TheSaffaGeek

My ramblings about all things technical


Leave a comment

#VMwAWS #vExpert #vCommunity Meetup at #AWS ReInvent

itproawsvmware-logo2

Later this month I will be attending my first AWS ReInvent due to me being the AWS Solution Lead for the UK&I for Dell EMC. As part of my attending I am planning to try kick start a community within the AWS ecosystem that matches the awesome one that the vCommunity has around VMware and supporting technologies. Due to me being a VMware vExpert for the last 9 years and a newly appointed vExpertPro I am looking to call on this community whom are also attending the conference to get together and ideally we can build a crossover AWS and VMware community seeing as most people who have done VMware now also know AWS or are currently using it more and more due to offerings like VMConAWS.

The vBrownbag crew will be attending ReInvent for the first time so please make sure to sign up for a TechTalk and also come watch and meet some like minded people as the community around the vBrownbag is always strong and well worth knowing

So initially and the point of this posting is to find out how many of my followers/readers are attending ReInvent and to then hopefully organise a few meetups and spread the supporting nature of the VMware community into the AWS community and vice versa. So if you are attending then please put your name in the form below and your twitter handle and I will create a way for all of us to start building the VMwAWS community.

Advertisements


Leave a comment

VMware Cloud Foundation 3.5

This morning during the VMworld EU keynote the next iteration of VMware Cloud Foundation (VCF) was announced and it is packed with new features as well as a number of exciting changes. I will touch on some of them from a high level below:

vSphere 6.7 Update 1 based Bill of Materials

VCF is now based on and compatible with the latest version of vSphere 6.7 update 1 as well as the latest version of the vRealize suite. The bill of materials and versions are:

vSphere 6.7 Update 1

vSAN 6.7 Update 1

vSAN Content Pack 2.0 (for log Insight)

NSX for vSphere 6.4.3

NSX-T 2.3 (WHAT!!!?? More below on this)

SDDC Manager 3.5 (Includes Integrated VIA)

vRealize Suite Lifecycle Manager 2.0

vRealize Automation 7.5

vRealize Operations 7.0 (and management packs)

vRealize Log Insight 4.7 (and contents packs)

NSX-T Workload Domain

  • NSX-T Data Center is the premium networking and security platform, supporting developer cloud use cases such as:
    Single or multi-tenant IaaS (Infrastructure as- Service) and with NSX-T 2.3 expanding support to New App Frameworks (Containers)
    Public Cloud and some Security Use cases

image

image

NFS Workload Domain

Ability to create workload domains using only NFS storage
Benefits:

  • Automated deployment of NFS based workloads
  • Flexibility to consume existing storage

image

image

image

image

image

Composable Infrastructure Support

What is Composable Infrastructure?

Converged:

  • Preconfigured package of software and hardware in a single unit
  • Enables simplified procurement and easier operation
  • Designed for a specific application or workload
  • Management of those discrete resources often remains siloed

Hyperconverged:

  • Adds deeper levels of abstraction and greater levels of automation for easy-to consume infrastructure capacity
  • Software-defined elements are implemented virtually, with integration into the hypervisor environment.
  • Scaling is done by deploying additional nodes

Composable:

  • Fluid pools of compute, storage and network
  • Simplified platform management
  • Resources can be provisioned & reconfigured on demand
  • Reduce under-utilization and over-provisioning while creating a more agile data center

Brand new composability service developed against Redfish framework

HPE Synergy is the first certified partner.

 

image

 

Next Generation Use Cases for Cloud Foundation

 

image

 

Resources

Product Page vmware.com/go/cloudfoundation
Documentation vmware.com/go/cloudfoundation-docs
Poster (like the one shown below) vmware.com/go/cloudfoundation-poster
Blog blogs.vmware.com/cloud-foundation
HOL labs.hol.vmware.com/HOL/catalogs/lab/3787
Community vmware.com/go/cloudfoundation-community
FAQ vmware.com/go/cloudfoundation-faq
Twitter @VMWvCF
YouTube youtube.com/c/VMwareCloudFoundation

image

Attending VMworld?

If you want to learn more and you are attending VMworld EU then there a large number of sessions and Hands On Labs:

Wednesday Keynote HCI3728KE – Innovating Beyond HCI: How VMware is Driving the Next Data Center Revolution. Presented by Yanbing Li, John Gilmartin and Duncan Epping

Tuesday 6th November:

11:00 AM -12:00 PM PRV1101BE VxRack SDDC Technical Deep Dive
2:00PM – 3:00PM PRV1766BE Workload Automation in your VMware Cloud Foundation Based Private Cloud
2:00PM – 3:00 PM PRV1933BER VMware Cloud Foundation Architecture Deep Dive
3:30PM -4:30 PM PRV2121BE Composable Infrastructure Innovations: Cloud Foundation and HPE Synergy
5:00PM – 6:00PM PRV1765BE Advanced Operations for your VMware Cloud Foundation Based Private Cloud

Wednesday 7th November:

11:00 AM -12:00 PM PRV1101BE VxRack SDDC Technical Deep Dive
2:00PM – 3:00PM PRV1766BE Workload Automation in your VMware Cloud Foundation Based Private Cloud
2:00PM – 3:00 PM PRV1933BER VMware Cloud Foundation Architecture Deep Dive
3:30PM -4:30 PM PRV2121BE Composable Infrastructure Innovations: Cloud Foundation and HPE Synergy
5:00PM – 6:00PM PRV1765BE Advanced Operations for your VMware Cloud Foundation Based Private Cloud

Thursday 8th November:

9:00AM – 10:00AM PRV1459BE Strategies for Workload Mobility with VMware Cloud Foundation
10:30AM – 11:30AM PRV1429BE VMware Cloud Foundation Simplifies Disaster Protection
12:00PM – 1:00PM PRV1463BE Building the Ultimate Hybrid Cloud with VMware Cloud Foundation
3:00PM – 4:00PM PRV1669BE VMware Cloud Foundation Real-World Success with Professional Services
3:00PM – 4:00PM PRV1933BER VMware Cloud Foundation Architecture Deep Dive

Hands On Labs:

HOL-1946-01-SLN Modernize Infrastructure – Getting Started with VMware Cloud Foundation 3.0
SPL-1944-01-SLN_E Modernize Infrastructure – Getting started with VCF 3.0 (iSIM based)

Meet the Experts:

 

MONDAY, NOV 5
2:15 – 3:00 Table 5 PRV-5040 VMware SDDC architecture with expert Tom Harrington
3:15 – 4:00 Table 5 PRV-5036 Building a hybrid cloud with expert Heath Johnson
TUESDAY, NOV 6
1:15 – 2:00 Table 3 PRV-5037 NSX-T and PKS in VCF and VVD with expert Ryan Johnson
4:15 – 5:00 Table 5 PRV-5036 Building a hybrid cloud with expert Heath Johnson
4:15 – 5:00 Table 8 PRV-5039 VMware Cloud Foundation with expert Josh Townsend

 

 

WEDNESDAY, NOV 7
1:15 – 2:00 Table 3 PRV-5037 NSX-T and PKS in VCF and VVD with expert Ryan Johnson
5:15 – 6:00 Table 3 PRV-5040 VMware SDDC architecture with expert Tom Harrington
THURSDAY, NOV 8
9:15 – 10:00 Table 9 PRV-5037 NSX-T and PKS in VCF and VVD with expert Ryan Johnson
10:15 – 11:00 Table 8 PRV-5039 VMware Cloud Foundation with expert Josh Townsend


1 Comment

Why you should attend VMworld 2018

VMworld has something for everyone from those just learning about virtualisation to those who have been part of the industry for a number of years and are looking to those in depth sessions and discussions with the evangelists and guru’s of VMware plethora of offerings and solutions. If you haven’t yet booked your place then let me list some of the reasons I think you should attend as they are the reasons I try to attend every year:

  • On the Sunday of VMworld US the vBrownbag crew along with the VMUnderground crew are again running opening acts and then the VMUnderground party in the Evening (keep an eye out for tickets as these sell out very fast). The opening acts are always well attended and if you are a vExpert then it is a brilliant way to meet many others and if you are not then you can come and get motivated to submit by Ariel Sanchez. I blogged about my attending and being on a panel last year in my day 1 recap posting here (I’m the nerd in the blue VCDX shirt in the picture).

vbrownbag

  • My next reason is about the community again but this time the ability to network with like minded individuals at the bloggers tables, fellow vExperts, fellow VCDX at the VCDX townhall on the Saturday before VMworld and all those I hope to meet over lunch and at the vBrownbag TechTalks who are working in collaboration with the VMTN team to run the infamous TechTalks. If you have never heard of the TechTalks then a brief overview is below:
    • Tech Talks originated at VMworld 2012 where they provided an opportunity for community members, whose presentation submissions were not accepted into the main catalogue, to present the core of  a topic.  #TechTalks are a ten minute presentation by a community member for the benefit of the community. Since almost everyone working in technology has solved problems and learned something almost everyone could present a #TechTalk.  The format can be a slide deck or simply talking, they are usually about how to solve a problem or get the most out of a product. The TechTalk is captured on video and published on the vBrownBag YouTube channel.
    • If the conference Internet connection allows, the talk is also live streamed from the show.
    • #TechTalks are for community members to reach other community members, any topic that will help other people is good.  The one thing that TechTalks are not is an opportunity to present the corporate slide deck about a great product you would like us to buy.  #TechTalks are about up skilling and education, the only marketing should be from the TechTalk sponsors who help make the whole thing happen.
  • Next are the breakout sessions, group discussions and expert panels. The content catalog is packed with amazing sessions by some of the biggest names in the industry and those up and coming in the industry. I’m personally really looking forward to all of the VMware Cloud on AWS sessions as it bridges my existing knowledge and interest in VMware with my exponentially growing interest in AWS. The sessions are also recorded so if you can’t make it to a sessions due to a conflict then by registering for VMworld you get access to all the recorded sessions after the conference for you to watch in your own time.
  • My next reason are the VMware Hands-On Labs which cover all VMware technologies and allow you to play with the latest releases and offerings not just from VMware but also VMware partners. Alike to the sessions the hands on labs are available after the conference but I would recommend going to a few that really interest you (again I’ve allocated some walk trough’s of the VMConAWS solution) and then you can do the remaining ones after the conference. If however you really want to hit the labs hard then I know they normally give a free pass to next years VMworld to the top few people who have completed the most labs.
  • The solution exchange is my next reason as this is the perfect opportunity to speak to those vendors who are offering the latest solution that might save your business and team loads of money and or time and this is the perfect opportunity to speak to that vendor who might be offering the solution that will fix the issues your company is experiencing and take that knowledge back to your company and impress your management with how you’ve found a great solution and to prove that your going to VMworld was worth it and that they should send you again next year. I would be remise if I didn’t encourage you to go speak to Dell EMC and hear about their amazing offerings all the way through the stack as well as pre-packaged and validated solutions for SMB’s all the way to large enterprises.
  • If you are looking to obtain that next VMware certification or want to speak to the certification team about the performance of your latest VCAP-Deploy exam then there are loads of  VMware Certification opportunities. You can also book reduce cost exams at VMworld which I have personally never decided to do but loads of the community swear by it and due to the reduced cost it means if you unfortunately don’t make it then it isn’t that much of a dent to your pocket and lets you scope out the exam to better prepare for next time.
  • Last is the parties and due to the conferences being in Vegas and Barcelona you can imagine the amount of them there are and the amount of meet ups after the parties that happen.  There are parties for everyone so if you are looking for a chilled drinks evening then there are loads of opportunities for that and if you want to party all night (save some sleep to be able to attend the conference) then there are plenty of those as well. If you haven;t got a ticket to VMUnderground on Sunday then the Welcome Reception kicks off the conference experience with food, drinks, and networking in the Solutions Exchange. There are normally loads of announcements about the parties closer to the time so keep an eye out on social media as the parties fill up fast and remember the strip is big so unless you plan to uber it then getting to three parties in a night might not be possible. The VMworld party finishes off the conference on Wednesday night.

If you are looking to attend then sign up here  and make sure to come find me and say hi as well as I encourage you to attend the TechTalks which are due to be added to the content catalog very soon.

 

Gregg


1 Comment

VMworld Day 2 Recap

VMworld day 2 is always a good one for me personally as it’s the day you get the tech really spoken about and shown that has been announced at the show. If you missed my blog postings around some of the big announcements from day 1 then have a look below:

My day started with the keynote and again i watched it from the VMVillage in the bloggers area which I always enjoy as you can watch the keynote over the big screens but also sit with fellow vExpert bloggers. If you missed the keynote from either of the days then you can re-watch them here. One of the big announcements from the keynote was Pivotal Container Service, I was fortunate enough to be on a early access program where they went over the solution. It looks to be a really great solution and certainly has made me think I need to learn Kubernetes as I can see some amazing use cases for my customers.

imageimage

After the keynote I went and watched a bit of a vBrownbag session. The vBrownbag of which I am one of the team have been doing TechTalks all week and record the sessions as well as stream it live. I will certainly be watching these after the conference as there has been some amazing content and now that the sessions are in the content catalog we have been getting solid crowds all week with some being three people deep standing and watching due to all the seats being gone.

 

Next I attended VMware Cloud on AWS: An Architectural and Operational Deep Dive [LHC3174BU]-the session was really interesting although i was slightly disappointed that the session was more a walk through of how to build your SDDC rather than anything around architecture design which i found disappointing seeing as this was meant to be a deep dive.Also he stated he was engineer so there’s no demo it’s all screenshots. I took some notes from the session

  • Covered what AWSonVMC offers.
  • What organisations are and how these map across all VMware Cloud Services.
  • Covered the real requirement of ensuring you choose the correct CIDR block as this cannot be changed
  • vCenter permissions and the lock down required to ensure there were essentially a VMware owned Admin and a customer owned admin.

image1

  • Showed what the architecture is and what it uses from AWS to allow VMC
  • Hybrid linked mode explained

image4

  • Covered at a high level what provision management, remediation/troubleshooting, release coordination, auto-scaler, configuration management, telemetry and alerting service do

image3

  • Broke down the networking concepts – recommended watching/attending Ray Budavari’s session to learn much much more.
  • Walked through the flow of a failure of a host- covered all the players if what is required for VMware to fix the issues in an automated fashion.

image5

  • Covered how there is an SRE team to ensure the SaaS service works as it should (copy steps from picture)

image6

All these sessions make me feel you need to really learn AWS to a certain level so you understand what VPC’s are etc as a fair amount of people in the VMC sessions I’ve been to seem to struggle to understand the AWS side of the service.

Next I attended AWS Native Services Integration with VMware Cloud on AWS: Technical Deep Dive [LHC3376BUS]. – this sessions was really good and the live demo and technical depth was what i was hoping for from the previous session, Again I wrote down a bunch of notes from the session below and would highly recommend watching this session after the show

  • Nice to hear from the AWS side and what their side of the partnership is.
  • Integrations to things like S3, EC2, RDS, IAM,ACM,ELB, Route53, CloudFront,WAF, AWS Shield/Shield Advanced, Athena , QuickSight, Lambda, CodeDeploy
  • Covered the base topology

image1

  • Recommended reporting services like cloudwatch and cloudtrail, VMware are using these as well for part of their monitoring for you
  • Gave a use case and how to deliver the services for the fake company ACME distribution
  • Did a demo of building and running all the components required by ACME utilising VMC and AWS services.

After this I participated in a design studio UX session where we went through vRealize Lifecycle manager and gave feedback on what I liked and didn’t like and what i expected. I really enjoyed this as it was just me and the engineer and seeing as I’ve done vRA,vRO etc I was able to give some solid feedback from someone who knows the products and how to install them outside the usage of lifecycle manager. The engineer was very grateful which i always nice to be able to help.

Gregg


2 Comments

VMworld Day 1 recap

VMworld kicked off formally today and there were whole bunch of announcements and some awesome sessions and demo’s I was able to attend and blog about but firstly I would like to recap Saturday and Sunday’s activities so if you just want to hear about today then skip the paragraphs below and go straight to the Monday/Today heading.

Saturday:

I purposely flew in on Friday fro the UK so that i could attend the VCDX workshop and then the VCDX Town hall afterwards. The VCDX workshop and town hall were hosted at the cosmopolitan hotel and the workshop started off early at 7:30 am with some breakfast/desert seeing as it was coffee and donuts. If you don;t know what the VCDX workshop is it is a workshop for those thinking of going for the VCDX soon and is aimed to give those aiming for it valuable information and advice around the whole process, what to do and not to do in your preparations and during the defence and also to clear up some possible misconceptions and ideally show that obtaining the VCDX is achievable with hard work and dedication. I’ve blogged about this achievability as well as my personal opinion of doing it for the “right” reasons here https://thesaffageek.co.uk/2017/02/17/why-do-you-want-the-vcdx-accreditation/ . It was really great to see that a very large amount of the people attending the workshop felt it was something they wanted to attempt and felt it was more of a realistic target after the workshop.

After this was the VCDX town hall which is for current VCDX to speak with the VCDX certification team, have a chance to hear from Pat Gelsigner the CEO of VMware and three of the VMware CTO’s before some food and drinks. The town hall was really good and there were some very tough questions asked of the certification team around the direction of the program, how we could get the certification known more widely and aid those looking to obtain it. Chris Colotti wrote a really pointed but accurate posting around a fair few of the topics brought up by the existing VCDX as despite what many might think current VCDX do want more people to join the ranks. We then had the honour of Pat Gelsigner speaking to us and answering some of out questions. It was greatly appreciated that Pat would take time out of his very busy schedule to spend time with us and as always you could see his passion for technology shining through. Next was the CTO panel with Chris Wolf, Guido Appenzeller and Ray O’Farrell. The panel was brilliant and again the three CTO’s were extremely interested to hear for the VCDX crowd and be open and honest with their future plans. Lastly was the drinks and food where we got to socialise which was really nice to chat and joke with fellow VCDX and learn what they are up to and doing.

Sunday:

Sunday is customarily when Partner exchange happened and this year was no different. Even though I work for a partner in Dell EMC I decided to instead attend and support the VMunderground and vBrownbag opening acts. The opening acts are a community event where a number of panels are run discussing various topics by the community for the community. I was very honoured to have been asked to be part of the second of the three panels of the day around How Failing Made Me Better. The panel was very enjoyable to be on and the advice given from all of the people on the panel seemed to be well taken by the crowd. As always the opening acts allowed me to also chat with others from the community some who i have known for years and others i have only met recently. It certainly helped that it was hosted at the beerhaus.

Media preview

After opening acts I wandered off to the solutions exchange to talk to some vendors as well as grab some food and drinks that were on offer. The solutions exchange was buzzing as you would expect and I managed to get over to the Datrium booth and collect my vExpert gift of an arbuboy. I then made my way back to the new york new york hotel for the VMunderground party which was happening at the beerhaus where I got to chat to loads of the community and meet up with some old friends. The VMUnderground party is always one of my favourites due to it always being in a location where you can chat to people without it being too dark or too loud (yes i realise i sound like an old man). After VMUnderground i made my way back to my hotel due to my need to be on a work conference call this morning.

Monday/Today

The day started off with me ensuring all my scheduled blogs had posted as the NDA for a number of the announcements was 5am this morning. I then made my way to the convention centre and decided to watch the keynote from the VMVillage bloggers tables as I had a session straight after the keynote and I wanted to make sure I made it in adequate time. There were a number of announcements in the keynote but the ones that I feel were the best coincided with the ones i blogged about which were:

After the keynote I attended a VMware Design Studio UX design session around VMware Cloud on AWS. The feedback around the UX seemed to be really helpful to the team and one portion I found really great was the number of woman that were part of the various team from VMware which is brilliant and certainly inspiring for my daughters futures if they decide to pursue technology as a career.

 DIValENUIAEa6vR

Next I attended a session on VMware Cloud on AWS: Storage Deep Dive which was highly informative and gave some great overviews of not just VMC’s usage of vSAN in the current offering but also some possible future plans around Disaster Recovery, usage of various storage providers technologies, options for backup via partners like Dell EMC and growth abilities of the solution both outwards and upwards. When the recordings of the sessions come out I highly recommend watching this one. I really like the way VMC is heading and I think it will be a brilliant offering and product.

DIV5nklV4AAaels

After this I attended an invite only demo of VMware Cloud on AWS. The demo was highly informative and again I was left feeling really excited and enthused by the direction the offering is taking and the possibilities of it. When the partnership was first announced i was very unsure of how it would work and fit but I can certainly see the use cases and potential and now with VMware Cloud Services having been announced it means that you will be able to mange not just VMC but also Google Cloud Platform, Azure and your traditional vSphere environment in VMware Cloud Foundation.

image

 

The announcements have been really good and with today’s now released GA of Pivotal Container Service there are very exciting things coming from VMworld from VMware and their eco-system of partners.

Gregg


4 Comments

#NSX Announcements at #VMworld US

At todays VMworld US there are a number of NSX announcements as NSX grows it’s capabilities and features and raises the bar for SDN. Some of of the announcements at todays VMworld US conference in Las Vegas will be around a new version of NSX-T called NSX-T 2.0, VMware Cloud on AWS which provides a service that delivers a seamless extension for vSphere customers into AWS and NSX Secure Networking and the the ability for network virtualisation and security for native AWS workloads.

Firstly if you don’t know what NSX-T is then I would recommend you read the overview of it here or register for session NET1510BU . For version 2.0 there are a number of announcements, the high level  such as:

  • Cloud-Native App Frameworks
    • VMs and Containers
    • CNI Plugin Integration for Kubernetes (K8s) /Pivotal Cloud Foundry
    • NSX-T PaaS /CaaS Integration
      • NSX integration with Kubernetes
      • NSX Container Plugin (NCP) for integration with PaaS with NSX Manager
      • Native Container Networking:
        • IP address per container / POD
        • Container Network integration with DC network via routing and BGP
        • Micro-segmentation – inter project and intra project isolation
        • Network and Security Automation – created as part of app deployment
        • Multi-tenant network topologies
        • Multiple Containers (PODs for K8s) in a VM (Container Host)
        • Support for vSphere and KVM

For VMware cloud on AWS there is an extensive amount of announcements and features about the service but for NSX in particular it is about centralised management, comprehensive visibility and enterprise-class security

  • Discovery
    • Visibility into apps and resources they consume
    • Analyse usage and utilisation across clouds
    • Possible with AWS (Native), Azure (Compute) and Private Cloud (vSphere)
  • Cost Insight
    • Accounting and cost optimisation for multiple clouds
    • Track and analyse your costs and trends
    • Possible with AWS (Native), Azure (Compute) and Private Cloud (vSphere)
  • Network Insight
    • Operational visibility, control and compliance across clouds
    • Optimise performance, health and availability
    • Possible with AWS (Native) and Private Cloud (vSphere)
  • Secure Networking
    • Secure networks with micro-segmentation
    • Create private networks within or across clouds
    • Possible with AWS (Native)

For NSX Secure Networking

  • On-Prem Automation and Networking & Security
    • Multi-domain networking
    • Automation with OpenStack
    • Micro-segmentation
    • Consistent and scalable micro segmentation security – unified policy management across multiple public clouds
    • Precise control over cloud networking topologies, traffic flows, IP addressing and protocols
    • Standard network data works with existing Day 2 operations tools and processes

If you are looking for some top sessions around these announcements then the following top 10 networking and security sessions should be a great fit:

  • Transforming networking and security for the digital era – TS7003KU –Tuesday August 29,12:30pm – 13:30 pm
  • Use virtualization to secure application infrastructure – SAI3237SU – Monday August 28,11am – 12pm
  • Why networking is at the heart of digital transformation – NET3235SU – Monday August 28,1pm – 2pm
  • NSX everywhere: The network bridge for on premises, private, and native public clouds – NET3236SU – Monday August 28,4pm – 5pm
  • Introduction to VMware NSX – NET1152BU – Monday August 28,4pm – 5pm
  • Application security reviews made easy with VMware latest security solution – SAI2895BU – Tuesday August 29,4pm – 5pm
  • The NSX practical path – NET3282BU – Monday August 28,2:30pm – 3:30pm
  • When clouds collide, lightning strikes – NET3282BU – Wednesday August 30, 1pm – 2pm
  • The future of networking and security with NSX-T – NET1821BU – Tuesday August 29, 11:30am –12:30pm
  • Container networking with NSX-T overview – NET1521GU – Monday August 28, 1pm – 2pm

Gregg


3 Comments

VMware AppDefense Announced at #VMworld US

At todays VMworld US there are a number of announcements coming out but one of the big ones in my opinion is the announcement of VMware AppDefense.

AppDefense provides an number of features, notably:

  • Application Control: Comprehensive view/grouping of VMs in the datacenter, their intended state and allowed behaviour
  • Runtime anomaly detection and response: Monitor the real time state of the OS and user applications – alert and control process, network, and kernel events
  • Process Analysis: Built-in process analysis engine gives overall process maliciousness as well as specific traits that are potentially suspicious
  • Orchestrate Remediation: Our infrastructure reach provides a more effective way to orchestrate remediation during a security incident

image

Application Scope

  • Security Team View of Intended Application State
  • Security-team owned viewpoint of application infrastructure
  • Provides a lens to evaluate runtime behaviour against known good
  • An abstraction to validate and audit the placement of security policy

image

 

Attesting Runtime Behaviour

  • Writing Rules to Inspect Validate Endpoint Processes and Network Connectivity
  • Enforce behaviour by blocking activity or audit/alerting
  • Evaluate a number of endpoint events from a trusted location:
    • Process network activity (inbound/outbound)
    • Process activity
    • OS Kernel
    • Virtual Enclave

image

 

Built-In Process Analysis

  • Deep Level In-Memory Analysis of Process Capability to Provide Detail on Anomalies
  • Evaluate the in-memory state of a process before/after anomalies are recognized
  • Does not rely on signatures or hashes at all
  • Provides overall risk score and individual traits within the process

image

 

Orchestrating Remediation

  • Blocking Behaviour or Responding on Alarms Through Virtual Infrastructure
  • Each rule can be associated with a recommended remediation workflow
  • Alerts integrate with standard SIEM tools and other notification methods
  • Enforcement can be automated or manual
  • Leverages the mutability of the virtual infrastructure (ESX layer and NSX security policy)

image

AppDefense Architecture

image

 

I’m really looking forward to learning more about AppDefense and seeing how it can fit my customers needs.

Gregg