Catch Me If You CanOutrunning Environmental Adversity with Intelligence at all layers of the OSI Model

Introductions• Merlin Glynn mglynn@pivotal.io• Sean Keery skeery@pivotal.io• Keith Strini kstrini@pivotal.io• Special Shout out to Raymond

Lee (BDS Team)

What if we could improve performance

& respond to environmental adversity?

APT - A set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity.DDOS – an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet

Spectrum of cyber vulnerability from DDOS to APT

Quality of serviceThe overall performance of a computer network, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as error rates, bit rate, throughput, transmission delay, availability, jitter, etc.

• Bosh• CF• SDN

DSL

Agents:Actual State

Strategy: Desired

State

Dynamic Analysis

Environment

Models

Goals(SLA)

Predictions(Metrics)

DSL Library Learning

What this Continuous Improvement over Environmental Adversity looks like..…

adaptation

responsesDSLDSL

DSLDSLDSL

Realize<<no-outage>><<predictive>>

<<reliable>>

Project Environment

Use Cases for Demo• DDOS -> Recognize foreign IP/Add ACL via NSX Rest API• QoS -> Detect network throughput deficiency/Add 1 .. N

routes• APT -> Recognize foreign IP+Load/Alert Forensics Team

Spin up new CF foundation/subnet/data subnet access

Add new routeRemove forensic routeShutdown data subnet access from forensic

foundation Goal: uninterrupted production traffic/UX

• DDIL -> Detect network throughput/Identify best cell net throughput

Move highest priority workloads to cellAdd additional service chaining IAW

compliancy outlines to edgeAdd 1..n routes

Where do we go from here ….• Ways to evaluate each

deployment• Utilize the inherent abilities of

the distributed architecture• Machine learning where each

distributed component maintains state, manages itself

In Conclusion…Why Now?• The cyber vulnerability problem is

imminent• The operations, networking and

development teams are finally becoming cohesive units

• The capacity to process, interpret and act upon petascale data on any IaaS

• All of this is can already be built into the very core of the foundation now – (Diego abstractions, SDN API, Predictive

and ML, Streams, Bosh-Enaml).

enaml.pezapp.io