SlideShare une entreprise Scribd logo

Automating Network Firewall Rule Creation using Powershell and CI/CD

Télécharger en tant que PPTX, PDF
Nills Franssens
Nills Franssens

Presentation for SANS Cloud Security Summit. Topic: Network security automation Managing firewall rules is a complex task. During this talk, we'll discuss one way to automate the creation and management of those firewall rules using PowerShell and a continuous integration and deployment (CI/CD) pipeline. The basis of the presentation is an actual customer implementation of this end-to-end process. We will discuss the requirements for the solution and how this solution was developed and has grown from proof of concept to production. Although the implementation is Azure-specific, the talk will be abstracted to showcase the feasibility of this approach across multiple clouds. Demos presented during the talk will showcase the PowerShell script and then the end-to-end workflow using Azure DevOps.

Technologie
1  sur  13
Runner Belgian in the US Cloud Solution Architect @ Microsoft • Infrastructure • Networking • Open Source
DDoS protection Identity management Network security Application security Encryption
All major cloud providers offer a native L3/L4 firewall capability (Security Group) A set of network security rules to allow/deny network traffic into/out of instances • ~Like ACLs • Instance tagging – security groups • Stateful • An object Differences • AWS has 2 implementations: security groups and network ACL (stateless) • Azure allows IP-based and security group based rules mixed • Assigned to different levels: AWS is instance level, Azure is instance or subnet level, GCP is VPC level
Organic cloud adoption  structured cloud adoption Security review Micro- segmentation Catalyst: new customer- facing application coming live
Human error. What if we needed to do it all over again? What if this needs to repeated for a second region? We only had half a day to do this right.
We needed to decide Highly parallel Single API call Source code
Automation in step 1 in a DevOps Lifecycle. DevOps is the union of people, process, and products to enable continuous delivery of value to your end users. “ ” Build & Test Continuous Delivery Deploy Operate Monitor & Learn Plan & Track Develop
Read CSV input unsorted Creates per- subnet rules- hashtable Generates per-subnet IaC artifact Validates IaC artifact
Implemented 500 firewall rules in half a day Flexible way to adapt firewall rules afterwards Security review built-in to process Standard format for developers to request firewall changes Happy customer
https://github.com/NillsF/NSG-CSV-to-ARM

Recommandé

Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
MuleSoft
 
Api-First service design
Api-First service designApi-First service design
Api-First service design
Stefaan Ponnet
 
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Amazon Web Services
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
 
Messaging Systems on AWS
Messaging Systems on AWSMessaging Systems on AWS
Messaging Systems on AWS
Amazon Web Services
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and Guidelines
WSO2
 
Kafka: Uma introdução para Desenvolvedores e Arquitetos
Kafka: Uma introdução para Desenvolvedores e Arquitetos Kafka: Uma introdução para Desenvolvedores e Arquitetos
Kafka: Uma introdução para Desenvolvedores e Arquitetos
Victor Osorio
 

Recommandé

Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
MuleSoft
 
Api-First service design
Api-First service designApi-First service design
Api-First service design
Stefaan Ponnet
 
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Amazon Web Services
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
 
Messaging Systems on AWS
Messaging Systems on AWSMessaging Systems on AWS
Messaging Systems on AWS
Amazon Web Services
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and Guidelines
WSO2
 
Kafka: Uma introdução para Desenvolvedores e Arquitetos
Kafka: Uma introdução para Desenvolvedores e Arquitetos Kafka: Uma introdução para Desenvolvedores e Arquitetos
Kafka: Uma introdução para Desenvolvedores e Arquitetos
Victor Osorio
 
Awskrug AWS SNS, SQS, and SES
Awskrug AWS SNS, SQS, and SESAwskrug AWS SNS, SQS, and SES
Awskrug AWS SNS, SQS, and SES
JungHakLee4
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API Security
Prabath Siriwardena
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management
WSO2
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
Joonas Westlin
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
ForgeRock
 
Running Microservices on AWS Elastic Beanstalk
Running Microservices on AWS Elastic BeanstalkRunning Microservices on AWS Elastic Beanstalk
Running Microservices on AWS Elastic Beanstalk
Amazon Web Services
 
Intro to AsyncAPI
Intro to AsyncAPIIntro to AsyncAPI
Intro to AsyncAPI
confluent
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
Erik Paulsson
 
AWS IAM
AWS IAMAWS IAM
AWS IAM
Diego Pacheco
 
(STG401) Amazon S3 Deep Dive & Best Practices
(STG401) Amazon S3 Deep Dive & Best Practices(STG401) Amazon S3 Deep Dive & Best Practices
(STG401) Amazon S3 Deep Dive & Best Practices
Amazon Web Services
 
Microservices architecture overview v3
Microservices architecture overview v3Microservices architecture overview v3
Microservices architecture overview v3
Dmitry Skaredov
 
Amazon OpenSearch Service
Amazon OpenSearch ServiceAmazon OpenSearch Service
Amazon OpenSearch Service
Elif Nurber Karakaş
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
Daniel Toomey
 
Istio
Istio Istio
Istio
Arun prasath
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Shiu-Fun Poon
 
Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxSecure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptx
Yitao Cen
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
xKinAnx
 
Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Source
aspyker
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 

Contenu connexe

Tendances

Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 

Tendances (20)

Awskrug AWS SNS, SQS, and SES
Awskrug AWS SNS, SQS, and SESAwskrug AWS SNS, SQS, and SES
Awskrug AWS SNS, SQS, and SES
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API Security
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
 
Running Microservices on AWS Elastic Beanstalk
Running Microservices on AWS Elastic BeanstalkRunning Microservices on AWS Elastic Beanstalk
Running Microservices on AWS Elastic Beanstalk
 
Intro to AsyncAPI
Intro to AsyncAPIIntro to AsyncAPI
Intro to AsyncAPI
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 
AWS IAM
AWS IAMAWS IAM
AWS IAM
 
(STG401) Amazon S3 Deep Dive & Best Practices
(STG401) Amazon S3 Deep Dive & Best Practices(STG401) Amazon S3 Deep Dive & Best Practices
(STG401) Amazon S3 Deep Dive & Best Practices
 
Microservices architecture overview v3
Microservices architecture overview v3Microservices architecture overview v3
Microservices architecture overview v3
 
Amazon OpenSearch Service
Amazon OpenSearch ServiceAmazon OpenSearch Service
Amazon OpenSearch Service
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
 
Istio
Istio Istio
Istio
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxSecure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptx
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
 

Similaire à Automating Network Firewall Rule Creation using Powershell and CI/CD

A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
Shikha Srivastava
 

Similaire à Automating Network Firewall Rule Creation using Powershell and CI/CD (20)

Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Source
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Microservices with Azure Service Fabric
Microservices with Azure Service FabricMicroservices with Azure Service Fabric
Microservices with Azure Service Fabric
 
How to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructuresHow to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructures
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Service fabric and azure service fabric mesh
Service fabric and azure service fabric meshService fabric and azure service fabric mesh
Service fabric and azure service fabric mesh
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud Platform
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
 
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxBSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
 

Plus de Nills Franssens

Plus de Nills Franssens (8)

Gentle introduction to containers and kubernetes
Gentle introduction to containers and kubernetesGentle introduction to containers and kubernetes
Gentle introduction to containers and kubernetes
 
Automation - Azure training day Cloud security and governance
Automation - Azure training day Cloud security and governanceAutomation - Azure training day Cloud security and governance
Automation - Azure training day Cloud security and governance
 
Containers and Kubernetes
Containers and KubernetesContainers and Kubernetes
Containers and Kubernetes
 
Nodeless and serverless kubernetes
Nodeless and serverless kubernetesNodeless and serverless kubernetes
Nodeless and serverless kubernetes
 
Bay Area Azure Meetup - Ignite update session
Bay Area Azure Meetup - Ignite update sessionBay Area Azure Meetup - Ignite update session
Bay Area Azure Meetup - Ignite update session
 
Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.
 
The container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityThe container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivity
 
My most complex ARM template - Story from the trenches
My most complex ARM template - Story from the trenchesMy most complex ARM template - Story from the trenches
My most complex ARM template - Story from the trenches
 

Dernier

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Automating Network Firewall Rule Creation using Powershell and CI/CD

  • 1.
  • 2. Runner Belgian in the US Cloud Solution Architect @ Microsoft • Infrastructure • Networking • Open Source
  • 4. All major cloud providers offer a native L3/L4 firewall capability (Security Group) A set of network security rules to allow/deny network traffic into/out of instances • ~Like ACLs • Instance tagging – security groups • Stateful • An object Differences • AWS has 2 implementations: security groups and network ACL (stateless) • Azure allows IP-based and security group based rules mixed • Assigned to different levels: AWS is instance level, Azure is instance or subnet level, GCP is VPC level
  • 5. Organic cloud adoption  structured cloud adoption Security review Micro- segmentation Catalyst: new customer- facing application coming live
  • 6. Human error. What if we needed to do it all over again? What if this needs to repeated for a second region? We only had half a day to do this right.
  • 7. We needed to decide Highly parallel Single API call Source code
  • 8. Automation in step 1 in a DevOps Lifecycle. DevOps is the union of people, process, and products to enable continuous delivery of value to your end users. “ ” Build & Test Continuous Delivery Deploy Operate Monitor & Learn Plan & Track Develop
  • 9.
  • 10. Read CSV input unsorted Creates per- subnet rules- hashtable Generates per-subnet IaC artifact Validates IaC artifact
  • 11.
  • 12. Implemented 500 firewall rules in half a day Flexible way to adapt firewall rules afterwards Security review built-in to process Standard format for developers to request firewall changes Happy customer

Notes de l'éditeur

  1. DevOps is the union of people, process and products to enable the continuous delivery of value to your end customers