SlideShare ist ein Scribd-Unternehmen logo

Data centric mls rhel ecosystem

Als PPTX, PDF herunterladen
inside-BigData.com
inside-BigData.com

In this deck from the 2015 PBS Works User Group, Sarah Storms from Lockheed Martin presents: A New Multi-Level Security Initiative. "Historically cyber security in HPC has been limited to detecting intrusions rather than designing security from the beginning in a holistic, layered approach to protect the system. SELinux has provided the needed framework to address cyber security issues for a decade, but the lack of an HPC and data analysis eco-system based on SELinux and the perception that the resulting configuration is “hard” to use has prevented SELinux configurations from being widely accepted. This presentation will discuss the eco-system that has been developed and certified, debunk the “hard” perception, and illustrate approaches for both government and commercial applications. The presentation includes discussions on SELinux architecture and features, Altair PBS Professional Queuing System, Scale-out Lustre Storage, Applications Performance on SELinux (Vectorization and Parallelization), Relational Databases, and Security Functions (Auditing and other Security Administration actions)." Learn more: http://www.pbsworks.com/pbsug/2015/agenda.aspx Watch the video presentation: https://www.youtube.com/watch?v=kBNKmGCg4ho Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter

Technologie
1 von 26
CSCF UNCLASSIFIED UNCLASSIFIED © 2015 Lockheed Martin Corporation. All Rights Reserved. Data Centric MLS RHEL Ecosystem Sarah Storms Altair PBS User Group 201509
CSCF UNCLASSIFIED UNCLASSIFIED2 Agenda • Data-centric MLS RHEL • Historical Perspective • Ecosystem Description
CSCF UNCLASSIFIED UNCLASSIFIED3 Data-Centric MLS RHEL • In a sentence: – Data, processes, users, etc. are given a security label commensurate with their security level • Security Label Application – Networks • Data and users arriving on a particular network are labeled at the level of the network – Users • Users are labeled based on the network they are arriving on • Some exceptions allowed for compartments – Data, Objects and Processes • Data, objects, and processes are labeled based on the security label of the user or process that created them
CSCF UNCLASSIFIED UNCLASSIFIED4 Data-Centric MLS RHEL • Labeling Parts Summary Definition of Security Labeling Sensivity Levels Compartments S15 C0 Used to be special, unused today. S14 C1 Look Down/Pull Up for UNCLASSIFIED/ITAR S13 C2 S12 C3 S11 TS SCI Compartment C4 S10 TS SCI ST C5 S9 C9-C99 Reserved for DoD and Coalition countries. S8 S7 DoD TS/SAP/SAR C100-C200 DoD S, DoD TS SAP/SAR caveats S6 DoD TS C201-C299 SCI RV World Caveats S5 DoD S/SAP/SAR C300-C399 C300-C350 for Coalition Share Points or Bi- and Tri- Lateral sharing, e.g. NATO, SEATO, etc. S4 DoD S C400-C499 S3 C500-C599 Compartmented Caveats S2 C600-C699 S1 Unclassified C700-C799 S0 Special Unclassified C800-C899 C900-C999 C1000-C1023
CSCF UNCLASSIFIED UNCLASSIFIED5 Data-Centric MLS RHEL • Security Labels Sensitvity Compartments UNCLASSIFIED S1 UNCLASSIFIED/ITAR S1 C1 Using DAC owned by Admin to separate ITAR projects DoD NF USA OTC 1 OTC 2 OTC 3 OTC 4 DoD S S4 C1,C9.C99 C9 C10 C11 C12 C13 DoD TS S6 C1,C9.C99 C9 C10 C11 C12 C13 Bi- and Tri- lateralagreements, separate logins labels add C300-C399 where C3xy lables are associated with agreements. Gov/CSCF N World D WRLD A D WRLD B D WRLD C D WRLD D D WRLD E DoD S/SAP/SAR S5 C1,Cy C1,C9.C99,C101,C103.C199 C1,C9.C99,C102 C1,C9.C99,C103 C1,C9.C99,C104 C1,C9.C99,C105 C1,C9.C99,C106 C1,C9.C99,C107 DoD TS/SAP/SAR S7 C1,Cy C1,C9.C99,C101,C103.C199 SCI NF REL FVEY USA OTC 1 OTC 2 OTC 3 OTC 4 TS SCI S10 C1,C9.C99 C9.C13 C9.C13 C9.C13 C9.C13 C9.C13 C9.C13 T Type K Type R Type ? Type TS SCI RV World S10 C1,Cy C1,C9.C99,C201 C1,C9.C99,C202 C1,C9.C99,C203 C1,C9.C99,C204 Hallway R World T World B World ? World Fusion Program TS SCI Compartment S11 C1,C9.C99,Cy C1,C9.C99,C500.C503 C1,C9.C99,C501 C1,C9.C99,C502 C1,C9.C99,C503 C1,C9.C99,C? C1,C9.C99,C500.C502,C504,Cy y=201-299
CSCF UNCLASSIFIED UNCLASSIFIED6 Government Application U TS SS TS Analyst Workstations Non-MLS Operating Picture HPC Servers and Storage TS S U TS S U MLS Operating Picture MLS Analyst Workstation Department or HPC Server Secure Data Appliance Consolidates hardware and enables analyst driven data fusion
CSCF UNCLASSIFIED UNCLASSIFIED7 Commercial Application Retail Store Credit Card Processing, PII, Approvals “Bad Guy” Egress Point Pre-MLS System Configuration Internet Network Access Table (assumes firewalls in place) - Unencrypted - Encrypted
CSCF UNCLASSIFIED UNCLASSIFIED8 Commercial Application Retail Store Credit Card Processing PoS Interactions S2 S3 MLS System Configuration S1 Store 1 Apps Store 2 Apps M L S D a t a b a s e Credit Card 1 Apps Credit Card 2 Apps S4 Other Company Processing Inventory, etc. Apps Internet Network Access Table (assumes firewalls in place) - Unencrypted - Encrypted RHEL MLS Configuration Benefits - RBAC – limits insider threat - MLS – isolates functions to limit damage - Encryption – eliminates egress points for Trojans
CSCF UNCLASSIFIED UNCLASSIFIED9 Historical Perspective • The CSCF program leverages data-centric MLS OS configurations for the last 20+ years – Minimize hardware, licensing, OS configuration, manpower costs – Maximize flexibility, data fusion, system utilization • MLS requires a full ecosystem to be truly useful – OS configuration – Resource management – Direct and Network attached storage • Including long haul data sharing – System Monitoring including audit reduction – Databases
CSCF UNCLASSIFIED UNCLASSIFIED10 MLS Partners Current Capabilities • LMC/CSCF/WF • Red Hat • Altair • Seagate/Xyratex • Mellanox • ViON • Bay Microsystems • SGI • Cray • DoE LANL • DoD HPCMO • Splunk Current Capabilities • Crunchy Data Systems • Filius – RPI Consulting – CSC
CSCF UNCLASSIFIED UNCLASSIFIED11 CSCF Capabilities and Path Forward • ICD 503 Certification for Ecosystem – Running at CSCF in operations – Classified tours and demonstrations available • System configurations – Single System Image RHEL 6.5+ under ICD 503 – Cluster Configuration RHEL 6.5+ under IATT • Direct attached RAID – Under xfs, EXTx, (others also handle MAC) is ICD 503 certified • Configuration Management – SCAP through open source • OVAL will be added for mitigation after training – Subversion • Privileged User Guide (PUG) • Specialized scripting
CSCF UNCLASSIFIED UNCLASSIFIED12 LMC Capabilities and Path Forward • Configuration Objective – Provide SCAP profile, SVN repositories, and PUG to allow easy build a unclassified CSCF configurations • Support vendor unclassified debugging CSCF problems • Support new government customer interest in MLS to consolidate rather than duplicate • MLS Ecosystem Objective – Provide MLS capable versions of software capabilities integrated with the MLS RHEL configuration to solve complex system configuration and support problems • Unified Cross Domain Services Management Office (UCDSMO) Engagement – LMC/CSCF will be coordinating POC: Joe Swartz, joseph.h.swartz@lmco.com
CSCF UNCLASSIFIED UNCLASSIFIED13 Red Hat • Red Hat has worked closely with CSCF to ensure that all capabilities included in the RHEL product – Fixed SELinux and MLS policy issues as identified – Added new or modified capabilities as requested – Supported documentation – Supported Government security meetings as needed – Fully supported other vendors as they created MLS capable versions of their software packages • Outreach – Red Hat has fully participated in CSCF MLS outreach efforts – Red Hat has directed potential customers to CSCF POC: Shawn Wells, sdw@redhat.com
CSCF UNCLASSIFIED UNCLASSIFIED14 Altair • PBS Professional Resource Management – Queuing system with many tuning parameters – Queuing management allowing minimum wait time, maximize system utilization – Multi-system management and queue sharing – Remote job submittals – MLS capable • Branch until 4th quarter 2015 • Installed on all CSCF MLS HPC and Utility systems POC: Kirk Monroe, kmonroe@altair.com
CSCF UNCLASSIFIED UNCLASSIFIED15 Seagate/Xyratex • Created MLS Lustre file system • Integrated into their MLS Secure Data Appliance (SDA) – Based on ClusterStor product – Uses CSCF MLS RHEL OS baseline – Extensible to multi-petabytes per rack • Hadoop – Demonstrating capability October 2014 – Showing 30% faster response over non-Lustre configurations • ICD 503 certified • Two systems in place at CSCF – Centralizing user home directories and large R&D data sets • Customer SE Support – Multiple customers POC: Bill Downer, bill.downer@seagate.com
CSCF UNCLASSIFIED UNCLASSIFIED16 Filius, RPI Consulting, CSC • LMC working with Filius and RPI Consulting to build and provide the following training courses: – RHEL MLS Installation, configuration, and testing • First class in July is complete • Additional classes planned for later this year – RHEL MLS Configuration Administration • Course outline and materials complete • First class TBD – RHEL MLS Security Accreditation and Administration • Course outline complete, materials in progress • First class TBD – MLS Aware Database Installation and Use • Course outline complete • First class TBD POC: John Gulick, jg@filius.us
CSCF UNCLASSIFIED UNCLASSIFIED17 Bay Microsystems • Global high-performance Fabric Extension – Including Long-haul InfiniBand (IB) and RDMA – Global clustering of CloudStor data centers – Sharing MLS SDA CloudStor data to all local & remote systems – Demonstrations • Full motion video stream via Pixia from MLS SDA to work station – Simulating east coast to west coast • Data sharing for home directories and work directories • Supporting both SC14 and GEOINT MLS demonstrations • CSCF in process of installing capability 2,798.33 min 6,898.33 min 14.18 min 15.50 min 46.63 hours 116.63 hours POC: Gerry Jankauskas, gerry@baymicrosystems.com
CSCF UNCLASSIFIED UNCLASSIFIED18 Mellanox • Native MLS extended attributes in IB protocol – Beta demonstration in September 2015 – Final capability at SC15 mid-November 2015 • Cluster configuration implications – MLS cluster configurations become much easier • No need for TCP/IP over IB to carry MLS labels POC: Alex Neefus, alex@mellanoxfederal.com
CSCF UNCLASSIFIED UNCLASSIFIED19 Splunk • System monitoring and audit reduction • Splunk came SELinux compliant • Provides – Centralized monitoring capabilities – SELinux audit log reduction and warning capabilities • Worked straight out of the box – CSCF evaluating multiple other plug in capabilities POC: Katy and Pam, team@splunk.com
CSCF UNCLASSIFIED UNCLASSIFIED20 Crunchy Data Systems • Postgres expert company serving DoD / IC with Committer and Major Contributors to Postgres Project on team • Developing Postgres Security Enhancements (Row Level Security, fine grain permissions and auditing) with open source community under IC community contract • Developing implementation of Postgres using RLS to integrate with SELinux to meet MLS requirements • Demonstrations – Working with ViON and Seagate re JCDX capability – Working with ViON re Enterprise Challenge 2015 (EC15) capability – Working with CSCF to demonstration MLS database for use with 3- 4 CSCF user groups POC: Bob Laurence, bob.Laurence@crunchydatasolutions.com
CSCF UNCLASSIFIED UNCLASSIFIED21 ViON • Providing customer integration support for demonstrations – Enterprise Challenge 2015 • LOE leading up to EC 15 – MLS Postgres • Supporting AF, Navy, and other customers • Customer SE support – Multiple AF projects – Multiple NGA projects – Multiple IC customers – Multiple Army customers – Reseller for Xyratex/Seagate SDA at CSCF and cleared engineering support POC: Mike Meister, mike.meister@vion.com
CSCF UNCLASSIFIED UNCLASSIFIED22 SGI • Supported Single System Image development and ICD 503 certification – Working to get MLS Message Passing Toolkit (MPT) working • Will reduce MPI communications overhead by at least 10% • Demonstrations – Working to support SC14 MLS demonstration – Planning to support GEOINT demonstration • Eight systems installed at CSCF POC: Mark Carhart, mcarhart@sgi.com
CSCF UNCLASSIFIED UNCLASSIFIED23 Cray • Supporting development of MLS RHEL Cluster configuration – Basic configuration complete including PBS Pro and direct attached storage – Installing Seagate/Xyratex SDA for integration verification – Proceeding with security hardening and testing • Demonstrations – Supporting DoD Mod Office demonstration – Planning to participate in GEOINT MLS demonstration POC: Louis Hackerman, lhackerman@cray.com
CSCF UNCLASSIFIED UNCLASSIFIED24 DoE LANL • Working with CSCF to deploy MLS cluster configuration – IC support area • Working to deploy MLS configurations for Q level processing – Consolidate section servers – About 30k cores • Procured MLS SDA ClusterStor for evaluation – CSCF providing system MLS configurations POC: Gary Grider, ggrider@lanl.gov
CSCF UNCLASSIFIED UNCLASSIFIED25 DoD HPCMO • Planning a MLS Cluster configuration based on CSCF configuration – Including direct attached and MLS SDA ClusterStor demo – Testing and evaluation for software products not already tested at CSCF completed – Evaluating additional options to configure current systems with the MLS capability POC: Jeff Gosciniak, jeffrey.j.gosciniak@lmco.com
CSCF UNCLASSIFIED UNCLASSIFIED26 Questions?

Empfohlen

PBS and Scheduling at NCI: The past, present and future
PBS and Scheduling at NCI: The past, present and futurePBS and Scheduling at NCI: The past, present and future
PBS and Scheduling at NCI: The past, present and future
inside-BigData.com
 
Lessons learned from scaling YARN to 40K machines in a multi tenancy environment
Lessons learned from scaling YARN to 40K machines in a multi tenancy environmentLessons learned from scaling YARN to 40K machines in a multi tenancy environment
Lessons learned from scaling YARN to 40K machines in a multi tenancy environment
DataWorks Summit
 
ONS Summit 2017 SKT TINA
ONS Summit 2017 SKT TINAONS Summit 2017 SKT TINA
ONS Summit 2017 SKT TINA
Junho Suh
 
Hadoop engineering bo_f_final
Hadoop engineering bo_f_finalHadoop engineering bo_f_final
Hadoop engineering bo_f_final
Ramya Sunil
 
Planning your OpenStack PoC
Planning your OpenStack PoCPlanning your OpenStack PoC
Planning your OpenStack PoC
openstackstl
 
HDFS Selective Wire Encryption
HDFS Selective Wire EncryptionHDFS Selective Wire Encryption
HDFS Selective Wire Encryption
Konstantin V. Shvachko
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
Shannon McFarland
 
Active Data Guard @CERN on UKOUG 2012
Active Data Guard @CERN on UKOUG 2012Active Data Guard @CERN on UKOUG 2012
Active Data Guard @CERN on UKOUG 2012
Marcin Blaszczyk
 

Empfohlen

PBS and Scheduling at NCI: The past, present and future
PBS and Scheduling at NCI: The past, present and futurePBS and Scheduling at NCI: The past, present and future
PBS and Scheduling at NCI: The past, present and future
inside-BigData.com
 
Lessons learned from scaling YARN to 40K machines in a multi tenancy environment
Lessons learned from scaling YARN to 40K machines in a multi tenancy environmentLessons learned from scaling YARN to 40K machines in a multi tenancy environment
Lessons learned from scaling YARN to 40K machines in a multi tenancy environment
DataWorks Summit
 
ONS Summit 2017 SKT TINA
ONS Summit 2017 SKT TINAONS Summit 2017 SKT TINA
ONS Summit 2017 SKT TINA
Junho Suh
 
Hadoop engineering bo_f_final
Hadoop engineering bo_f_finalHadoop engineering bo_f_final
Hadoop engineering bo_f_final
Ramya Sunil
 
Planning your OpenStack PoC
Planning your OpenStack PoCPlanning your OpenStack PoC
Planning your OpenStack PoC
openstackstl
 
HDFS Selective Wire Encryption
HDFS Selective Wire EncryptionHDFS Selective Wire Encryption
HDFS Selective Wire Encryption
Konstantin V. Shvachko
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
Shannon McFarland
 
Active Data Guard @CERN on UKOUG 2012
Active Data Guard @CERN on UKOUG 2012Active Data Guard @CERN on UKOUG 2012
Active Data Guard @CERN on UKOUG 2012
Marcin Blaszczyk
 
HadoopCon- Trend Micro SPN Hadoop Overview
HadoopCon- Trend Micro SPN Hadoop OverviewHadoopCon- Trend Micro SPN Hadoop Overview
HadoopCon- Trend Micro SPN Hadoop Overview
Yafang Chang
 
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Databricks
 
HPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 HighlightsHPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 Highlights
HPCC Systems
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
Nathan Handler
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
NETWAYS
 
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Amazon Web Services
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Nagios
 
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo VanzinSecuring Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Spark Summit
 
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
ScyllaDB
 
How netflix manages petabyte scale apache cassandra in the cloud
How netflix manages petabyte scale apache cassandra in the cloudHow netflix manages petabyte scale apache cassandra in the cloud
How netflix manages petabyte scale apache cassandra in the cloud
Vinay Kumar Chella
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
Brendan Gregg
 
RENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hair
RENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hairRENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hair
RENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hair
John Constable
 
Visualizing Kafka Security
Visualizing Kafka SecurityVisualizing Kafka Security
Visualizing Kafka Security
DataWorks Summit
 
Performance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla ClusterPerformance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla Cluster
ScyllaDB
 
Serverless and you - where do i run my stateless code
Serverless and you - where do i run my stateless codeServerless and you - where do i run my stateless code
Serverless and you - where do i run my stateless code
Gabriela Ferrara
 
YARN and the Docker container runtime
YARN and the Docker container runtimeYARN and the Docker container runtime
YARN and the Docker container runtime
DataWorks Summit/Hadoop Summit
 
Cooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython NotebookCooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython Notebook
DataWorks Summit/Hadoop Summit
 
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimHDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
Databricks
 
Supporting Over a Thousand Custom Hive User Defined Functions
Supporting Over a Thousand Custom Hive User Defined FunctionsSupporting Over a Thousand Custom Hive User Defined Functions
Supporting Over a Thousand Custom Hive User Defined Functions
Databricks
 
NoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RATNoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RAT
HenryBowers
 
SHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitySHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalability
nick_garrod
 
SHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitySHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalability
nick_garrod
 

Weitere ähnliche Inhalte

Was ist angesagt?

Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Databricks
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
Nathan Handler
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
NETWAYS
 
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Amazon Web Services
 
How netflix manages petabyte scale apache cassandra in the cloud
How netflix manages petabyte scale apache cassandra in the cloudHow netflix manages petabyte scale apache cassandra in the cloud
How netflix manages petabyte scale apache cassandra in the cloud
Vinay Kumar Chella
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
Brendan Gregg
 
Visualizing Kafka Security
Visualizing Kafka SecurityVisualizing Kafka Security
Visualizing Kafka Security
DataWorks Summit
 
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimHDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
Databricks
 
Supporting Over a Thousand Custom Hive User Defined Functions
Supporting Over a Thousand Custom Hive User Defined FunctionsSupporting Over a Thousand Custom Hive User Defined Functions
Supporting Over a Thousand Custom Hive User Defined Functions
Databricks
 

Was ist angesagt? (20)

HadoopCon- Trend Micro SPN Hadoop Overview
HadoopCon- Trend Micro SPN Hadoop OverviewHadoopCon- Trend Micro SPN Hadoop Overview
HadoopCon- Trend Micro SPN Hadoop Overview
 
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
 
HPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 HighlightsHPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 Highlights
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
 
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
 
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo VanzinSecuring Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
 
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
Scylla Summit 2016: Outbrain Case Study - Lowering Latency While Doing 20X IO...
 
How netflix manages petabyte scale apache cassandra in the cloud
How netflix manages petabyte scale apache cassandra in the cloudHow netflix manages petabyte scale apache cassandra in the cloud
How netflix manages petabyte scale apache cassandra in the cloud
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
 
RENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hair
RENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hairRENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hair
RENCI User Group Meeting 2017 - I Upgraded iRODS and I still have all my hair
 
Visualizing Kafka Security
Visualizing Kafka SecurityVisualizing Kafka Security
Visualizing Kafka Security
 
Performance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla ClusterPerformance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla Cluster
 
Serverless and you - where do i run my stateless code
Serverless and you - where do i run my stateless codeServerless and you - where do i run my stateless code
Serverless and you - where do i run my stateless code
 
YARN and the Docker container runtime
YARN and the Docker container runtimeYARN and the Docker container runtime
YARN and the Docker container runtime
 
Cooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython NotebookCooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython Notebook
 
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimHDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
 
Supporting Over a Thousand Custom Hive User Defined Functions
Supporting Over a Thousand Custom Hive User Defined FunctionsSupporting Over a Thousand Custom Hive User Defined Functions
Supporting Over a Thousand Custom Hive User Defined Functions
 
NoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RATNoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RAT
 

Ähnlich wie Data centric mls rhel ecosystem

1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...
Matthew Webster
 

Ähnlich wie Data centric mls rhel ecosystem (20)

SHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitySHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalability
 
SHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalabilitySHARE 2014, Pittsburgh CICS scalability
SHARE 2014, Pittsburgh CICS scalability
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
 
SDN and NFV
SDN and NFVSDN and NFV
SDN and NFV
 
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław BorekPLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
 
Cisco cloud computing deploying openstack
Cisco cloud computing deploying openstackCisco cloud computing deploying openstack
Cisco cloud computing deploying openstack
 
Resume
ResumeResume
Resume
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco
 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptx
 
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent RamièreAu delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
 
How to document campus IT infrastructures
How to document campus IT infrastructuresHow to document campus IT infrastructures
How to document campus IT infrastructures
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmat
 
Secure collab on premise
Secure collab on premiseSecure collab on premise
Secure collab on premise
 
VMware Log Insight
VMware Log Insight VMware Log Insight
VMware Log Insight
 
1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...1961 no rainclouds here! using cics platform and policies to keep your privat...
1961 no rainclouds here! using cics platform and policies to keep your privat...
 
Presentation cloud orchestration solution overview
Presentation cloud orchestration solution overviewPresentation cloud orchestration solution overview
Presentation cloud orchestration solution overview
 
Cisco deploying openstack with UCS
Cisco deploying openstack with UCSCisco deploying openstack with UCS
Cisco deploying openstack with UCS
 
LISA_Sol_Linux_Perf.ppt
LISA_Sol_Linux_Perf.pptLISA_Sol_Linux_Perf.ppt
LISA_Sol_Linux_Perf.ppt
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
 
SHARE 2015 SeattleShare cics ts 52 technical overview
SHARE 2015 SeattleShare cics ts 52 technical overviewSHARE 2015 SeattleShare cics ts 52 technical overview
SHARE 2015 SeattleShare cics ts 52 technical overview
 

Mehr von inside-BigData.com

Major Market Shifts in IT
Major Market Shifts in ITMajor Market Shifts in IT
Major Market Shifts in IT
inside-BigData.com
 
Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...
inside-BigData.com
 
Transforming Private 5G Networks
Transforming Private 5G NetworksTransforming Private 5G Networks
Transforming Private 5G Networks
inside-BigData.com
 
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
inside-BigData.com
 
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
inside-BigData.com
 
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
inside-BigData.com
 
HPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural NetworksHPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural Networks
inside-BigData.com
 
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean MonitoringBiohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
inside-BigData.com
 
Machine Learning for Weather Forecasts
Machine Learning for Weather ForecastsMachine Learning for Weather Forecasts
Machine Learning for Weather Forecasts
inside-BigData.com
 
HPC AI Advisory Council Update
HPC AI Advisory Council UpdateHPC AI Advisory Council Update
HPC AI Advisory Council Update
inside-BigData.com
 
Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19
inside-BigData.com
 
Energy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic TuningEnergy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic Tuning
inside-BigData.com
 
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPODHPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
inside-BigData.com
 
State of ARM-based HPC
State of ARM-based HPCState of ARM-based HPC
State of ARM-based HPC
inside-BigData.com
 
Versal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud AccelerationVersal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud Acceleration
inside-BigData.com
 
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance EfficientlyZettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
inside-BigData.com
 
Scaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's EraScaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's Era
inside-BigData.com
 
CUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computingCUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computing
inside-BigData.com
 
Introducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi ClusterIntroducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi Cluster
inside-BigData.com
 

Mehr von inside-BigData.com (20)

Major Market Shifts in IT
Major Market Shifts in ITMajor Market Shifts in IT
Major Market Shifts in IT
 
Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...
 
Transforming Private 5G Networks
Transforming Private 5G NetworksTransforming Private 5G Networks
Transforming Private 5G Networks
 
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
 
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
 
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
 
HPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural NetworksHPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural Networks
 
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean MonitoringBiohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
 
Machine Learning for Weather Forecasts
Machine Learning for Weather ForecastsMachine Learning for Weather Forecasts
Machine Learning for Weather Forecasts
 
HPC AI Advisory Council Update
HPC AI Advisory Council UpdateHPC AI Advisory Council Update
HPC AI Advisory Council Update
 
Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19
 
Energy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic TuningEnergy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic Tuning
 
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPODHPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
 
State of ARM-based HPC
State of ARM-based HPCState of ARM-based HPC
State of ARM-based HPC
 
Versal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud AccelerationVersal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud Acceleration
 
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance EfficientlyZettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
 
Scaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's EraScaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's Era
 
CUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computingCUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computing
 
Introducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi ClusterIntroducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi Cluster
 
Overview of HPC Interconnects
Overview of HPC InterconnectsOverview of HPC Interconnects
Overview of HPC Interconnects
 

Kürzlich hochgeladen

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Data centric mls rhel ecosystem

  • 1. CSCF UNCLASSIFIED UNCLASSIFIED © 2015 Lockheed Martin Corporation. All Rights Reserved. Data Centric MLS RHEL Ecosystem Sarah Storms Altair PBS User Group 201509
  • 2. CSCF UNCLASSIFIED UNCLASSIFIED2 Agenda • Data-centric MLS RHEL • Historical Perspective • Ecosystem Description
  • 3. CSCF UNCLASSIFIED UNCLASSIFIED3 Data-Centric MLS RHEL • In a sentence: – Data, processes, users, etc. are given a security label commensurate with their security level • Security Label Application – Networks • Data and users arriving on a particular network are labeled at the level of the network – Users • Users are labeled based on the network they are arriving on • Some exceptions allowed for compartments – Data, Objects and Processes • Data, objects, and processes are labeled based on the security label of the user or process that created them
  • 4. CSCF UNCLASSIFIED UNCLASSIFIED4 Data-Centric MLS RHEL • Labeling Parts Summary Definition of Security Labeling Sensivity Levels Compartments S15 C0 Used to be special, unused today. S14 C1 Look Down/Pull Up for UNCLASSIFIED/ITAR S13 C2 S12 C3 S11 TS SCI Compartment C4 S10 TS SCI ST C5 S9 C9-C99 Reserved for DoD and Coalition countries. S8 S7 DoD TS/SAP/SAR C100-C200 DoD S, DoD TS SAP/SAR caveats S6 DoD TS C201-C299 SCI RV World Caveats S5 DoD S/SAP/SAR C300-C399 C300-C350 for Coalition Share Points or Bi- and Tri- Lateral sharing, e.g. NATO, SEATO, etc. S4 DoD S C400-C499 S3 C500-C599 Compartmented Caveats S2 C600-C699 S1 Unclassified C700-C799 S0 Special Unclassified C800-C899 C900-C999 C1000-C1023
  • 5. CSCF UNCLASSIFIED UNCLASSIFIED5 Data-Centric MLS RHEL • Security Labels Sensitvity Compartments UNCLASSIFIED S1 UNCLASSIFIED/ITAR S1 C1 Using DAC owned by Admin to separate ITAR projects DoD NF USA OTC 1 OTC 2 OTC 3 OTC 4 DoD S S4 C1,C9.C99 C9 C10 C11 C12 C13 DoD TS S6 C1,C9.C99 C9 C10 C11 C12 C13 Bi- and Tri- lateralagreements, separate logins labels add C300-C399 where C3xy lables are associated with agreements. Gov/CSCF N World D WRLD A D WRLD B D WRLD C D WRLD D D WRLD E DoD S/SAP/SAR S5 C1,Cy C1,C9.C99,C101,C103.C199 C1,C9.C99,C102 C1,C9.C99,C103 C1,C9.C99,C104 C1,C9.C99,C105 C1,C9.C99,C106 C1,C9.C99,C107 DoD TS/SAP/SAR S7 C1,Cy C1,C9.C99,C101,C103.C199 SCI NF REL FVEY USA OTC 1 OTC 2 OTC 3 OTC 4 TS SCI S10 C1,C9.C99 C9.C13 C9.C13 C9.C13 C9.C13 C9.C13 C9.C13 T Type K Type R Type ? Type TS SCI RV World S10 C1,Cy C1,C9.C99,C201 C1,C9.C99,C202 C1,C9.C99,C203 C1,C9.C99,C204 Hallway R World T World B World ? World Fusion Program TS SCI Compartment S11 C1,C9.C99,Cy C1,C9.C99,C500.C503 C1,C9.C99,C501 C1,C9.C99,C502 C1,C9.C99,C503 C1,C9.C99,C? C1,C9.C99,C500.C502,C504,Cy y=201-299
  • 6. CSCF UNCLASSIFIED UNCLASSIFIED6 Government Application U TS SS TS Analyst Workstations Non-MLS Operating Picture HPC Servers and Storage TS S U TS S U MLS Operating Picture MLS Analyst Workstation Department or HPC Server Secure Data Appliance Consolidates hardware and enables analyst driven data fusion
  • 7. CSCF UNCLASSIFIED UNCLASSIFIED7 Commercial Application Retail Store Credit Card Processing, PII, Approvals “Bad Guy” Egress Point Pre-MLS System Configuration Internet Network Access Table (assumes firewalls in place) - Unencrypted - Encrypted
  • 8. CSCF UNCLASSIFIED UNCLASSIFIED8 Commercial Application Retail Store Credit Card Processing PoS Interactions S2 S3 MLS System Configuration S1 Store 1 Apps Store 2 Apps M L S D a t a b a s e Credit Card 1 Apps Credit Card 2 Apps S4 Other Company Processing Inventory, etc. Apps Internet Network Access Table (assumes firewalls in place) - Unencrypted - Encrypted RHEL MLS Configuration Benefits - RBAC – limits insider threat - MLS – isolates functions to limit damage - Encryption – eliminates egress points for Trojans
  • 9. CSCF UNCLASSIFIED UNCLASSIFIED9 Historical Perspective • The CSCF program leverages data-centric MLS OS configurations for the last 20+ years – Minimize hardware, licensing, OS configuration, manpower costs – Maximize flexibility, data fusion, system utilization • MLS requires a full ecosystem to be truly useful – OS configuration – Resource management – Direct and Network attached storage • Including long haul data sharing – System Monitoring including audit reduction – Databases
  • 10. CSCF UNCLASSIFIED UNCLASSIFIED10 MLS Partners Current Capabilities • LMC/CSCF/WF • Red Hat • Altair • Seagate/Xyratex • Mellanox • ViON • Bay Microsystems • SGI • Cray • DoE LANL • DoD HPCMO • Splunk Current Capabilities • Crunchy Data Systems • Filius – RPI Consulting – CSC
  • 11. CSCF UNCLASSIFIED UNCLASSIFIED11 CSCF Capabilities and Path Forward • ICD 503 Certification for Ecosystem – Running at CSCF in operations – Classified tours and demonstrations available • System configurations – Single System Image RHEL 6.5+ under ICD 503 – Cluster Configuration RHEL 6.5+ under IATT • Direct attached RAID – Under xfs, EXTx, (others also handle MAC) is ICD 503 certified • Configuration Management – SCAP through open source • OVAL will be added for mitigation after training – Subversion • Privileged User Guide (PUG) • Specialized scripting
  • 12. CSCF UNCLASSIFIED UNCLASSIFIED12 LMC Capabilities and Path Forward • Configuration Objective – Provide SCAP profile, SVN repositories, and PUG to allow easy build a unclassified CSCF configurations • Support vendor unclassified debugging CSCF problems • Support new government customer interest in MLS to consolidate rather than duplicate • MLS Ecosystem Objective – Provide MLS capable versions of software capabilities integrated with the MLS RHEL configuration to solve complex system configuration and support problems • Unified Cross Domain Services Management Office (UCDSMO) Engagement – LMC/CSCF will be coordinating POC: Joe Swartz, joseph.h.swartz@lmco.com
  • 13. CSCF UNCLASSIFIED UNCLASSIFIED13 Red Hat • Red Hat has worked closely with CSCF to ensure that all capabilities included in the RHEL product – Fixed SELinux and MLS policy issues as identified – Added new or modified capabilities as requested – Supported documentation – Supported Government security meetings as needed – Fully supported other vendors as they created MLS capable versions of their software packages • Outreach – Red Hat has fully participated in CSCF MLS outreach efforts – Red Hat has directed potential customers to CSCF POC: Shawn Wells, sdw@redhat.com
  • 14. CSCF UNCLASSIFIED UNCLASSIFIED14 Altair • PBS Professional Resource Management – Queuing system with many tuning parameters – Queuing management allowing minimum wait time, maximize system utilization – Multi-system management and queue sharing – Remote job submittals – MLS capable • Branch until 4th quarter 2015 • Installed on all CSCF MLS HPC and Utility systems POC: Kirk Monroe, kmonroe@altair.com
  • 15. CSCF UNCLASSIFIED UNCLASSIFIED15 Seagate/Xyratex • Created MLS Lustre file system • Integrated into their MLS Secure Data Appliance (SDA) – Based on ClusterStor product – Uses CSCF MLS RHEL OS baseline – Extensible to multi-petabytes per rack • Hadoop – Demonstrating capability October 2014 – Showing 30% faster response over non-Lustre configurations • ICD 503 certified • Two systems in place at CSCF – Centralizing user home directories and large R&D data sets • Customer SE Support – Multiple customers POC: Bill Downer, bill.downer@seagate.com
  • 16. CSCF UNCLASSIFIED UNCLASSIFIED16 Filius, RPI Consulting, CSC • LMC working with Filius and RPI Consulting to build and provide the following training courses: – RHEL MLS Installation, configuration, and testing • First class in July is complete • Additional classes planned for later this year – RHEL MLS Configuration Administration • Course outline and materials complete • First class TBD – RHEL MLS Security Accreditation and Administration • Course outline complete, materials in progress • First class TBD – MLS Aware Database Installation and Use • Course outline complete • First class TBD POC: John Gulick, jg@filius.us
  • 17. CSCF UNCLASSIFIED UNCLASSIFIED17 Bay Microsystems • Global high-performance Fabric Extension – Including Long-haul InfiniBand (IB) and RDMA – Global clustering of CloudStor data centers – Sharing MLS SDA CloudStor data to all local & remote systems – Demonstrations • Full motion video stream via Pixia from MLS SDA to work station – Simulating east coast to west coast • Data sharing for home directories and work directories • Supporting both SC14 and GEOINT MLS demonstrations • CSCF in process of installing capability 2,798.33 min 6,898.33 min 14.18 min 15.50 min 46.63 hours 116.63 hours POC: Gerry Jankauskas, gerry@baymicrosystems.com
  • 18. CSCF UNCLASSIFIED UNCLASSIFIED18 Mellanox • Native MLS extended attributes in IB protocol – Beta demonstration in September 2015 – Final capability at SC15 mid-November 2015 • Cluster configuration implications – MLS cluster configurations become much easier • No need for TCP/IP over IB to carry MLS labels POC: Alex Neefus, alex@mellanoxfederal.com
  • 19. CSCF UNCLASSIFIED UNCLASSIFIED19 Splunk • System monitoring and audit reduction • Splunk came SELinux compliant • Provides – Centralized monitoring capabilities – SELinux audit log reduction and warning capabilities • Worked straight out of the box – CSCF evaluating multiple other plug in capabilities POC: Katy and Pam, team@splunk.com
  • 20. CSCF UNCLASSIFIED UNCLASSIFIED20 Crunchy Data Systems • Postgres expert company serving DoD / IC with Committer and Major Contributors to Postgres Project on team • Developing Postgres Security Enhancements (Row Level Security, fine grain permissions and auditing) with open source community under IC community contract • Developing implementation of Postgres using RLS to integrate with SELinux to meet MLS requirements • Demonstrations – Working with ViON and Seagate re JCDX capability – Working with ViON re Enterprise Challenge 2015 (EC15) capability – Working with CSCF to demonstration MLS database for use with 3- 4 CSCF user groups POC: Bob Laurence, bob.Laurence@crunchydatasolutions.com
  • 21. CSCF UNCLASSIFIED UNCLASSIFIED21 ViON • Providing customer integration support for demonstrations – Enterprise Challenge 2015 • LOE leading up to EC 15 – MLS Postgres • Supporting AF, Navy, and other customers • Customer SE support – Multiple AF projects – Multiple NGA projects – Multiple IC customers – Multiple Army customers – Reseller for Xyratex/Seagate SDA at CSCF and cleared engineering support POC: Mike Meister, mike.meister@vion.com
  • 22. CSCF UNCLASSIFIED UNCLASSIFIED22 SGI • Supported Single System Image development and ICD 503 certification – Working to get MLS Message Passing Toolkit (MPT) working • Will reduce MPI communications overhead by at least 10% • Demonstrations – Working to support SC14 MLS demonstration – Planning to support GEOINT demonstration • Eight systems installed at CSCF POC: Mark Carhart, mcarhart@sgi.com
  • 23. CSCF UNCLASSIFIED UNCLASSIFIED23 Cray • Supporting development of MLS RHEL Cluster configuration – Basic configuration complete including PBS Pro and direct attached storage – Installing Seagate/Xyratex SDA for integration verification – Proceeding with security hardening and testing • Demonstrations – Supporting DoD Mod Office demonstration – Planning to participate in GEOINT MLS demonstration POC: Louis Hackerman, lhackerman@cray.com
  • 24. CSCF UNCLASSIFIED UNCLASSIFIED24 DoE LANL • Working with CSCF to deploy MLS cluster configuration – IC support area • Working to deploy MLS configurations for Q level processing – Consolidate section servers – About 30k cores • Procured MLS SDA ClusterStor for evaluation – CSCF providing system MLS configurations POC: Gary Grider, ggrider@lanl.gov
  • 25. CSCF UNCLASSIFIED UNCLASSIFIED25 DoD HPCMO • Planning a MLS Cluster configuration based on CSCF configuration – Including direct attached and MLS SDA ClusterStor demo – Testing and evaluation for software products not already tested at CSCF completed – Evaluating additional options to configure current systems with the MLS capability POC: Jeff Gosciniak, jeffrey.j.gosciniak@lmco.com