Cloud - ONDE · 2019-12-16 · with OpenStack. Banco Santander runs 1,000 compute nodes of OpenStack in data centers across the world, and uses Cloudera on OpenStack to power fraud

CloudComputing

Fundamentals

Dr.Abhisak Chulya

CEO & Founder

WhatistheCloud? คลาวด คออะไร

§ Cloud computing ถกใชเหมอนกบการอปมา

สาหรบ ”the Internet.”

§ Networking solution คอความรบผดชอบ

ของคนอ<น เราไมตองดแลแลว

§ ถาเปนง Dน น<นคอการลดคาใชจายท<ด

§ Application สามารถโฮสตโดยคนอ<น

§ Data สามารถเกบไวท<ไหนกได

§ Applications สามารถเขาถงจากท<ไหนกได

Advantages to the Cloud

ประโยชน จากการใชคลาวด

Reasons Not to Use Cloud

เหตผลท:ไมควรใชคลาวด

§ Internet outages - อนเทอรเนตโดนตดขาด

§ Site Access – โฮสตมปญหา

§ Sensitive data - ขอมลมความสาคญ

CloudComponents

§ Clients

§ Mobile

§ Thin

§ Thick

Explore the components of cloud

§ Clients

§ Mobile

§ Thin

§ Thick

§ Data Center

§ Distributed

Servers

Cloud Components

CloudInfrastructure

§ Full Virtualization - การเวอรชวลไลซแบบเตม

Unique applications - แอพท<ไมเหมอนใคร

Different OSs - ระบบปฏบตการท<แตกตางกน

One way to access services on the cloud

มทางเดยวเทาน Dนท<จะเขาถงคลาวดได

§ Ideal for - เหมาะสาหรบอะไรบาง

การใชระบบคอมรวมกนระหวางผใชหลากหลาย

แยกผใชแตละคนออกจากกน

ทาตวเสมอนอปกรณบนอกเคร<องหน<ง

Cloud Infrastructure

CloudInfrastructure

§ Paravirtualization – การเวอรชวลไลซแบบไมเตม

Multiple OSs on one device

Not all elements need to be emulated

Allows for better scaling

Guest OSs talk to Hypervisor via API call

§ Ideal for - เหมาะสาหรบอะไรบาง

Disaster Recovery

Migration

Capacity management

Cloud Infrastructure

ThreemainCloudComputing

Scenarios

1. Compute Node

On-demand resources เคร<องพรอมใชเม<อตองการ

Useful to any size organization มประโยชนกบองคกรทก

ขนาด

2. Storage Node

Maintain files off-site ดแลไฟลขอมล นอกสถานท<ได

3. Cloud applications

Applications are delivered over the internet

Hosting and IT management offloaded to the

cloud

Evaluating Cloud Computing for Business

การประเมนคณคาของ คลาวดคอมพวต Dง ในเชงธรกจ

WhentoavoidCloud

Computing

§ Legislative Issue ตดขอกฏหมาย

§ Hardware dependencies ตดเงอนไขเร<อง hardware

มาก

§ Server control ใชการควบคมจาก เซรฟเวอรเปนหลก

§ Lack of need ขาดความจาเปนท<จะใช

§ Integration ไมมความจาเปนท<จะมารวมกน

Evaluating Cloud Computing for Businessการประเมนคณคาของ คลาวดคอมพวต Dง ในเชงธรกจ

OperationalBenefits

oftheCloud

§ Reduced cost ลดคาใชจาย

§ Increased storage เพ<มความจการเกบขอมล

§ Automation สรางแบบออโต ทาใหเกดความรวดเรว

§ Flexibility ยดหยน

§ Mobility คลองตว



EconomicBenefits

oftheCloud

§ People

§ Hardware: Capex vs Opex

§ Pay-as-you-go

§ Time to market



StaffingBenefits

oftheCloud

§ Software/Maintenance

§ Deployment time

§ Availability

§ SLA adherence

§ Upgrades

§ IT relief

§ More money!



KnowSecurityRisksof

CloudComputing

§ Privileged user access

§ Regulatory compliance

§ Data location

§ Data segregation

§ Recovery

§ Long time viability

Cloud Computing Risks - ความเส:ยง



CloudStorage§ Anywhere access

§ Ideal for travelers

CloudStorage

§ Anywhere access

§ Ideal for travelers

§ Wide variety of

Providers & Services

§ Data kept safe

§ Cost savings

§ Google Docs for Office files

§ Outlook, Yahoo! Mail and

Gmail for email

§ iCloud and Google Photos

for digital photos

§ YouTube for video files

§ Public cloud providers

§ Linkedln and Facebook for

data and pictures

§ Dropbox for any digital data

Cloud Storage Providers - ผใหบรการ

CloudStorageSecurity

§ Encrytion

§ Authentication

§ Authorization practices

CloudStorageConsiderations

§ Safely protects data

§ Can used a mixed approach

§ Outages

§ Theft

CloudTools&Services

§ Google and G Suite

§ Microsoft Office 365

§ Work with OneDrive

§ Sync files with iCloud

§ Work with Evernote

MakeaCloudmigrationplan

§ Get Educated

ศกษาใหดกอน

§ Access security

ประเมนความปลอดภย

§ Hire Professional

จางมออาชพ

Migration to the Cloud การยายข Dน

คลาวด

DefineDisiredOutcomes

§Enhance or Jump ahead

§Compliance and legal issues

§Plan for multi-server handling

§Start Small เร<มจากเลก ทละข Dน

Migration to the Cloud การยายข Dนคลาวด

RunTestMigrations

§Migrate to a test cloud

§Run load tests

§Try to ”break” things


PrepareforLiveCutover

§Create a step-by-step checklist

§Plan for outages

§Build a rollback strategy


คาแนะนา MigrationTips

§Start small

§Consider participation

§Know the costs

§Choose the right providers


EnterpriseClass

§Private Cloud – on-premises

§Private Cloud – off-premises

§Public Cloud - local

§Public Cloud - global


Analyze services and service providers

TheWave

Approach

§Releasing your data to the

cloud in phrases, or “waves”

Migration to the Cloud การยายข DนคลาวดReleasing the data using wave approach




BeforeMigration

§Track seats

§Determine what information

needs safeguarding

§Determine legal and sector-

specific guidelines

§Create internal guidelines and

categorize information

Migration to the Cloud การยายข DนคลาวดSecure your data

AfterMigration

§Track and monitor data

§Segregate data into

sensitivity and privacy

catagories

Migration to the Cloud การยายข DนคลาวดSecure your data

Establishatrainingplan

§ Communication

§ Information and sessions

materials

§ Training sessions

§ Evaluation

§ Ongoing training and

support

Migration to the Cloud การยายข DนคลาวดEstablish a training plan

Respondingtochange

§ Stay current on apps

§ Analyze apps

§ Keep current on vendors

Migration to the Cloud การยายข DนคลาวดPredict and respond to change

Programmable infrastructure that lays a common set of APIs on top of compute, networking and storage

What is OpenStack

WHAT IT IS WHY USE IT THE COMMUNITY USING OPENSTACK FAQS

One platform for virtual machines, containers and bare metal

OpenStack Cloud Models


Public cloud: shared resource, “pay-as-you-go” models are common. OpenStack public cloud is available in 60+ datacenters globally.

Private Cloud: dedicated to a single user. Can be hosted private cloud in a vendor’s data center or yours, or remotely managed private cloud.

Hybrid cloud: a mix of private cloud and public cloud orchestrated together to meet company needs

THERE’S A GLOBAL SHIFT TOWARD CLOUD. THE BENEFITS: AGILITY, SCALABILITY, DECREASED HARDWARE COSTS.

3 CLOUD MODELS

OPENSTACK PRINCIPLES

OPEN SOURCE

OPEN DESIGN

OPEN DEVELOPMENT

OPEN COMMUNITY

1

2

3

4

Choice & control: ability to choose between and switch vendors

Ability to contribute or directly influence the roadmap

Widely adopted open source APIs are the new standards

Part of a vibrant community to share knowledge and help each other

OpenStack is open sourceHERE’S WHY THAT MATTERS


Primary business drivers

WHY USE IT THE COMMUNITY USING OPENSTACK FAQSWHAT IT IS

#1 avoid vendor lock-in

#2 accelerate innovation

#3 operational efficiencySource: User Survey, April 2017

Which industries choose OpenStack?RETAIL/E-COMMERCE

WHY USE IT THE COMMUNITY USING OPENSTACK FAQS

FINANCIAL TELECOM ACADEMIC/RESEARCH

ENERGY AND MANUFACTURING INSURANCE ENTERTAINMENT

WHAT IT IS

See more at openstack.org/user-stories

What runs on OpenStack?TELECOM/NFV

WHY USE IT THE COMMUNITY USING OPENSTACK FAQS

HPC ENTERPRISE APPS BIG DATA

WHAT IT IS

MULTI-CLOUD E-COMMERCE DEVELOPER PRODUCTIVITY WEB SERVICES

86% of telecoms say OpenStack is important to their business; many are using OpenStack to virtualize their networks and implement edge computing to achieve agility significant cost savings.

DigitalFilm Tree uses interoperable OpenStack private and public clouds to process thousands of hours of raw footage into a one-hour TV show.

Walmart moved their global e-commerce platform to OpenStack, powering desktop, mobile, tablet and kiosk users.

Adobe Digital Marketing uses OpenStack to convert their existing virtualization environment into self-service IT.

CERN runs one of the largest OpenStack clouds to process data from the Large Hadron Collider, giving physicists the resources they need to unleash the secrets of the universe.

Comcast powers customer-facing and internal applications and services for both production and development environments with OpenStack.

Banco Santander runs 1,000 compute nodes of OpenStack in data centers across the world, and uses Cloudera on OpenStack to power fraud detection.

Workday moved their on-demand software services from static, virtualized environments to a fully elastic and scalable platform based on OpenStack.

History of OpenStack


2010

NASA + Rackspace develop the basis of OpenStack

2012

OpenStack Foundation established

2014

OpenStack Marketplace opens to showcase maturing ecosystem; “Juno” release seen as enterprise grade

2017

OpenStack emerges as one platform for containers,

VMs and bare metal

2015

OpenStack Powered interop certification launched

2016 - April

Half the Fortune 100 run OpenStack; Certified OpenStack Administrator program launched

2016

China booms; 86% of telecoms say OpenStack important to their business

About the OpenStack Foundation


Maintain infrastructure for development & communication

Coordinate software releases

Trademark and legal management

Host summits & development meetings

Promote the use of open source infrastructure projects

openstack.org/foundation

OpenStack Foundation Sponsors


PLATINUM MEMBERS

GOLD MEMBERS

The OpenStack Community


MEMBERS ORGANIZATIONS81,000+

COUNTRIES

187 670+

How does the community collaborate?


HACKATHONS

REGIONAL OPENSTACK DAYS &

LOCAL MEETUPS

CONTRIBUTING CODE, DEVELOPER

PLANNING SESSIONSTOPICAL MAILING LISTS

GLOBAL OPENSTACK SUMMITS VOTING ON REPRESENTATIVES

Cross-community collaboration


OpenStack integrates with a number of other technologies, including many popular open source projects, enabling users to combine them with OpenStack.

Containers PaaS NFV Provisioning

OpenStack’s software releases


QUEENS

February 2018ROCKY

April 2018STEIN

April 2019TRAIN

February 2020

Releases happen every 6 months

In development

Most clouds run one of the two most recent releasesLearn more about the releases at openstack.org/software

http://openstack.org/software

The OpenStack Framework

WHAT GETS CALLED OPENSTACK?

USING THE SAMPLE CONFIGURATIONS

CORE SERVICES & OPTIONAL SERVICES


It costs less and does more


Watch this session:

Elephant in the Room: What's the

TCO for an OpenStack Cloud?

“In all private cloud-based applications…we expect approximately 70% of cost savings as

compared to classical IT solutions.”

–Holger Urban, Volkswagen

“TD Bank...experienced a 25% to 40% costs savings on their platforms and virtual machines over their

previous solution by deploying OpenStack.”

–Forbes, “3 Reasons Why An OpenStack Private Cloud May Cost You Less Than Amazon

Web Services”

https://www.openstack.org/videos/video/elephant-in-the-room-whats-the-tco-for-an-openstack-cloud-1



OpenStack is recognized for its security

“The OpenStack community is taking

security seriously…”


openstack.org/software/security

OpenStack services

Khomkrit Viangvises, Principal OpenStack Engineer

copyright© 2019, Nipa Technology Co., Ltd. | All Rights Reserved.

OpenStack services overviewOpenStack is made up of a variety of services that are all written in the Python programming language and serve a specific function. OpenStack's modular nature facilitates the modern cloudy application design philosophy and also allows easy expandability; any person, community, or company can develop an OpenStack service that can easily integrate into its ecosystem.

The OpenStack Foundation has successfully identified nine key services they consider part of the core of OpenStack, which we'll explore in detail.

CORE Services

Optional Services

Keystone - identity serviceKeystone handles authentication. It acts as a common authentication system across all core services in an OpenStack environment. Both human users and services must authenticate to Keystone to retrieve a token before interacting with other services in the environment.

Visualize the process of logging on to a website with your username and password. When a user does this on the Horizon dashboard, they authenticate against Keystone to successfully login and begin creating virtual resources. Keystone also stores the service catalog, users, domains, projects, groups, roles, and quotas—exam objective concepts you'll examine in Chapter 3, Keystone Identity Service.

Keystone - identity service

Glance - image serviceGlance provides discovery, registration, and delivery services for disk images.

When one boots a virtual machine (also known as an instance), it is typically required to provide a disk image. These typically contain an operating system (such as Ubuntu or Red Hat Enterprise Linux), and are best described as a snapshot of a disk's contents. Examples of disk image types include QCOW2, VMDK, VHDX, ISO, and RAW. The disk image has usually been previously created by a person or script who has gone through the initial installation procedure and has installed specific configuration files to ensure it is cloud-aware. Glance can store images in a variety of data stores, including the local filesystem or OpenStack Swift.

Glance - image service

Nova - compute serviceInspired by Amazon EC2, Nova is the compute service and the core of the OpenStack cloud. It is designed to manage and automate pools of compute resources, and can work with widely available virtualization technologies as well as bare metal servers.

It's important to note that Nova is not a hypervisor. It's a system of services that sit above the hypervisor, orchestrating availability of compute resources. Some examples of hypervisors include Hyper-V, VMware ESXi, Xen, and the most popular, KVM (Kernel-based Virtual Machine). Nova also supports the ability to utilize Linux container technology such as LXC and Docker.

In OpenStack, the term booting is used to refer to the creation of a virtual machine. A virtual machine booted with Nova is often called an instance.

Nova - compute service

Neutron - networking serviceNeutron is a service that allows users to manage virtual network resources and IP addresses.

If one wants to boot an instance, they typically need to provide a virtual network on which to boot that instance so that it has network connectivity. With Neutron, users can view their own networks, subnets, firewall rules, and routers—all through the Horizon dashboard, CLI, or API. One's ability to create and manage network resources depends on the specific role they have been assigned.

Neutron also contains a modular framework powered by a variety of plugins, agents, and drivers, including Linux bridge and Open vSwitch.

Neutron - networking service

Cinder - block storage serviceInspired by Amazon's Elastic Block Storage (EBS) offering, Cinder allows users to create volumes that can be mounted as devices by Nova instances.

Cinder volumes behave as if they were raw unformatted hard drives. Once data is written to these volumes, the data persists even after terminating the instance or an instance failure. This is because the written data is stored on a dedicated Cinder storage server, not the compute nodes where the instances reside. Cinder also supports snapshots which capture the current state of a volume. These are useful for providing backup protection, and they can also be used to instantiate new volumes that contain the exact data of the snapshot. You can also write images to a block storage devices for compute to use as a bootable persistent instance.

Cinder - block storage service

Swift - object storage serviceInspired by Amazon S3, Swift is a redundant storage system that provides developers and IT teams with secure, durable, and highly scalable cloud storage. A user creates a container and stores static files, also known as objects, in the container. These objects can be anything from pictures or movies to spreadsheets and HTML files. From the end user's perspective, storage is limitless, inexpensive, and accessible via a REST API. Features can also be turned on via the Swift API. These include hosting a static website, versioning, setting specific objects to expire, and even setting Access Control Lists (ACLs) allowing public access to the objects inside the container.

Swift - object storage serviceOn the backend of Swift, static files (also known as objects) are written to multiple disk drives spread throughout servers in a data center. The Swift software is responsible for ensuring data replication and integrity across the cluster. Should a server or hard drive fail, Swift replicates its contents from other active nodes to a new location in the cluster.

Swift - object storage service

Heat - orchestration serviceInspired by Amazon's CloudFormation service, Heat helps operators model and set up OpenStack resources so that they can spend less time managing these resources and more time focusing on the applications that run on OpenStack.

You begin with a blueprint or Heat Orchestration Template (HOT) that describes all the OpenStack resources to be provisioned. Heat then takes care of provisioning and configuring, with no need to worry about dependencies or order of execution—a template describes all the resources and their parameters. After the stack has been created, your resources are up and running.

Heat - orchestration serviceTemplates are extremely convenient because they allow operators to check them into a version control system to easily track changes to the infrastructure. If problems occur after deploying a Heat template, you simply restore to a previous version of the template. If you want to make a change to the stack, you can easily update it by providing a modified template with new parameters.

Heat - orchestration service

Interacting with OpenStack

Horizon dashboardIf you are new to OpenStack, this is the best place to begin your journey. You simply navigate to the Horizon URL via the web browser, enter your username and password, verify you are scoped to the proper project, and then proceed creating instances, networks, and volumes with the click of a button.

Horizon dashboard

OpenStack API communication

Security inResource-Sharing EraThotsaphon Tungjitviboonkun, Solutions Architect Manger


Agenda● Why do we need to concern about security● Basic security we should know● Resource-sharing trend● Security in resource-sharing era● In Cloud We Trust

Why do we need to concern about security?

Scenario1● Someone check the lock of my house● He able to crack the lock and get in● He close the door and lock it back● He get back and come again on the next day with his comrade

● Bot check the remote connection● The password is weak and bot able to get in● It report back to control server



Scenario2● Someone walked into my house uninvited● He painted on my wall and walked out

● Bot get into your server/application● Bot modify your website/data and

disconnected


Scenario3● Someone walked into my house uninvited● He kick me out and change the lock● I cannot get into my house● He use my house as base and keep checking on my neighbor house

● Bot get into your server/application● Bot modify your password and use your server to spread his virus


Why do we need to concern about security?● I don't want to lose my sensitive data● I don't want others to steal my sensitive data● I don't want redo my work● I don't want others to use my resource

● CIA (Confidentiality, Integrity, Availability)

Basic security we should know

● Nothing is unhackable● Human are greatest security weakness● Security VS Convenience

Nothing is unbreakable● 100 to 1 A.D. - Caesar Cipher was used● 9th Century - Caesar Cipher was break by Frequency Analysis

Plain text: THE QUCIK BROWN FOXCipher text: QEB NRFZH YOLTK CLU

Nothing is unbreakable● 1917 - Enigma machine was invented● 1932 - Military Enigma machine was break

by Bombe

Nothing is unbreakable● 1976 - DES encryption is approved

as standard● 1980 - Time-memory tradeoff was proposed● 1995 - Triple DES (3DES;TDES;TDEA)

is published (RFC1851)● 1997 - DES encryption was break

for the first time in public● 2005 - DES was withdraw by NIST● 2016 - 3DES was break● 2017 - 3DES was withdraw by NIST

Nothing is unbreakable● 1997 - AES was developed to replace DES● 2001 - AES was annouced by NIST

AES-128, AES-192, AES-256● 2016 - NIST predict that AES-128 will secure until 2030

(NIST SP 800-57, Page56, Table4)

Nothing is unbreakable● 1987 - Rivest Cipher4 (RC4) was designed● 1997 - RC4 was used in encryption protocol such as WEP● 2001 - WEP was cracked● 2003 - WPA-PSK (TKIP) was published to replace WEP without requiring

the replacement of hardwareIt just a quick fix until WPA2 available

● 2008 - WPA-PSK (TKIP) was break● 2004 - WPA2 was available● 2017 - WPA2 is reported as vulnerable and require a patch from vendor● 2018 - WPA3 is annouced

Nothing is unbreakable● 1977 - RSA was first published● 2012 - There is a research paper show that RSA is vulnerable.

It can be fixed by make sure there is no public keys sharing the prime number

● 2012 - NIST predicts that 2048 bits RSA will secure until 2030

● There are currently no published methods to defeat the system if a large enough key is used

Nothing is unbreakable● 1992 - MD5 hash function was publish (RFC1321)● 1993 - SHA-0 was publish● 1995 - SHA-1 was publish● 2001 - SHA-2 (256-bit and 512-bit) was publish● 2011 - SHA-1 is insecure● 2015 - SHA-3 was pubish

Nothing is unbreakable● 1995 - SSL 2.0 released● 1996 - SSL 3.0 released● 1999 - TLS 1.0 released to replace SSL 3.0● 2001 - SSL 2.0 deprecated● 2006 - TLS 1.1 released● 2008 - TLS 1.2 released● 2015 - SSL 3.0 deprecated● 2018 - TLS 1.3 released● 2020 - TLS 1.0 and TLS 1.1 are going to deprecated

Nothing is unbreakableRecommend

● AES - for semetric key encryptionAES-128 as minimum, AES-256 is better

● RSA - for asymmetric key encryption2048 bits RSA as minimum, 4096 bits RSA is better

● SHA - for hash functionSHA-2 as minimum, SHA-3 is better

● TLS - for HTTPSTLS1.2 as minimum, TLS1.3 is better

Human are greatest security weakness


Human are greatest security weakness● top 10 most common password on 2019

1. 12345 6. 123456782. 123456 7. zinch3. 123456789 8. g_czechout4. test1 9. asdf5. password 10. qwerty

● https://haveibeenpwned.com/








Recommend● Do not use insecure password● Minimum password length should greater than 8● Password should contain Capital letter, Lower letter, Number, and Special

character● Password should be changed every 3 month● Do not use password similar to your previous password (pattern)● Seperate your personal password from organization password● Enable multi-factor authentication if it support


Recommend● Lock your screen when you not using it● Logout from everything when you not using it● Do not note your password on desktop● Do not share your password with anyone● Do not panic


Recommend● Do not make your own security algorithm● Encryption is prefer when transmit data● Do not store password as plaintext● Do not use a deprecated function or program● You should update your software frequently● Do not expect the user is a good user● Validate on every field, every input, and the passed value● Beware of the SQL injection attack


Recommend if you got hacked● Stop using that compromised code/software/server● Separate it from your production environment● Find the root cause● Re-install all with fixed● Do not repeat it again

Security VS Convenience



Resource-sharing trend● Trend nowadays...● Social network and Internet become important things● Data is valuable● We are going to join in Big-data, Cloud, and IOT trend

Resource-sharing trend● Cloud benefits

- Efficiency / Cost reduction- Data security- Scalability- Mobility (Work from anywhere)- Reliability (Disaster recovery)- Control- Competetiveness

Resource-sharing trend● Open Source is rapidly growth● Based on LINUXFOUNDATION document (year 2018)

Resource-sharing trend● Web scale companies open up and share

- Google: Kubernetes, Tensorflow- Facebook: OpenCompute, HHVM, OpenCellular- Twitter: Mesos, Aurora, Parquet, Heron- LinkedIn: Kafka- Netflix: NetflixOSS

Resource-sharing trend● Open Source Trend is not slowing down● Based on SourceClear survey, almost 80% of all companies, from

enterprises to hot silicon valley startups, say they now rely on open-source.

Resource-sharing trend● Open Source that Startup companies share

- Box- Dropbox- Uber- Github

Resource-sharing trend● Enterprise companies that use Open Source and being

LINUXFOUNDATION members

Resource-sharing trend● Open Source belongs to everyone

Everyone can use it● Accelerates access to technology

Everyone helps make it better● Open Source builds in community

Everyone help each others

Security in resource-sharing era● There are at least seven types of open-source library vulnerabilities that

we should all be extremely concerned about● The Seven Deadly Sins of Open-Source Libraries

1. Disclosed Vulnerability - a vulnerability where information is available in public databases such as the National Vulnerability Database in the form of CVE’s. CVE is a claim based system and claims require secondary analysis, verification and data enrichment such as the vulnerable versions and the vulnerable methods.

Security in resource-sharing era● The Seven Deadly Sins of Open-Source Libraries

2. Inherited Vulnerability - a new vulnerability that is the result of a library inheriting a library with another vulnerability via its dependency & call graph (both conditions needed). The typical Java library inherits four other libraries and the typical NPM module inherits nine other libraries, making inherited vulnerabilities quote common.


3. Embedded - a new vulnerability that is the result of inheriting a library with a another vulnerability by embedding its code (usually as a result of cut-and-paste or adding a JAR file or XML parser in a parent library). Sites like Conjars make these type of vulnerabilities a growing problem.


4. Similar - a new vulnerability that is the same or similar to another known vulnerability but that is now found in a different library.5. Reintroduced - the same vulnerability that has been fixed in a previous release of the library but that has been reintroduced in a later version of the same library. This is quite common when libraries maintain multiple versions.


6. Zero Days - new issues that have not yet been the subject of disclosure but known about by someone and likely being used by the bad guys in the wild.7. Half Days - new issues that have not yet been the subject of disclosure but can be found in places like commit logs, change-logs and issue trackers if you know where to look. Half days are often obscured and sometimes hidden but more often than not hiding in plain-sight.

Security in resource-sharing era● What about Cloud Security?● Security of Cloud or Security in Cloud● Let's take a look on AWS and GCP

Security in resource-sharing era● US government is using GCP, AWS, and Azure Cloud too● GDCC Cloud is VMware-based and OpenStack-based● Common Security in GDCC Cloud

Security in resource-sharing era● Secure Datacenter

- ISO/IEC 27001 Certified- Data Center access logs- Data Center access monitoring

● Secure Cloud Software- M/A without user notice- Software will be up-to-date

Security in resource-sharing era● Secure Network

- User have their own network- Other user unable to capture your network data

● Secure Datatransmit between Compute Node and Volume- User data is encrypted

● Secure Compute Node- No data store on Compute Node

Security in resource-sharing era● Secure Volume

- Volume Disk is encrpyted- Volume Disk is formatted when terminate

● Secure Cloud Image- Cloud Image is up-to-date- Cloud Image is VA scan passed

Security in resource-sharing era● What you need to remember

- This is resource sharing- GDCC responsible for security "of" Cloud, not security "in" Cloud

In Cloud We Trust


Nipa Cloud Platform (NCP)

Pipitpon Noalngam, System Analyst



Command Line

Managing OpenStack


Horizon


Nipa Cloud Platform




Marketplace (One-Click App)




Billing System● Prepaid / Postpaid account● Cost estimation

○ How much you pay each month?

○ How long your credit will be last?

● Cost comparison from previous months

● Track usage on dailey basis● Cost calculated based on per hour


Project Management and Software Implementation Processes

ISO/IEC 29110 : 2018


NCP Customer PortalCustomer Portal● Replace OpenStack Horizon

● Registration○ email verification○ OTP verification

● New user journey● Secured by design● Control complexity● Add more features..


NCP Admin Portal● Bring more hidden features from

OpenStack API ● SLA & Impact Monitor● Audit logs● made for daily-use operation more efficient

Customer Portal

Backend Portal


DEMO

Documents

Cloud - ONDE · 2019-12-16 · with OpenStack. Banco Santander runs 1,000 compute nodes of OpenStack in data centers across the world, and uses Cloudera on OpenStack to power fraud