SlideShare ist ein Scribd-Unternehmen logo

Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds

Joel W. King
Joel W. King

Network analytics provides insight to the traffic flow between applications and endpoints. Telemetry data is streamed in real-time from software sensors and network devices to big-data clusters. Implementing the policy to create a whitelist-based segmentation and zero-trust model requires automation when dealing with tens of thousands of workloads and complex rules. This session examines how Cisco Tetration Analytics provides an accurate inventory of devices, software packages and version information to detect software vulnerabilities and implement a zero-trust policy model on network fabrics, firewalls and application delivery controllers.

Technologie
1 von 31
Downloaden Sie, um offline zu lesen
AUSTIN 2018 Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds
Network analytics provides insight to the traffic flow between applications and endpoints. Telemetry data is streamed in real-time from software sensors and network devices to big-data clusters. Implementing the policy to create a whitelist-based segmentation and zero-trust model requires automation when dealing with tens of thousands of workloads and complex rules. This session examines how Cisco Tetration Analytics provides an accurate inventory of devices, software packages and version information to detect software vulnerabilities and implement a zero-trust policy model on network fabrics, firewalls and application delivery controllers. Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds
o How did I get started using Ansible? Wrote NX-API module for Cisco Nexus switches o How long? Since January 2015 o Favorite thing to do with Ansible? Mentor network engineers on infrastructure programmability
o Joel W. King Principal Architect World Wide Technology Research Triangle Park, NC o Experience AMP Incorporated, Network Architect Cisco, Cisco Validated Designs (CVDs) NetApp, Big Data: Video Surveillance Storage o Facts and Contact Info CCIE 1846 (ret.) 2016 Phantom Cyber Hall of Fame linkedin.com/in/programmablenetworks @joelwking joel.king@wwt.com DevNet Create 2018
Deploy Sensors Dynamic Inventory Tetration Network Policy Publisher Resources
SHARE ACT TRACE HUNT BEHAVIORS THREATS TRIAGE DETECTION TELEMETRY INVENTORY Can you collaborate with trusted partners to disrupt adversary campaigns? Can you deploy proven countermeasures to evict and recover? During an intrusion, can you observe adversary activity in real time? Can you detect an adversary that is already embedded? Can you detect adversary activity within your environment? Who are your adversaries? What are their capabilities? Can you accurately classify detection results? Can you detect unauthorized activity? Do you have visibility across your assets? Can you name the assets you are defending? What is it doing? Should it? What’s on my network?
Automated whitelist policy Zero-trust, application segmentation Cisco Tetration Analytics​ Illumio​ VMware vRNI
telemetry agent installation 1 2 3 inventory policy enforcement iptables | firewall publisher kafka INVENTORY NETWORK DEVICES
Data Collection Layer Cisco Tetration Analytics™ NETWORKING [TELEMETRY ONLY] Data Consumption Layer REST API KAFKA MESSAGE BUS
o Deploy Software Sensors setup_tetration_sensor.yml o Dynamic Inventory inventory/sensors.py o Network Policy Publisher library/tetration_network_policy.py PLUGINS MODULES ANSIBLE PLAYBOOK DATA REST API https://github.com/joelwking/ansible-tetration
Deploy Sensors
Data Collection Layer Cisco Tetration Analytics™ 39-RU 8-RU SaaS 25,000 | 5,000 | 1,000 NETWORK INFRASTRUCTURE NetFlow | ERSPAN VM Appliance COMPUTE or virtual appliance
o Extensive matrix of Windows | Unix | Linux o Package and version dependencies e.g. rpm (even in Ubuntu/Debian) o Different agent RPMs for … o Agent type, e.g. enforcement, visibility o Target system, e.g. CentOS 6.0 vs 7.0 o Latest version covers 34 RPMs o Agent downloaded from GUI
o Rather than PDF … o ./setup_tetration_sensor.yml [administrator@centos-ansible-1 ~]$ uname Linux [administrator@centos-ansible-1 ~]$ -r -bash: -r: command not found [administrator@centos-ansible-1 ~]$ uname -r 3.10.0-862.el7.x86_64 command: uname -r value: 3.10.0-862.el7.x86_64 command: cat /etc/shells value: /bin/sh command: dmidecode -V value: 3.0 command: openssl version -a value: OpenSSL 1.0.2k-fips command: cpio --version value: cpio (GNU cpio) 2.11 command: sed --version value: sed (GNU sed) 4.2.2 command: awk --version value: GNU Awk 4.0.2 command: flock -V value: flock from util-linux 2.23.2 command: iptables --version value: iptables v1.4.21 command: ipset --version value: ipset v6.29, ansible-tetration/setup_tetration_sensor.yml
Dynamic Inventory
ANSIBLE AUTOMATION ENGINE CMDB INVENTORY HOSTS NETWORK DEVICES PLUGINS CLI MODULES PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CORE NETWORK COMMUNITY ANSIBLE PLAYBOOK
ANSIBLE AUTOMATION ENGINE CMDB INVENTORY HOSTS NETWORK DEVICES PLUGINS CLI MODULES PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CORE NETWORK COMMUNITY NOW.PY EC2.PY VMWARE_FACTS ANSIBLE PLAYBOOK
ANSIBLE AUTOMATION ENGINE CMDB INVENTORY HOSTS NETWORK DEVICES PLUGINS CLI MODULES PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CORE NETWORK COMMUNITY NOW.PY EC2.PY VMWARE_FACTS ANSIBLE PLAYBOOK Cisco Tetration Analytics™ SENSORS.PY ansible-tetration/inventory/sensors.py
$ ansible-inventory --host centos-ansible-1 -i ./inventory/sensors.py { "agent_type": "ENFORCER", "auto_upgrade_opt_out": false, "cpu_quota_mode": 1, "cpu_quota_usec": 30000, "current_sw_version": "2.3.1.41-1-enforcer", "data_plane_disabled": false, "enable_forensics": false, "enable_pid_lookup": false, "host_name": "centos-ansible-1", "interfaces": [ { "family_type": "IPV4", "ip": "10.255.40.139", "mac": "00:50:56:b9:62:58", "name": "ens160", "netmask": "255.255.255.0", "vrf": "Default", "vrf_id": 1 }, [snip] ], "last_config_fetch_at": 1537905092, "last_software_update_at": 1535054507, "platform": "CentOS-7.5", "uuid": "965e77504bf605d62c575231fa3d56463aed38bf" } ansible-inventory --host centos-ansible-1 -i ./inventory/sensors.py
Tetration Network Policy Publisher
3policy enforcement iptables | firewall publisher kafka NETWORK DEVICES INFRASTRUCTURE
DevNet Create 2018 Export whitelist policy GUI SAVE AS [ JSON, XML or YAML ] https://github.com/joelwking/ansible-aci/blob/master/aci_contracts_filters.yml No SQL ANSIBLE PLAYBOOK CISCO ACI NETWORK MODULES python
Network Policy Publisher ANSIBLE PLAYBOOK aci_create_filters.yml BROKER message publisher policy subscription MODULES tetration_network_policy.py Alerts every minute for enforcement Released in 2.3.1.41 April 2018
- name: Tetration Network Policy tetration_network_policy: broker: "192.0.2.1:9093" topic: "Tnp-2" cert_directory: "{{ playbook_dir }}/files/certificates/producer-tnp-2.cert/" https://github.com/joelwking/ansible-tetration/blob/master/aci_create_filters.yml 226
UPDATE_START UPDATE UPDATE_END Tetration Network Policy Kafka message(s) topic partition offset key value Google Protocol Buffer Network Policy Network Policy len( value ) == 8
o AnsibleFest 2018: Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds https://github.com/joelwking/ansible-tetration o DevNetCreate 2018: Applying a whitelist policy generated by Cisco Tetration to an ACI network fabric. https://www.wwt.com/all-blog/devnet-create-2018/ o Cisco Tetration Light-board: Cloud Workload Protection https://youtu.be/Hd56GVVr_AE o WWT AnsibleFest https://www.wwt.com/event/ansiblefest/
David Goeckler, EVP / GM of Cisco's Networking and Security … turning the whole network into essentially a big software system where you define your policy in one place … That policy gets translated into what you want the network to do, and then you have an automation layer that activates all of those changes across your network fabric. https://www.networkworld.com/article/3280959/lan-wan/cisco-s-david-goeckeler-talks-security-networking-software-and-sd-wan-outlook.html
Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds

Empfohlen

World Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking WorkshopWorld Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking WorkshopJoel W. King
 
Enabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleEnabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleJoel W. King
 
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...Joel W. King
 
Integrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementIntegrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementJoel W. King
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
Under the Hood
Under the HoodUnder the Hood
Under the HoodJoel W. King
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
 
Goodbye CLI, hello API: Leveraging network programmability in security incid...
Goodbye CLI, hello API: Leveraging network programmability in security incid...Goodbye CLI, hello API: Leveraging network programmability in security incid...
Goodbye CLI, hello API: Leveraging network programmability in security incid...Joel W. King
 

Empfohlen

World Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking WorkshopWorld Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking WorkshopJoel W. King
 
Enabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleEnabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleJoel W. King
 
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...Joel W. King
 
Integrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementIntegrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementJoel W. King
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
Under the Hood
Under the HoodUnder the Hood
Under the HoodJoel W. King
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
 
Goodbye CLI, hello API: Leveraging network programmability in security incid...
Goodbye CLI, hello API: Leveraging network programmability in security incid...Goodbye CLI, hello API: Leveraging network programmability in security incid...
Goodbye CLI, hello API: Leveraging network programmability in security incid...Joel W. King
 
$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
$10,000 Phantom App & Playbook Contest - F5 and Cisco MerakiJoel W. King
 
API 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsAPI 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsJoel W. King
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomJoel W. King
 
Sdn users group_january_2016v5
Sdn users group_january_2016v5Sdn users group_january_2016v5
Sdn users group_january_2016v5Joel W. King
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible TowerJoel W. King
 
Control-with-Ansible-Tower
Control-with-Ansible-TowerControl-with-Ansible-Tower
Control-with-Ansible-TowerMark Costin
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...Joel W. King
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
 
IoT gateway dream team - Eclipse Kura and Apache Camel
IoT gateway dream team - Eclipse Kura and Apache CamelIoT gateway dream team - Eclipse Kura and Apache Camel
IoT gateway dream team - Eclipse Kura and Apache CamelHenryk Konsek
 
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, GcpPriyanka Aash
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackAbderrahmane TEKFI
 
Getting started with OpenStack
Getting started with OpenStackGetting started with OpenStack
Getting started with OpenStackKnoldus Inc.
 
Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsPLUMgrid
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalLibbySchulze1
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgePLUMgrid
 
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Joel W. King
 
Software Technologies for ICT Architectures
Software Technologies for ICT ArchitecturesSoftware Technologies for ICT Architectures
Software Technologies for ICT ArchitecturesAntonio Marcos Alberti
 

Weitere ähnliche Inhalte

Was ist angesagt?

$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
$10,000 Phantom App & Playbook Contest - F5 and Cisco MerakiJoel W. King
 
API 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsAPI 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsJoel W. King
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomJoel W. King
 
Sdn users group_january_2016v5
Sdn users group_january_2016v5Sdn users group_january_2016v5
Sdn users group_january_2016v5Joel W. King
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible TowerJoel W. King
 
Control-with-Ansible-Tower
Control-with-Ansible-TowerControl-with-Ansible-Tower
Control-with-Ansible-TowerMark Costin
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...Joel W. King
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
 
IoT gateway dream team - Eclipse Kura and Apache Camel
IoT gateway dream team - Eclipse Kura and Apache CamelIoT gateway dream team - Eclipse Kura and Apache Camel
IoT gateway dream team - Eclipse Kura and Apache CamelHenryk Konsek
 
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, GcpPriyanka Aash
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackAbderrahmane TEKFI
 
Getting started with OpenStack
Getting started with OpenStackGetting started with OpenStack
Getting started with OpenStackKnoldus Inc.
 
Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsPLUMgrid
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalLibbySchulze1
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgePLUMgrid
 
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm
 

Was ist angesagt? (20)

$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
 
API 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsAPI 102: Programming with Meraki APIs
API 102: Programming with Meraki APIs
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk Phantom
 
Sdn users group_january_2016v5
Sdn users group_january_2016v5Sdn users group_january_2016v5
Sdn users group_january_2016v5
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible Tower
 
Control-with-Ansible-Tower
Control-with-Ansible-TowerControl-with-Ansible-Tower
Control-with-Ansible-Tower
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...
Programmability and Automation in Data Center Networks: A talk on Hot Air Bal...
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platform
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
 
IoT gateway dream team - Eclipse Kura and Apache Camel
IoT gateway dream team - Eclipse Kura and Apache CamelIoT gateway dream team - Eclipse Kura and Apache Camel
IoT gateway dream team - Eclipse Kura and Apache Camel
 
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
 
Getting started with OpenStack
Getting started with OpenStackGetting started with OpenStack
Getting started with OpenStack
 
Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack Clouds
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about Packet
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-final
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile Edge
 
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
 

Ähnlich wie Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds

Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Joel W. King
 
Software Technologies for ICT Architectures
Software Technologies for ICT ArchitecturesSoftware Technologies for ICT Architectures
Software Technologies for ICT ArchitecturesAntonio Marcos Alberti
 
Openstack: security beyond firewalls
Openstack: security beyond firewallsOpenstack: security beyond firewalls
Openstack: security beyond firewallsGARL
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsGiuseppe Paterno'
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingAmazon Web Services
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module Cisco Canada
 
How to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructuresHow to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructuresPasquale Puzio
 
Workshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, VirtualizationWorkshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, VirtualizationJayaprakash R
 
Openstack workshop @ Kalasalingam
Openstack workshop @ KalasalingamOpenstack workshop @ Kalasalingam
Openstack workshop @ KalasalingamBeny Raja
 
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...Amazon Web Services
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
Cisco APIC-EM – реализация концепции SDN в корпоративных сетях
Cisco APIC-EM – реализация концепции SDN в корпоративных сетяхCisco APIC-EM – реализация концепции SDN в корпоративных сетях
Cisco APIC-EM – реализация концепции SDN в корпоративных сетяхCisco Russia
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Canada
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
How APIs are Transforming Cisco Solutions and Catalyzing an Innovation Ecosystem
How APIs are Transforming Cisco Solutions and Catalyzing an Innovation EcosystemHow APIs are Transforming Cisco Solutions and Catalyzing an Innovation Ecosystem
How APIs are Transforming Cisco Solutions and Catalyzing an Innovation EcosystemCisco DevNet
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Russia
 
Cisco’s Cloud Strategy, including our acquisition of CliQr
Cisco’s Cloud Strategy, including our acquisition of CliQr Cisco’s Cloud Strategy, including our acquisition of CliQr
Cisco’s Cloud Strategy, including our acquisition of CliQr Cisco Canada
 

Ähnlich wie Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds (20)

Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
 
Software Technologies for ICT Architectures
Software Technologies for ICT ArchitecturesSoftware Technologies for ICT Architectures
Software Technologies for ICT Architectures
 
Openstack: security beyond firewalls
Openstack: security beyond firewallsOpenstack: security beyond firewalls
Openstack: security beyond firewalls
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module
 
How to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructuresHow to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructures
 
Workshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, VirtualizationWorkshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, Virtualization
 
Openstack workshop @ Kalasalingam
Openstack workshop @ KalasalingamOpenstack workshop @ Kalasalingam
Openstack workshop @ Kalasalingam
 
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
Enabling Innovative Business Opportunities Through Secure Cloud Adoption - Se...
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
Cisco APIC-EM – реализация концепции SDN в корпоративных сетях
Cisco APIC-EM – реализация концепции SDN в корпоративных сетяхCisco APIC-EM – реализация концепции SDN в корпоративных сетях
Cisco APIC-EM – реализация концепции SDN в корпоративных сетях
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple IT
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideas
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
 
How APIs are Transforming Cisco Solutions and Catalyzing an Innovation Ecosystem
How APIs are Transforming Cisco Solutions and Catalyzing an Innovation EcosystemHow APIs are Transforming Cisco Solutions and Catalyzing an Innovation Ecosystem
How APIs are Transforming Cisco Solutions and Catalyzing an Innovation Ecosystem
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
 
Cisco’s Cloud Strategy, including our acquisition of CliQr
Cisco’s Cloud Strategy, including our acquisition of CliQr Cisco’s Cloud Strategy, including our acquisition of CliQr
Cisco’s Cloud Strategy, including our acquisition of CliQr
 

Mehr von Joel W. King

DevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptxDevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptxJoel W. King
 
BRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptxBRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptxJoel W. King
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSJoel W. King
 
NetDevOps Development Environments
NetDevOps Development EnvironmentsNetDevOps Development Environments
NetDevOps Development EnvironmentsJoel W. King
 
DevNet Associate : Python introduction
DevNet Associate : Python introductionDevNet Associate : Python introduction
DevNet Associate : Python introductionJoel W. King
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network AnalysisJoel W. King
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Joel W. King
 
Cisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design GuideCisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design GuideJoel W. King
 
Business Ready Teleworker Design Guide
Business Ready Teleworker Design GuideBusiness Ready Teleworker Design Guide
Business Ready Teleworker Design GuideJoel W. King
 
Data manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleData manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleJoel W. King
 
DevNet Study Group: Using a SDK
DevNet Study Group: Using a SDKDevNet Study Group: Using a SDK
DevNet Study Group: Using a SDKJoel W. King
 
Foray into Ansible Content Collections
Foray into Ansible Content CollectionsForay into Ansible Content Collections
Foray into Ansible Content CollectionsJoel W. King
 
Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Joel W. King
 
Introduction to Git for Network Engineers
Introduction to Git for Network EngineersIntroduction to Git for Network Engineers
Introduction to Git for Network EngineersJoel W. King
 
Learn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistLearn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistJoel W. King
 

Mehr von Joel W. King (16)

DevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptxDevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptx
 
BRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptxBRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptx
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOS
 
NetDevOps Development Environments
NetDevOps Development EnvironmentsNetDevOps Development Environments
NetDevOps Development Environments
 
DevNet Associate : Python introduction
DevNet Associate : Python introductionDevNet Associate : Python introduction
DevNet Associate : Python introduction
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network Analysis
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
 
Cisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design GuideCisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design Guide
 
Business Ready Teleworker Design Guide
Business Ready Teleworker Design GuideBusiness Ready Teleworker Design Guide
Business Ready Teleworker Design Guide
 
Data manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleData manipulation for configuration management using Ansible
Data manipulation for configuration management using Ansible
 
DevNet Study Group: Using a SDK
DevNet Study Group: Using a SDKDevNet Study Group: Using a SDK
DevNet Study Group: Using a SDK
 
Foray into Ansible Content Collections
Foray into Ansible Content CollectionsForay into Ansible Content Collections
Foray into Ansible Content Collections
 
Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)
 
Introduction to Git for Network Engineers
Introduction to Git for Network EngineersIntroduction to Git for Network Engineers
Introduction to Git for Network Engineers
 
What is Code?
What is Code?What is Code?
What is Code?
 
Learn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistLearn To Think Like A Computer Scientist
Learn To Think Like A Computer Scientist
 

Kürzlich hochgeladen

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds

  • 1. AUSTIN 2018 Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds
  • 2. Network analytics provides insight to the traffic flow between applications and endpoints. Telemetry data is streamed in real-time from software sensors and network devices to big-data clusters. Implementing the policy to create a whitelist-based segmentation and zero-trust model requires automation when dealing with tens of thousands of workloads and complex rules. This session examines how Cisco Tetration Analytics provides an accurate inventory of devices, software packages and version information to detect software vulnerabilities and implement a zero-trust policy model on network fabrics, firewalls and application delivery controllers. Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds
  • 3. o How did I get started using Ansible? Wrote NX-API module for Cisco Nexus switches o How long? Since January 2015 o Favorite thing to do with Ansible? Mentor network engineers on infrastructure programmability
  • 4. o Joel W. King Principal Architect World Wide Technology Research Triangle Park, NC o Experience AMP Incorporated, Network Architect Cisco, Cisco Validated Designs (CVDs) NetApp, Big Data: Video Surveillance Storage o Facts and Contact Info CCIE 1846 (ret.) 2016 Phantom Cyber Hall of Fame linkedin.com/in/programmablenetworks @joelwking joel.king@wwt.com DevNet Create 2018
  • 5. Deploy Sensors Dynamic Inventory Tetration Network Policy Publisher Resources
  • 6.
  • 7. SHARE ACT TRACE HUNT BEHAVIORS THREATS TRIAGE DETECTION TELEMETRY INVENTORY Can you collaborate with trusted partners to disrupt adversary campaigns? Can you deploy proven countermeasures to evict and recover? During an intrusion, can you observe adversary activity in real time? Can you detect an adversary that is already embedded? Can you detect adversary activity within your environment? Who are your adversaries? What are their capabilities? Can you accurately classify detection results? Can you detect unauthorized activity? Do you have visibility across your assets? Can you name the assets you are defending? What is it doing? Should it? What’s on my network?
  • 8. Automated whitelist policy Zero-trust, application segmentation Cisco Tetration Analytics​ Illumio​ VMware vRNI
  • 10. Data Collection Layer Cisco Tetration Analytics™ NETWORKING [TELEMETRY ONLY] Data Consumption Layer REST API KAFKA MESSAGE BUS
  • 11.
  • 12. o Deploy Software Sensors setup_tetration_sensor.yml o Dynamic Inventory inventory/sensors.py o Network Policy Publisher library/tetration_network_policy.py PLUGINS MODULES ANSIBLE PLAYBOOK DATA REST API https://github.com/joelwking/ansible-tetration
  • 14. Data Collection Layer Cisco Tetration Analytics™ 39-RU 8-RU SaaS 25,000 | 5,000 | 1,000 NETWORK INFRASTRUCTURE NetFlow | ERSPAN VM Appliance COMPUTE or virtual appliance
  • 15. o Extensive matrix of Windows | Unix | Linux o Package and version dependencies e.g. rpm (even in Ubuntu/Debian) o Different agent RPMs for … o Agent type, e.g. enforcement, visibility o Target system, e.g. CentOS 6.0 vs 7.0 o Latest version covers 34 RPMs o Agent downloaded from GUI
  • 16. o Rather than PDF … o ./setup_tetration_sensor.yml [administrator@centos-ansible-1 ~]$ uname Linux [administrator@centos-ansible-1 ~]$ -r -bash: -r: command not found [administrator@centos-ansible-1 ~]$ uname -r 3.10.0-862.el7.x86_64 command: uname -r value: 3.10.0-862.el7.x86_64 command: cat /etc/shells value: /bin/sh command: dmidecode -V value: 3.0 command: openssl version -a value: OpenSSL 1.0.2k-fips command: cpio --version value: cpio (GNU cpio) 2.11 command: sed --version value: sed (GNU sed) 4.2.2 command: awk --version value: GNU Awk 4.0.2 command: flock -V value: flock from util-linux 2.23.2 command: iptables --version value: iptables v1.4.21 command: ipset --version value: ipset v6.29, ansible-tetration/setup_tetration_sensor.yml
  • 18. ANSIBLE AUTOMATION ENGINE CMDB INVENTORY HOSTS NETWORK DEVICES PLUGINS CLI MODULES PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CORE NETWORK COMMUNITY ANSIBLE PLAYBOOK
  • 19. ANSIBLE AUTOMATION ENGINE CMDB INVENTORY HOSTS NETWORK DEVICES PLUGINS CLI MODULES PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CORE NETWORK COMMUNITY NOW.PY EC2.PY VMWARE_FACTS ANSIBLE PLAYBOOK
  • 20. ANSIBLE AUTOMATION ENGINE CMDB INVENTORY HOSTS NETWORK DEVICES PLUGINS CLI MODULES PUBLIC / PRIVATE CLOUD PUBLIC / PRIVATE CLOUD CORE NETWORK COMMUNITY NOW.PY EC2.PY VMWARE_FACTS ANSIBLE PLAYBOOK Cisco Tetration Analytics™ SENSORS.PY ansible-tetration/inventory/sensors.py
  • 21. $ ansible-inventory --host centos-ansible-1 -i ./inventory/sensors.py { "agent_type": "ENFORCER", "auto_upgrade_opt_out": false, "cpu_quota_mode": 1, "cpu_quota_usec": 30000, "current_sw_version": "2.3.1.41-1-enforcer", "data_plane_disabled": false, "enable_forensics": false, "enable_pid_lookup": false, "host_name": "centos-ansible-1", "interfaces": [ { "family_type": "IPV4", "ip": "10.255.40.139", "mac": "00:50:56:b9:62:58", "name": "ens160", "netmask": "255.255.255.0", "vrf": "Default", "vrf_id": 1 }, [snip] ], "last_config_fetch_at": 1537905092, "last_software_update_at": 1535054507, "platform": "CentOS-7.5", "uuid": "965e77504bf605d62c575231fa3d56463aed38bf" } ansible-inventory --host centos-ansible-1 -i ./inventory/sensors.py
  • 24. DevNet Create 2018 Export whitelist policy GUI SAVE AS [ JSON, XML or YAML ] https://github.com/joelwking/ansible-aci/blob/master/aci_contracts_filters.yml No SQL ANSIBLE PLAYBOOK CISCO ACI NETWORK MODULES python
  • 25. Network Policy Publisher ANSIBLE PLAYBOOK aci_create_filters.yml BROKER message publisher policy subscription MODULES tetration_network_policy.py Alerts every minute for enforcement Released in 2.3.1.41 April 2018
  • 26. - name: Tetration Network Policy tetration_network_policy: broker: "192.0.2.1:9093" topic: "Tnp-2" cert_directory: "{{ playbook_dir }}/files/certificates/producer-tnp-2.cert/" https://github.com/joelwking/ansible-tetration/blob/master/aci_create_filters.yml 226
  • 27. UPDATE_START UPDATE UPDATE_END Tetration Network Policy Kafka message(s) topic partition offset key value Google Protocol Buffer Network Policy Network Policy len( value ) == 8
  • 28.
  • 29. o AnsibleFest 2018: Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds https://github.com/joelwking/ansible-tetration o DevNetCreate 2018: Applying a whitelist policy generated by Cisco Tetration to an ACI network fabric. https://www.wwt.com/all-blog/devnet-create-2018/ o Cisco Tetration Light-board: Cloud Workload Protection https://youtu.be/Hd56GVVr_AE o WWT AnsibleFest https://www.wwt.com/event/ansiblefest/
  • 30. David Goeckler, EVP / GM of Cisco's Networking and Security … turning the whole network into essentially a big software system where you define your policy in one place … That policy gets translated into what you want the network to do, and then you have an automation layer that activates all of those changes across your network fabric. https://www.networkworld.com/article/3280959/lan-wan/cisco-s-david-goeckeler-talks-security-networking-software-and-sd-wan-outlook.html