a new tool popping up. In order to ensure the tools, users, and applications have appropriate security policies, a streamlined onboarding process is required. The onboarding process not only streamlines how securely we can grant access but also enables self-service capabilities improving the user experience. In this workshop, audiences will get a good understanding of common pitfalls and how to avoid them by leveraging the Role-Based architecture approach, pod security policies, admission controllers, policy enforcement through OPA, etc.

PRO TALK - Kubernetes Security Workshop.pdf

AvinashDesireddy

Kubernetes Security Workshop

Mirantis

Tampere Docker meetup - Happy 5th Birthday Docker

Sakari Hoisko

Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow Software Defined Networking (SDN) is a new approach to networking, both to the data centre, and as a connection across data centers. SDN defines the networks in software, meaning designers can operate, control, and configure networks without physical access to the hardware. Effectively, SDN frees the network and applications from underlying hardware. New technologies are making it possible for enterprises to use virtualized networks over any type of hardware in any physical location - including unifying physical data centers and federating cloud-based data centers. In his session at the 12th International Cloud Expo, Patrick Kerpan, the CEO and co-founder of CohesiveFT, will highlight customer use cases to demonstrate a broader SDN definition.

Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow

Cohesive Networks

Wwc developing hyperledger applications v4

LennartF

Following topics will be addressed into presentation: Motivation and goals of splitting monolith application Criteria and markers to start splitting process. Is it necessary at all? Optimal order of extracting microservices How organize the whole process in closed iterative steps? What can be done with common libraries and shared code? Options for technology and deployment of target microservices How organize and motivate the teams and convince management? Speaker Bio Andrei is a Software Architect in VMWare Tanzu Labs. The areas of his interest are REST API design, Microservices, Cloud, resilient distributed systems, security and agile development. Andrei is PMC and committer of Apache CXF and committer of Syncope projects.

Microservices.pdf

SelmaJelovac1

In this talk, you will hear the best practices from analysts at Gartner, engineers at Heroku, and experiences at VSP distilled down into a top ten list of characteristics that applications ought to have to achieve high availability, scalability and flexibility. Target audience includes developers of APIs and web-based applications, the analysts and architects that design them and the infrastructure teams that support them.

Top10 Characteristics of Awesome Apps

Casey Lee

In celebration of Docker's 5th birthday in March, user groups all around the world hosted birthday events with an introduction to Docker presentation and hands-on-labs. We invited Docker users to recognize where they were on their Docker journey and the goal was to help them take the next step of their journey with the help of mentors. This presentation was done at the beginning of the events (this one is from the San Francisco event in HQ) and gives a run down of the birthday event series, Docker's momentum, a basic explanation of containers, the benefits of using the Docker platform, Docker + Kubernetes and more.

Docker Bday #5, SF Edition: Introduction to Docker

Docker, Inc.

Designing CloudStack Clouds

ShapeBlue

Software Architecture Conference - Monitoring Microservices - A Challenge

Adrian Cockcroft

Microservices Architecture, Monolith Migration Patterns

Araf Karsh Hamid

DockerCon 16 General Session Day 2

Docker, Inc.

A hands-on workshop will go over the foundations of the containers platform, including an overview of the platform system components: images, containers, repositories, clustering, and orchestration. The strategy is to demonstrate through "live demo, and hands-on exercises." The reuse case of containers in building a portable distributed application cluster running a variety of workloads including HPC workload.

Bahrain ch9 introduction to docker 5th birthday

Walid Shaari

Service Mesh and Serverless Chatbots with Linkerd, K8s and OpenFaaS

Software Guru

Blockchain Defined Perimeter for Cloud Security

Block Armour

Defrag X Keynote: Deploying and managing Global Blockchain Network

Duncan Johnston-Watt

Defrag x blockchain keynote

Morgan Brooke Wright

Similar a In Search of Segmentation (20)

The Future of Cloud Innovation, featuring Adrian Cockcroft

Programming the world with Docker

Hyperledger & blockchain meetup - Milano 23.10.2019

PRO TALK - Kubernetes Security Workshop.pdf

Kubernetes Security Workshop

Tampere Docker meetup - Happy 5th Birthday Docker

Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow

Wwc developing hyperledger applications v4

Microservices.pdf

Top10 Characteristics of Awesome Apps

Docker Bday #5, SF Edition: Introduction to Docker

Designing CloudStack Clouds

Software Architecture Conference - Monitoring Microservices - A Challenge

Microservices Architecture, Monolith Migration Patterns

DockerCon 16 General Session Day 2

Bahrain ch9 introduction to docker 5th birthday

Service Mesh and Serverless Chatbots with Linkerd, K8s and OpenFaaS

Blockchain Defined Perimeter for Cloud Security

Defrag X Keynote: Deploying and managing Global Blockchain Network

Defrag x blockchain keynote

Más de Adrian Cockcroft

Microservices Workshop All Topics Deck 2016

Adrian Cockcroft

Gophercon 2016 Communicating Sequential Goroutines

Adrian Cockcroft

Monitoring Challenges - Monitorama 2016 - Monitoringless

Adrian Cockcroft

Microservices Application Tracing Standards and Simulators - Adrians at OSCON

Adrian Cockcroft

Microservices Workshop - Craft Conference

Adrian Cockcroft

Evolution of Microservices - Craft Conference

Adrian Cockcroft

Microservices: What's Missing - O'Reilly Software Architecture New York

Adrian Cockcroft

What's Missing? Microservices Meetup at Cisco

Adrian Cockcroft

Microxchg Analyzing Response Time Distributions for Microservices

Adrian Cockcroft

Innovation and Architecture

Adrian Cockcroft

Cloud Trends Nov2015 Structure

Adrian Cockcroft

Openstack Silicon Valley - Vendor Lock In

Adrian Cockcroft

Businesses are speeding up development and automating operations to remain competitive and to get large organizations to scale. Project based monolithic application updates are replaced by product teams owning containerized microservices. This puts developers on call, responsible for pushing code to production, fixing it when it breaks, and managing the cost and security aspects of running their microservices. In this world operations skill-sets are either embedded in the microservices development teams, or building and operating API driven platforms. The platform automates stress testing, canary based deployment, penetration testing and enforces availability and security requirements. There are no meetings or tickets to file in the delivery process for updating a containerized microservice, which can happen many times a day, and takes seconds to complete. The role of site reliability engineering moves from firefighting and fixing outages to buiding tools for finding problems and routing those problems to the right developers. SREs manage the incident lifecycle for customer visible problems, and measure and publish availability metrics. This may sound futuristic but Werner Vogels described this as “You build it, you run it” in 2006.

When Developers Operate and Operators Develop

Adrian Cockcroft

It's clear that Docker speeds up development and makes testing and deployment more efficient. As Docker moves into production new use cases and patterns are emerging that address availability and security concerns. With microservices, safety is part of the architecture that developers need to understand and build for. It's no longer good enough to wrap a firewall around an entire app when it goes to production, and have a cold standby in case it breaks.

Dockercon 2015 - Faster Cheaper Safer

Adrian Cockcroft

Sildes of an internal talk given at Twitter similar to a previous webinar for Redhat with the same title. Speeding up development is a key concern, cloud and technology improvements like Docker speed up key steps that make continuous delivery possible. Breaking up the work into many separate microservices and datastores with stable APIs allows teams to make progress independently so that the organization scales. Monolithic apps are preferred for small projects, built by small teams and when very low latency and high efficiency is the primary requirement. Monitoring microservices is currently a challenge with solutions starting to emerge.

Microservices the Good Bad and the Ugly

Adrian Cockcroft

Gluecon Monitoring Microservices and Containers: A Challenge

Adrian Cockcroft

Microxchg Microservices

Adrian Cockcroft

Cloud Native Cost Optimization UCC

Adrian Cockcroft

Dockercon State of the Art in Microservices

Adrian Cockcroft

Goto Berlin - Migrating to Microservices (Fast Delivery)

Adrian Cockcroft

Más de Adrian Cockcroft (20)

Microservices Workshop All Topics Deck 2016

Gophercon 2016 Communicating Sequential Goroutines

Monitoring Challenges - Monitorama 2016 - Monitoringless

Microservices Application Tracing Standards and Simulators - Adrians at OSCON

Microservices Workshop - Craft Conference

Evolution of Microservices - Craft Conference

Microservices: What's Missing - O'Reilly Software Architecture New York

What's Missing? Microservices Meetup at Cisco

Microxchg Analyzing Response Time Distributions for Microservices

Innovation and Architecture

Cloud Trends Nov2015 Structure

Openstack Silicon Valley - Vendor Lock In

When Developers Operate and Operators Develop

Dockercon 2015 - Faster Cheaper Safer

Microservices the Good Bad and the Ugly

Gluecon Monitoring Microservices and Containers: A Challenge

Microxchg Microservices

Cloud Native Cost Optimization UCC

Dockercon State of the Art in Microservices

Goto Berlin - Migrating to Microservices (Fast Delivery)

Último

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Choosing the right accounts payable services provider is a strategic decision that can significantly impact your business's financial performance and operational efficiency. By considering factors such as expertise, range of services, technology infrastructure, scalability, cost, and reputation, businesses can make informed decisions and select a provider that aligns with their unique needs and objectives. Partnering with the right provider can streamline accounts payable processes, drive cost savings, and position your business for long-term success. https://katprotech.com/accounts-payable-and-purchase-order-automation/

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Katpro Technologies

Histor y of HAM Radio presentation slide

vu2urc

A Call to Action for Generative AI in 2024

Results

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

In Search of Segmentation

1. In Search of Segmentation Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures February 2016

2. What does @adrianco do? @adrianco Technology Due Diligence on Deals Presentations at Conferences Presentations at Companies Technical Advice for Portfolio Companies Program Committee for Conferences Networking with Interesting PeopleTinkering with Technologies Maintain Relationship with Cloud Vendors http://www.slideshare.net/adriancockcroft

3. Segmentation

4. Industry Trends

5. Airgaps closing Industrial IoT Security blanket perimeter firewalls Datacenter to cloud transitions New systems of engagement http://peanuts.wikia.com/wiki/Linus'_security_blanket

6. Policy

7. A can talk to B B can talk to C A must not talk to C A B C

8. Y and Z failure modes must be independent so X can always succeed Y X Z

9. Availability requirements drive a need for distributed segmentation

10. Choices?

11. Too many choices!

12. Over-reliance on one mechanism leads to abuse…

13. Lack of coordination across many mechanisms leads to fragility

14. Example segmentation mechanisms

15. Disclaimer: I’m not a developer, I don’t have hands-on experience with any of these mechanisms, I’m looking for input where I’m wrong or missed something. Also, apologies if I didn’t namecheck your favorite project/product.

16. Datacenters/AWS Accounts IAM/AD/LDAP Roles VPC/VLAN Networks Security Groups/Hypervisor IPtables/Calico Policy Docker Links/Weave Overlay Ops Dev

17. B Accounts and Roles Who can set policy for what? Needs distributed policy management A C

18. Network Segmentation Who controls the network? A B C

19. Network Segmentation Datacenter policies are based on separation of duties. Tickets, Network admins and VLANs

20. Network Segmentation AWS VPC networking uses developer-driven automation, loses separation of duties…

21. VPC Abuse Antipattern Lots of small VPC networks for microservices, end up in IP address space capacity management hell…

22. Hypervisor and Security Group Segmentation Distributed firewall rules A B CA B

23. Security Group Abuse Antipattern Too many microservices need to be in the same group, overloads configuration limitations

24. Kernel eBPF & Calico IPtables Segmentation Distributed firewall rules A B CA B

25. IPtables Segmentation Can use IP Sets to scale Managed in the container host OS Separates routing reachability from access policy

26. Docker & Weave Segmentation Docker daemon manages connections B CA B C

27. proxy: build: ./proxy ports: - "8080:8080" links: - app app: build: ./app links: - db db: image: postgres Docker Compose V1 proxy app db 8080

28. version: '2' services: proxy: build: ./proxy ports: - "8080:8080" networks: - front app: build: ./app networks: - front - back db: image: postgres networks: - back networks: front: back: Docker Compose V2 proxy app db 8080 front backfront

29. Docker Segmentation Overlay network created and managed by Docker or Weave. DNS based lookups.

30. Segmentation Scalability Real world microservices architectures have hundreds to thousands of distinct microservices

31. Segmentation Scalability There’s often a few very popular microservices that everyone else wants to talk to

32. Datacenters/AWS Accounts IAM/AD/LDAP Roles VPC/VLAN Networks Security Groups/Hypervisor IPtables/Calico Policy Docker Links/Weave Overlay How to coordinate across all these layers? How to scale to 1000+ segments?

33. Hierarchical Segmentation Enforced by IAM roles at every level B CA B C E FD E F Security Group X Security Group Y VPC Z - Manage a reasonable number of large network spaces D X An AWS oriented example… AWS Account - Manage across multiple accounts

34. Policy Specification Options Docker Compose V2 Kubernetes/Mesos policy Calico/Cisco Contiv AWS IAM/AD Policies How to coordinate any/all of these?

35. Comments and Questions? Adrian Cockcroft @adrianco http://slideshare.com/adriancockcroft Technology Fellow - Battery Ventures See www.battery.com for a list of portfolio investments

36. Security Visit http://www.battery.com/our-companies/ for a full list of all portfolio companies in which all Battery Funds have invested. Palo Alto Networks Enterprise IT Operations & Management Big DataCompute Networking Storage

In Search of Segmentation

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (6)

Similar a In Search of Segmentation

Similar a In Search of Segmentation (20)

Más de Adrian Cockcroft

Más de Adrian Cockcroft (20)

Último

Último (20)

In Search of Segmentation