Security
SAP Business Technology Platform - Sicherheit und Berechtigungen
SAP in der Cloud? Aber sicher! Dieses Buch führt Sie in die Sicherheitsmechanismen der SAP Business Technology Platform (vormals SAP Cloud Platform) ein. Sie lernen, Benutzer und Berechtigungen für Ihre Szenarien einzurichten, sichere Verbindungen zu Cloud- und On-Premise-Systemen zu konfigurieren und mit den Administrationstools der Plattform zu arbeiten. Die Sicherheitsfunktionen sowohl der Neo- als auch der Cloud-Foundry-Umgebung werden umfassend vorgestellt. Aus dem Inhalt: Accounts und SpacesSichere KommunikationIdentity ProviderSAP Cloud Identity ServicesBenutzer, Rollen und BerechtigungenCloud ConnectorAPIs absichernAdministration per KommandozeileChecklisten und Praxisbeispiele Einleitung ... 13 1. Einführung in die SAP Business Technology Platform ... 17 1.1 ... Positionierung der SAP Business Technology Platform innerhalb der SAP-Strategie ... 18 1.2 ... Umgebungen der SAP Business Technology Platform ... 27 1.3 ... Architektur der SAP BTP ... 37 2. Sicherheit auf der SAP Business Technology Platform im Überblick ... 53 2.1 ... Sichere Kommunikation ... 53 2.2 ... Authentifizierung ... 63 2.3 ... Autorisierung ... 76 2.4 ... SAP Cloud Identity Services ... 79 2.5 ... SAP Cloud Identity Access Governance ... 120 2.6 ... Checkliste zur allgemeinen Sicherheit der SAP Business Technology Platform ... 122 3. Sicherheit und Berechtigungen in der Neo-Umgebung konfigurieren ... 125 3.1 ... Kommandozeile für die Neo-Umgebung einrichten ... 126 3.2 ... Benutzerverwaltung ... 129 3.3 ... Trust-Konfiguration ... 137 3.4 ... Berechtigungsverwaltung ... 148 3.5 ... Checkliste zu Sicherheit und Berechtigungen in der Neo-Umgebung ... 167 3.6 ... Beispiele für die Benutzer- und Berechtigungsverwaltung aus der Praxis ... 168 4. Sicherheit und Berechtigungen in der Cloud-Foundry-Umgebung konfigurieren ... 191 4.1 ... Kommandozeile für die Cloud-Foundry-Umgebung einrichten ... 193 4.2 ... Benutzerverwaltung ... 195 4.3 ... Trust-Konfiguration ... 198 4.4 ... Berechtigungsverwaltung ... 203 4.5 ... Checkliste zu Sicherheit und Berechtigungen in der Cloud-Foundry-Umgebung ... 217 4.6 ... Beispiele für die Benutzer- und Berechtigungsverwaltung aus der Praxis ... 219 5. Cloud Connector ... 239 5.1 ... Architektur ... 240 5.2 ... Installation und Konfiguration des Cloud Connectors ... 244 5.3 ... Authentifizierungsmethoden ... 256 5.4 ... Cloud-zu-on-Premise-Verbindungen ... 258 5.5 ... Einrichtung des SAP Destination Service ... 276 5.6 ... Checkliste für die Konfiguration des Cloud Connectors ... 281 5.7 ... Beispiele zur sicheren Konfiguration des Cloud Connectors in der Praxis ... 282 6. Administrationswerkzeuge der SAP Business Technology Platform ... 299 6.1 ... Administration der Neo-Umgebung über die Kommandozeile ... 300 6.2 ... Verwaltung des Global Accounts mit dem SAP BTP Command Line Interface ... 303 6.3 ... Administration über APIs ... 305 6.4 ... Checkliste zur Arbeit mit der Kommandozeile und APIs ... 331 6.5 ... Beispiele zur sicheren Verwendung der Kommandozeile ... 331 7. Sicherheitsaspekte wichtiger Cloud-Services ... 339 7.1 ... SAP Web IDE und SAP Business Application Studio ... 341 7.2 ... SAP Cloud Integration ... 348 7.3 ... SAP API Management ... 362 7.4 ... SAP Cloud Portal Service und SAP Launchpad Service ... 366 7.5 ... SAP Internet of Things ... 371 7.6 ... SAP BTP, ABAP Environment ... 375 7.7 ... Corporate User Store ... 380 7.8 ... Checkliste zur Absicherung von Cloud-Services ... 383 Das Autorenteam ... 385 Index ... 387
The Definitive Guide to Conversational AI with Dialogflow and Google Cloud
Build enterprise chatbots for web, social media, voice assistants, IoT, and telephony contact centers with Google's Dialogflow conversational AI technology. This book will explain how to get started with conversational AI using Google and how enterprise users can use Dialogflow as part of Google Cloud. It will cover the core concepts such as Dialogflow essentials, deploying chatbots on web and social media channels, and building voice agents including advanced tips and tricks such as intents, entities, and working with context.The Definitive Guide to Conversational AI with Dialogflow and Google Cloud also explains how to build multilingual chatbots, orchestrate sub chatbots into a bigger conversational platform, use virtual agent analytics with popular tools, such as BigQuery or Chatbase, and build voice bots. It concludes with coverage of more advanced use cases, such as building fulfillment functionality, building your own integrations, securing your chatbots, and building your own voice platform with the Dialogflow SDK and other Google Cloud machine learning APIs.After reading this book, you will understand how to build cross-channel enterprise bots with popular Google tools such as Dialogflow, Google Cloud AI, Cloud Run, Cloud Functions, and Chatbase.WHAT YOU WILL LEARN* Discover Dialogflow, Dialogflow Essentials, Dialogflow CX, and how machine learning is used* Create Dialogflow projects for individuals and enterprise usage* Work with Dialogflow essential concepts such as intents, entities, custom entities, system entities, composites, and how to track context* Build bots quickly using prebuilt agents, small talk modules, and FAQ knowledge bases* Use Dialogflow for an out-of-the-box agent review* Deploy text conversational UIs for web and social media channels* Build voice agents for voice assistants, phone gateways, and contact centers* Create multilingual chatbots* Orchestrate many sub-chatbots to build a bigger conversational platform* Use chatbot analytics and test the quality of your Dialogflow agent* See the new Dialogflow CX concepts, how Dialogflow CX fits in, and what’s different in Dialogflow CXWHO THIS BOOK IS FOREveryone interested in building chatbots for web, social media, voice assistants, or contact centers using Google’s conversational AI/cloud technology.Lee Boonstra is a senior developer advocate at Google working with conversational AI. In this role she focuses on Dialogflow, Contact Center AI and speech technology. Lee is based in Amsterdam, the Netherlands, where she has been working with different technologies over the past 15 years, ranging from web/mobile, Ext JS, Sencha Touch, and Node.js, to conversational AI, Dialogflow, Actions on Google and Contact Centers.Over the years she has helped many brands and enterprises to build and deploy conversational AI solutions (chatbots and voice assistants) at enterprise scale. She’s worn different hats from engineer to technical trainer to sales engineer to developer advocate. Prior to Google, Lee worked at Sencha Inc.You can find Lee on online via the Twitter handle: @ladysign.CHAPTER 1: INTRODUCTION TO CONVERSATIONAL AIWhy do some chatbots fail?Machine learning simply explainedChatbots and machine learningMachine learning and GoogleAbout DialogflowDialogflow essentials & Dialogflow CXAbout Google CloudAbout Contact Center AIOther Google conversational AI productsActions on Google / Action BuilderAdLingoChatbaseDuplexMeenaSummaryReferenceCHAPTER 2: GETTING STARTED WITH DIALOGFLOW ESSENTIALSCreating a Dialogflow agentCreating Dialogflow agents for enterprisesConfiguring your Dialogflow projectSummaryReferenceCHAPTER 3: DIALOGFLOW ESSENTIALS CONCEPTSSetting up intentsCreating custom entitiesCreating intents with entities in training phrasesKeeping contextTesting in the simulatorSummaryReferenceCHAPTER 4: BUILDING CHATBOTS WITH TEMPLATESCreating prebuilt agentsEnabling small talk modulesCreating a FAQ knowledge baseSummaryReferenceCHAPTER 5: REVIEWING YOUR AGENTValidating your Dialogflow agentSummaryReferenceCHAPTER 6: DEPLOYING YOUR CHATBOT TO WEB & SOCIAL MEDIA CHANNELSIntegrating your agent with Google ChatIntegrating your agent with a web demoIntegrating your agent with a Dialogflow MessengerSummaryReferenceCHAPTER 7: BUILDING VOICE AGENTSBuilding a voice AI for a virtual assistant like the Google AssistantBuilding a callbot with a phone gatewayBuilding bots for contact centers with Contact Center AIImproving speech qualityFine tuning voice bots with SSMLSummaryReferenceCHAPTER 8: CREATING A MULTILINGUAL CHATBOTBuilding multilingual chatbotsSummaryReferenceCHAPTER 9: ORCHESTRATE MULTIPLE SUB CHATBOTS FROM ONE CHAT INTERFACECreating a mega agentSummaryReferenceCHAPTER 10: CREATING FULFILLMENT WEBHOOKSBuilding a fulfillment with the built-in editorBuilding webhook fulfillmentsBuilding multilingual webhook fulfillmentsUsing local webhooksSecuring webhooksSummaryReferenceCHAPTER 11: CREATING A CUSTOM INTEGRATION WITH THE DIALOGFLOW SDKImplementing a custom chatbot in your website front-endCreating rich responses in your chatbot integrationUsing markdown syntax & conditional templates in in your Dialogflow responsesSummaryReferenceCHAPTER 12: IMPLEMENTING A DIALOGFLOW VOICE AGENT IN YOUR WEBSITE OR APP USING THE SDKBuilding a client-side web application which streams audio from a browser microphone to a serverBuilding a web server which receives a browser microphone stream to detect intentsRetrieving audio results from Dialogflow and play it in your browserSummaryReferenceCHAPTER 13: COLLECTING & MONITORING ADVANCED AGENT INSIGHTSCapturing conversation related metrics to store in BigQuerySession IdDate / time stampSentiment scoreLanguage & keywordPlatformIntent detectionBuilding a platform for capturing conversation related metrics and redact sensitive informationDetecting user sentimentMonitoring chat session & funnel metrics with Dialogflow , Chatbase or Actions on GoogleTotal UsageThe number of requests the intent was matched to and the percentage of all users that matched the intent.Completion Rate & Drop off Rate / Drop off PlaceUser retentionEndpoint healthDiscoveryDialogflow Built-in AnalyticsMonitoring metrics with ChatbaseAnalytics on Actions on GoogleCapturing chatbot model health metrics for testing the underlying NLU model qualityTrue positive - A correctly matched intentFalse positive - A misunderstood requestTrue negative - An unsupported requestFalse negative - A missed requestAccuracyPrecisionRecall & falloutF1 scoreConfusion matrixROC curveImprove the Dialogflow NLU model with built-in trainingSummaryReference
Cloud Native Security
EXPLORE THE LATEST AND MOST COMPREHENSIVE GUIDE TO SECURING YOUR CLOUD NATIVE TECHNOLOGY STACKCloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates.The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You'll also learn about:* Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines* Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates* Securing the most popular container orchestrator, Kubernetes* Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policiesPerfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.CHRIS BINNIE is a Technical Consultant who has worked for almost 25 years with critical Linux systems in banking and government, both on-premise and in the cloud. He has written two Linux books, has written for Linux and ADMIN magazines and has five years of experience in DevOps security consultancy roles.RORY MCCUNE has over 20 years of experience in the Information and IT security arenas. His professional focus is on container, cloud, and application security and he is an author of the CIS Benchmarks for Docker and Kubernetes and has authored and delivered container security training at conferences around the world.Introduction xixPART I CONTAINER AND ORCHESTRATOR SECURITY 1CHAPTER 1 WHAT IS A CONTAINER? 3Common Misconceptions 4Container Components 6Kernel Capabilities 7Other Containers 13Summary 14CHAPTER 2 ROOTLESS RUNTIMES 17Docker Rootless Mode 18Installing Rootless Mode 20Running Rootless Podman 25Setting Up Podman 26Summary 31CHAPTER 3 CONTAINER RUNTIME PROTECTION 33Running Falco 34Configuring Rules 38Changing Rules 39Macros 41Lists 41Getting Your Priorities Right 41Tagging Rulesets 42Outputting Alerts 42Summary 43CHAPTER 4 FORENSIC LOGGING 45Things to Consider 46Salient Files 47Breaking the Rules 49Key Commands 52The Rules 52Parsing Rules 54Monitoring 58Ordering and Performance 62Summary 63CHAPTER 5 KUBERNETES VULNERABILITIES 65Mini Kubernetes 66Options for Using kube-hunter 68Deployment Methods 68Scanning Approaches 69Hunting Modes 69Container Deployment 70Inside Cluster Tests 71Minikube vs. kube-hunter 74Getting a List of Tests 76Summary 77CHAPTER 6 CONTAINER IMAGE CVES 79Understanding CVEs 80Trivy 82Getting Started 83Exploring Anchore 88Clair 96Secure Registries 97Summary 101PART II DEVSECOPS TOOLING 103CHAPTER 7 BASELINE SCANNING (OR, ZAP YOUR APPS) 105Where to Find ZAP 106Baseline Scanning 107Scanning Nmap’s Host 113Adding Regular Expressions 114Summary 116CHAPTER 8 CODIFYING SECURITY 117Security Tooling 117Installation 118Simple Tests 122Example Attack Files 124Summary 127CHAPTER 9 KUBERNETES COMPLIANCE 129Mini Kubernetes 130Using kube-bench 133Troubleshooting 138Automation 139Summary 140CHAPTER 10 SECURING YOUR GIT REPOSITORIES 141Things to Consider 142Installing and Running Gitleaks 144Installing and Running GitRob 149Summary 151CHAPTER 11 AUTOMATED HOST SECURITY 153Machine Images 155Idempotency 156Secure Shell Example 158Kernel Changes 162Summary 163CHAPTER 12 SERVER SCANNING WITH NIKTO 165Things to Consider 165Installation 166Scanning a Second Host 170Running Options 171Command-Line Options 172Evasion Techniques 172The Main Nikto Configuration File 175Summary 176PART III CLOUD SECURITY 177CHAPTER 13 MONITORING CLOUD OPERATIONS 179Host Dashboarding with NetData 180Installing Netdata 180Host Installation 180Container Installation 183Collectors 186Uninstalling Host Packages 186Cloud Platform Interrogation with Komiser 186Installation Options 190Summary 191CHAPTER 14 CLOUD GUARDIANSHIP 193Installing Cloud Custodian 193Wrapper Installation 194Python Installation 195EC2 Interaction 196More Complex Policies 201IAM Policies 202S3 Data at Rest 202Generating Alerts 203Summary 205CHAPTER 15 CLOUD AUDITING 207Runtime, Host, and Cloud Testing with Lunar 207Installing to a Bash Default Shell 209Execution 209Cloud Auditing Against Benchmarks 213AWS Auditing with Cloud Reports 215Generating Reports 217EC2 Auditing 219CIS Benchmarks and AWS Auditing with Prowler 220Summary 223CHAPTER 16 AWS CLOUD STORAGE 225Buckets 226Native Security Settings 229Automated S3 Attacks 231Storage Hunting 234Summary 236PART IV ADVANCED KUBERNETES AND RUNTIME SECURITY 239CHAPTER 17 KUBERNETES EXTERNAL ATTACKS 241The Kubernetes Network Footprint 242Attacking the API Server 243API Server Information Discovery 243Avoiding API Server Information Disclosure 244Exploiting Misconfigured API Servers 245Preventing Unauthenticated Access to the API Server 246Attacking etcd 246etcd Information Discovery 246Exploiting Misconfigured etcd Servers 246Preventing Unauthorized etcd Access 247Attacking the Kubelet 248Kubelet Information Discovery 248Exploiting Misconfigured Kubelets 249Preventing Unauthenticated Kubelet Access 250Summary 250CHAPTER 18 KUBERNETES AUTHORIZATION WITH RBAC 251Kubernetes Authorization Mechanisms 251RBAC Overview 252RBAC Gotchas 253Avoid the cluster-admin Role 253Built-In Users and Groups Can Be Dangerous 254Read-Only Can Be Dangerous 254Create Pod is Dangerous 256Kubernetes Rights Can Be Transient 257Other Dangerous Objects 258Auditing RBAC 258Using kubectl 258Additional Tooling 259Rakkess 259kubectl-who-can 261Rback 261Summary 262CHAPTER 19 NETWORK HARDENING 265Container Network Overview 265Node IP Addresses 266Pod IP Addresses 266Service IP Addresses 267Restricting Traffic in Kubernetes Clusters 267Setting Up a Cluster with Network Policies 268Getting Started 268Allowing Access 271Egress Restrictions 273Network Policy Restrictions 274CNI Network Policy Extensions 275Cilium 275Calico 276Summary 278CHAPTER 20 WORKLOAD HARDENING 279Using Security Context in Manifests 279General Approach 280allowPrivilegeEscalation 280Capabilities 281privileged 283readOnlyRootFilesystem 283seccompProfile 283Mandatory Workload Security 285Pod Security Standards 285PodSecurityPolicy 286Setting Up PSPs 286Setting Up PSPs 288PSPs and RBAC 289PSP Alternatives 291Open Policy Agent 292Installation 292Enforcement Actions 295Kyverno 295Installation 296Operation 296Summary 298Index 299
Running Microsoft Workloads on AWS
Did you know that Amazon Web Services runs nearly double the amount of Microsoft Workloads in the cloud than any other provider?RUNNING MICROSOFT WORKLOADS IN AWS is your single-source solution for learning the best practice skills and guidance that AWS consultants offer their customers in the field. Over 70% of enterprise workloads are based on Microsoft technologies and AWS has been running these technologies in the AWS Cloud for more than 12 years—far longer than Microsoft’s own Azure cloud platform.This book introduces AWS foundations and compares them to traditional Microsoft architectures, showing you how to design your AWS Cloud platform to run your current Microsoft solutions. It covers the crucial area of identity and access control, showing how to implement Active Directory inside the AWS platform and the most secure ways of enabling Single Sign On from your own data centers and from Microsoft AzureAD.The book goes in-depth and shows how developers across the globe are using their existing .NET skills to develop directly on top of AWS, using current AWS development services such as AWS Code Pipeline, AWS Code Build, and AWS Code Deploy to create the next generation of cloud-native applications using the most popular cloud serverless service—AWS Lambda.WHAT YOU WILL LEARN* Be familiar with the basic building blocks of AWS and how the terminology differs from your own data center and Microsoft Azure* Understand Amazon Machine Images (AMI) strategies and solutions to best manage the trade-off between speed and manageability* Run one of the most popular Microsoft products: SQL Server on AWS* Be aware of the different database architecture designs for using Amazon RDS and Amazon EC2* Read an overview of Serverless Development in the AWS cloud from a Microsoft .NET perspective* Know migration strategies for moving your Microsoft Workloads to the AWS CloudWHO THIS BOOK IS FORCovers high-level concepts and solutions for CTOs and CCTOs; provides a solution for architects; and dives deep into the topic for administrators and DevOps engineersRyan Pothecary is Senior Specialist Solution Architect for a Cloud-based services company, which he joined four years ago. He has worked on the AWS platform for the last eight years as part of a near 30-year career in IT. Over the last four years he’s worked directly with customers and partners who are moving to the AWS Cloud. He specializes in helping customers move Microsoft Workloads to AWS and works with customers throughout their entire cloud journey. He is also a member of a Community of engineers, architects, and consultants who help customers run Microsoft Workloads on AWS in every part of the world. Outside of work he is determined to learn how to play the guitar his wife bought him, even though he has small stubby fingers.
Cybersecurity and Third-Party Risk
MOVE BEYOND THE CHECKLIST AND FULLY PROTECT YOURSELF FROM THIRD-PARTY CYBERSECURITY RISKOver the last decade, there have been hundreds of big-name organizations in every sector that have experienced a public breach due to a vendor. While the media tends to focus on high-profile breaches like those that hit Target in 2013 and Equifax in 2017, 2020 has ushered in a huge wave of cybersecurity attacks, a near 800% increase in cyberattack activity as millions of workers shifted to working remotely in the wake of a global pandemic.The 2020 SolarWinds supply-chain attack illustrates that lasting impact of this dramatic increase in cyberattacks. Using a technique known as Advanced Persistent Threat (APT), a sophisticated hacker leveraged APT to steal information from multiple organizations from Microsoft to the Department of Homeland Security not by attacking targets directly, but by attacking a trusted partner or vendor. In addition to exposing third-party risk vulnerabilities for other hackers to exploit, the damage from this one attack alone will continue for years, and there are no signs that cyber breaches are slowing.Cybersecurity and Third-Party Risk delivers proven, active, and predictive risk reduction strategies and tactics designed to keep you and your organization safe. Cybersecurity and IT expert and author Gregory Rasner shows you how to transform third-party risk from an exercise in checklist completion to a proactive and effective process of risk mitigation.* Understand the basics of third-party risk management* Conduct due diligence on third parties connected to your network* Keep your data and sensitive information current and reliable* Incorporate third-party data requirements for offshoring, fourth-party hosting, and data security arrangements into your vendor contracts* Learn valuable lessons from devasting breaches suffered by other companies like Home Depot, GM, and EquifaxThe time to talk cybersecurity with your data partners is now.Cybersecurity and Third-Party Risk is a must-read resource for business leaders and security professionals looking for a practical roadmap to avoiding the massive reputational and financial losses that come with third-party security breaches.GREGORY C. RASNER is the lead of Cyber Third-Party Risk at Truist Financial Corporation. He has extensive experience in cybersecurity and technology leadership in banking, biotech, software, telecom, and manufacturing. He is the author of several published articles on Third Party Risk and is a sought-after keynote speaker in this area.Foreword xviIntroduction xviiiSECTION 1 CYBERSECURITY THIRD-PARTY RISKCHAPTER 1 WHAT IS THE RISK? 1The SolarWinds Supply-Chain Attack 4The VGCA Supply-Chain Attack 6The Zyxel Backdoor Attack 9Other Supply-Chain Attacks 10Problem Scope 12Compliance Does Not Equal Security 15Third-Party Breach Examples 17Third-Party Risk Management 24Cybersecurity and Third-Party Risk 27Cybersecurity Third-Party Risk as a Force Multiplier 32Conclusion 33CHAPTER 2 CYBERSECURITY BASICS 35Cybersecurity Basics for Third-Party Risk 38Cybersecurity Frameworks 46Due Care and Due Diligence 53Cybercrime and Cybersecurity 56Types of Cyberattacks 59Analysis of a Breach 63The Third-Party Breach Timeline: Target 66Inside Look: Home Depot Breach 68Conclusion 72CHAPTER 3 WHAT THE COVID-19 PANDEMIC DID TO CYBERSECURITY AND THIRD-PARTY RISK 75The Pandemic Shutdown 77Timeline of the Pandemic Impact on Cybersecurity 80Post-Pandemic Changes and Trends 84Regulated Industries 98An Inside Look: P&N Bank 100SolarWinds Attack Update 102Conclusion 104CHAPTER 4 THIRD-PARTY RISK MANAGEMENT 107Third-Party Risk Management Frameworks 113ISO 27036:2013+ 114NIST 800-SP 116NIST 800-161 Revision 1: Upcoming Revision 125NISTIR 8272 Impact Analysis Tool for Interdependent Cyber Supply-Chain Risks 125The Cybersecurity and Third-Party Risk Program Management 127Kristina Conglomerate (KC) Enterprises 128KC Enterprises’ Cyber Third-Party Risk Program 131Inside Look: Marriott 140Conclusion 141CHAPTER 5 ONBOARDING DUE DILIGENCE 143Intake 145Data Privacy 146Cybersecurity 147Amount of Data 149Country Risk and Locations 149Connectivity 150Data Transfer 150Data Location 151Service-Level Agreement or Recovery Time Objective 151Fourth Parties 152Software Security 152KC Enterprises Intake/Inherent Risk Cybersecurity Questionnaire 153Cybersecurity in Request for Proposals 154Data Location 155Development 155Identity and Access Management 156Encryption 156Intrusion Detection/Prevention System 157Antivirus and Malware 157Data Segregation 158Data Loss Prevention 158Notification 158Security Audits 159Cybersecurity Third-Party Intake 160Data Security Intake Due Diligence 161Next Steps 167Ways to Become More Efficient 173Systems and Organization Controls Reports 174Chargebacks 177Go-Live Production Reviews 179Connectivity Cyber Reviews 179Inside Look: Ticketmaster and Fourth Parties 182Conclusion 183CHAPTER 6 ONGOING DUE DILIGENCE 185Low-Risk Vendor Ongoing Due Diligence 189Moderate-Risk Vendor Ongoing Due Diligence 193High-Risk Vendor Ongoing Due Diligence 196“Too Big to Care” 197A Note on Phishing 200Intake and Ongoing Cybersecurity Personnel 203Ransomware: A History and Future 203Asset Management 205Vulnerability and Patch Management 206802.1x or Network Access Control (NAC) 206Inside Look: GE Breach 207Conclusion 208CHAPTER 7 ON-SITE DUE DILIGENCE 211On-site Security Assessment 213Scheduling Phase 214Investigation Phase 215Assessment Phase 217On-site Questionnaire 221Reporting Phase 227Remediation Phase 227Virtual On-site Assessments 229On-site Cybersecurity Personnel 231On-site Due Diligence and the Intake Process 233Vendors Are Partners 234Consortiums and Due Diligence 235Conclusion 237CHAPTER 8 CONTINUOUS MONITORING 239What is Continuous Monitoring? 241Vendor Security-Rating Tools 241Inside Look: Health Share of Oregon’s Breach 251Enhanced Continuous Monitoring 252Software Vulnerabilities/Patching Cadence 253Fourth-Party Risk 253Data Location 254Connectivity Security 254Production Deployment 255Continuous Monitoring Cybersecurity Personnel 258Third-Party Breaches and the Incident Process 258Third-Party Incident Management 259Inside Look: Uber’s Delayed Data Breach Reporting 264Inside Look: Nuance Breach 265Conclusion 266CHAPTER 9 OFFBOARDING 267Access to Systems, Data, and Facilities 270Physical Access 274Return of Equipment 275Contract Deliverables and Ongoing Security 275Update the Vendor Profile 276Log Retention 276Inside Look: Morgan StanleyDecommissioning Process Misses 277Inside Look: Data Sanitization 279Conclusion 283SECTION 2 NEXT STEPSCHAPTER 10 SECURING THE CLOUD 285Why is the Cloud So Risky? 287Introduction to NIST Service Models 288Vendor Cloud Security Reviews 289The Shared Responsibility Model 290Inside Look: Cloud Controls Matrix by the Cloud Security Alliance 295Security Advisor Reports as Patterns 298Inside Look: The Capital One Breach 312Conclusion 313CHAPTER 11 CYBERSECURITY AND LEGAL PROTECTIONS 315Legal Terms and Protections 317Cybersecurity Terms and Conditions 321Offshore Terms and Conditions 324Hosted/Cloud Terms and Conditions 327Privacy Terms and Conditions 331Inside Look: Heritage Valley Health vs. Nuance 334Conclusion 335CHAPTER 12 SOFTWARE DUE DILIGENCE 337The Secure Software Development Lifecycle 340Lessons from SolarWinds and Critical Software 342Inside Look: Juniper 344On-Premises Software 346Cloud Software 348Open Web Application Security Project Explained 350OWASP Top 10 350OWASP Web Security Testing Guide 352Open Source Software 353Software Composition Analysis 355Inside Look: Heartbleed 355Mobile Software 357Testing Mobile Applications 358Code Storage 360Conclusion 362CHAPTER 13 NETWORK DUE DILIGENCE 365Third-Party Connections 368Personnel Physical Security 368Hardware Security 370Software Security 371Out-of-Band Security 372Cloud Connections 374Vendor Connectivity Lifecycle Management 375Zero Trust for Third Parties 379Internet of Things and Third Parties 385Trusted Platform Module and Secure Boot 388Inside Look: The Target Breach (2013) 390Conclusion 391CHAPTER 14 OFFSHORE THIRD-PARTY CYBERSECURITY RISK 393Onboarding Offshore Vendors 397Ongoing Due Diligence for Offshore Vendors 399Physical Security 399Offboarding Due Diligence for Offshore Vendors 402Inside Look: A Reminder on Country Risk 404Country Risk 405KC’s Country Risk 406Conclusion 409CHAPTER 15 TRANSFORM TO PREDICTIVE 411The Data 414Vendor Records 415Due Diligence Records 416Contract Language 416Risk Acceptances 417Continuous Monitoring 417Enhanced Continuous Monitoring 417How Data is Stored 418Level Set 418A Mature to Predictive Approach 420The Predictive Approach at KC Enterprises 420Use Case #1: Early Intervention 423Use Case #2: Red Vendors 425Use Case #3: Reporting 426Conclusion 427CHAPTER 16 CONCLUSION 429Advanced Persistent Threats Are the New Danger 431Cybersecurity Third-Party Risk 435Index 445
Wireless and Mobile Hacking and Sniffing Techniques
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of tapping phone wires and get to know about the conversation. It is also called wiretapping applied to the computer networks.Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.There are several ways how hackers can gain access to a public WiFi network and infiltrate connected devices to steal data. The most common practice that hackers use is called sniffing. This method allows hackers to hijack any packet of data that is being transmitted between a device and a router.The mobile device has become an inseparable part of life today. The attackers are easily able to compromise the mobile network because of various vulnerabilities, the majority of the attacks are because of the untrusted apps. SMS is another way the attackers are gaining access to the mobile devices by sending phishing messages/spam messages to userThis report covers the main Wireless and Mobile Hacking and Sniffing Techniques. The report contains the following pars: Part A: Setup LabPart B: Sniffer and Phishing HackingPart C: Wireless Hacking Networks in LinuxPart D: Mobile Platforms HackingI am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator. I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering. I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: www.hidaia-alassouli.000space.comEmail: hidaia_alassouli@hotmail.com
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
Reconnaissance is a set of processes and techniques (Footprinting, Scanning & Enumeration) used to covertly discover and collect information about a target system. During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible.Footprinting refers to the process of collecting as much as information as possible about the target system to find ways to penetrate into the system. An Ethical hacker has to spend the majority of his time in profiling an organization, gathering information about the host, network and people related to the organization. Information such as ip address, Whois records, DNS information, an operating system used, employee email id, Phone numbers etc is collected.Network scanning is used to recognize available network services, discover and recognize any filtering systems in place, look at what operating systems are in use, and to protect the network from attacks. It can also be used to determine the overall health of the network.Enumeration is defined as the process of extracting user names, machine names, network resources, shares and services from a system. The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit in the System gaining phase.The objective of the report is to explain to the user Footprinting, Reconnaissance, Scanning and Enumeration techniques and tools applied to computer networks The report contains of the following parts:Part A: Lab Setup Part B: Foot printing and ReconnaissancePart C: Scanning MethodologyPart D: EnumerationI am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator. I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering. I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: www.hidaia-alassouli.000space.comEmail: hidaia_alassouli@hotmail.com
Common Windows, Linux and Web Server Systems Hacking Techniques
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus. Computer viruses generally require a host program.System hacking is defined as the compromise of computer systems and software to access the target computer and steal or misuse their sensitive information. Here the malicious hacker exploits the weaknesses in a computer system or network to gain unauthorized access to its data or take illegal advantage.Web content is generated in real time by a software application running at server-side. So hackers attack on the web server to steal credential information, passwords, and business information by using DoS (DDos) attacks, SYN flood, ping flood, port scan, sniffing attacks, and social engineering attacks.This report covers the common techniques and tools used for System, Windows, Linux and Web Server Hacking. The report contains from the following sections:Part A: Setup Lab:Part B: Trojens and Backdoors and VirusesPart C: System HackingPart D: Hacking Web ServersPart E: Windows and Linux HackingI am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator. I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering. I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: www.hidaia-alassouli.000space.comEmail: hidaia_alassouli@hotmail.com
Praxishandbuch VMware vSphere 7 (5. Auflg.)
Leitfaden für Installation, Konfiguration und Optimierung.Sie brauchen praxisrelevante Informationen zur technischen Realisierung einer virtualisierten Infrastruktur mittels vSphere 7? Dann halten Sie mit dem »Praxishandbuch VMware vSphere 7.0« genau das richtige Buch in Ihren Händen. In diesem Handbuch finden Sie komprimiert alles, was Sie über Virtualisierung im Allgemeinen und vSphere 7 im Speziellen wissen müssen – samt unzähligen Tipps und Tricks aus der Praxis, Warnungen und Hinweisen zu angrenzenden Technologien.Schritt für Schritt zur optimalen virtualisierten UmgebungDas Buch gibt Ihnen schnell eine Übersicht über die einzelnen vSphere-Komponenten, deren Konfiguration und Optimierung. Sobald der Hypervisor (ESXi) installiert ist, können die ersten virtuellen Maschinen von Grund auf richtig eingerichtet und optimiert werden.Dann erfahren Sie, wie Sie Ihr Netzwerk am besten konfigurieren müssen und die ESXi Server an gemeinsamen Speicher anbinden. Was die Funktion Hostprofile, der VMware Lifecycle Manager oder der VMware Converter für Sie tun können, fehlt genauso wenig wie der Einsatz von vApps und Templates. Und auch wenn die vSphere-Umgebung steht, bleibt immer etwas zu tun: Backups und Sicherheitsstrategien (am Beispiel von Veeam Backup & Replication), die geschickte Verwaltung der Ressourcen und eine kontinuierliche Optimierung des laufenden Betriebs lassen sich mit den richtigen Werkzeugen und Konzepten besser in die Tat umsetzen. Auch die Kommandozeile und PowerCLI kommen nicht zu kurz.Aktualisierte fünfte AuflageDie fünfte Auflage wurde komplett auf VMware vSphere 7 aktualisiert. Zusätzlich aufgenommen wurden die Neuerungen von vSphere 7, z.B. vSAN, virtuelle Volumes, der HTML5-Client und die neue vSphere Appliance auf Photon Linux Basis. Weiterhin beinhaltet die fünfte Auflage die Themen Upgrade von einer Vorversion, NFS Storage unter Linux erstellen, Alarme, Hostprofile (erweitert), Troubleshooting (erweitert) und eine bestmögliche Netzwerkkonfiguration.
Warehouse Management mit SAP
Leere Läger oder explodierende Lagerkosten? Mit diesem Buch können Sie beides vermeiden! Es stellt sowohl die Abläufe in der Lagerverwaltung als auch die Funktionen und das grundlegende Customizing von WM umfassend dar. Anhand zahlreicher Beispiele erfahren Sie, wie Sie Ihre Prozesse verbessern und neue Prozesse effizient einsetzen können. Ob Sie WM implementieren, optimieren oder in der Fachabteilung nutzen: André Käber zeigt Ihnen, wie Sie Ihr Lager schnell und vor allem nachhaltig optimieren. Aus dem Inhalt: Betriebswirtschaftliche GrundlagenOrganisationsstrukturelementeStammdaten und BestandsverwaltungWareneingangsprozess und EinlagerungsstrategienAuslagerungssteuerungProduktionsversorgungsstrategienWarenbewegungen und operative LagerprozesseLieferabwicklungLagerprozess- und Materialflussoptimierung 1. Einleitung ... 17 2. Betriebswirtschaftliche Grundlagen der Lagerhaltung ... 21 2.1 ... Bedeutung der Lagerlogistik ... 21 2.2 ... Einfluss aktueller Markttrends auf die Lagerlogistik ... 22 2.3 ... Lagerkosten ... 23 2.4 ... Funktionen der Lagerhaltung ... 24 2.5 ... Kosteneffekte der Lagerhaltung ... 27 2.6 ... Lagerprozess ... 30 2.7 ... Lagerarten ... 31 2.8 ... Lagerverwaltung ... 32 2.9 ... Inventur ... 39 2.10 ... Funktionen von Lagerverwaltungssystemen ... 40 3. Organisationsstrukturelemente in WM und SAP LES ... 45 3.1 ... Übergreifende Organisationsstruktur von WM und LES ... 46 3.2 ... LES mit und ohne WM ... 48 3.3 ... Organisationseinheiten ... 51 3.4 ... Änderungen in SAP S/4HANA Stock Room Management ... 77 4. Stammdaten und Bestandsverwaltung in WM ... 79 4.1 ... Lagerplatzstammdaten ... 79 4.2 ... Materialstammdaten ... 84 4.3 ... Gefahrstoffstammdaten ... 94 4.4 ... Chargenstammdaten ... 96 4.5 ... Mindesthaltbarkeitsdatum/Verfallsdatum ... 98 4.6 ... Bestandsverwaltung ... 99 4.7 ... Lagerung unterschiedlicher Mengeneinheiten in WM ... 102 4.8 ... Lagereinheitenverwaltung in WM ... 104 4.9 ... Änderungen in SAP S/4HANA Stock Room Management ... 107 5. Elemente der Prozesssteuerung in WM ... 109 5.1 ... Bewegungsarten ... 109 5.2 ... Transportbedarfe ... 122 5.3 ... Umbuchungsanweisungen ... 125 5.4 ... Transportaufträge - zentrale Belege in WM ... 127 5.5 ... Bewegungssonderkennzeichen ... 137 5.6 ... Lagerortsteuerung ... 142 5.7 ... Änderungen in SAP S/4HANA Stock Room Management ... 150 6. Wareneingangsprozesse und Einlagerungsstrategien in WM ... 151 6.1 ... Wareneingangsprozesse in SAP ERP ... 151 6.2 ... Steuerung der Einlagerung ... 172 6.3 ... Einlagerungsstrategien von WM ... 176 6.4 ... Weitere Bestandteile des Einlagerungsprozesses ... 195 6.5 ... Änderungen in SAP S/4HANA Stock Room Management ... 201 7. Auslagerungssteuerung in WM ... 203 7.1 ... Auslagerungssteuerung ... 203 7.2 ... Auslagerungsstrategien ... 208 7.3 ... Weitere Steuerungskriterien der Auslagerung ... 218 7.4 ... Änderungen in SAP S/4HANA Stock Room Management ... 228 8. Produktionsversorgungsstrategien in WM ... 229 8.1 ... Betriebswirtschaftliche Grundlagen ... 229 8.2 ... Grundlagen der Fertigungsarten und der Materialbereitstellung in SAP ERP ... 230 8.3 ... Produktionsversorgung ohne WM-Bereitstellung ... 233 8.4 ... Produktionsversorgung mit WM-Bereitstellung ... 236 8.5 ... Kanban-Bereitstellung ... 255 8.6 ... Änderungen in SAP S/4HANA Stock Room Management ... 267 9. Warenbewegungen und operative Lagerprozesse in WM ... 269 9.1 ... Grundlagen von Umlagerungen in SAP ERP ... 269 9.2 ... Lagerinterne Umlagerungen ... 271 9.3 ... Umlagerungen zwischen Lagerorten ... 281 9.4 ... Umbuchungen ... 313 9.5 ... Sperren von Lagerplätzen, Lagereinheiten und Lagerbeständen ... 321 9.6 ... Nachschubprozesse in WM ... 325 9.7 ... Änderungen in SAP S/4HANA Stock Room Management ... 340 10. Lieferabwicklung in WM ... 341 10.1 ... Gesamtprozess der Auslagerung zum Kundenauftrag ... 341 10.2 ... Lieferbezogene Kommissionierung (Einzelauftragsbearbeitung) ... 351 10.3 ... Sammelgangsbearbeitung von Lieferungen ... 356 10.4 ... Lieferübergreifender Transportauftrag ... 362 10.5 ... Zweistufige Kommissionierung ... 365 10.6 ... Änderungen in SAP S/4HANA Stock Room Management ... 369 11. Weitere Grundfunktionen in WM ... 371 11.1 ... Handling Unit Management ... 371 11.2 ... Chargenverwaltung in WM ... 396 11.3 ... Gefahrstoffverwaltung in WM ... 403 11.4 ... Inventurabwicklung in WM ... 426 11.5 ... Operatives Lagercontrolling in WM ... 445 11.6 ... Leistungsdatenberechnung in WM ... 463 11.7 ... Änderungen in SAP S/4HANA Stock Room Management ... 474 12. WM-Komponenten zur Lagerprozess- und Materialflussoptimierung ... 475 12.1 ... Mobile Datenerfassung mit SAP Radio Frequency ... 475 12.2 ... Dezentrale Lagerverwaltung mit WM ... 513 12.3 ... Prozessoptimierung mit dem Task & Resource Management System (TRM) ... 523 12.4 ... Yard Management ... 537 12.5 ... Cross-Docking ... 559 12.6 ... Prozessoptimierung in Supply-Chain-Execution-Prozessen durch RFID und Event Management ... 568 12.7 ... SAP Auto-ID Infrastructure ... 579 12.8 ... Änderungen in SAP S/4HANA Stock Room Management ... 591 13. SAP Extended Warehouse Management (EWM) ... 595 13.1 ... Lagermodellierung ... 596 13.2 ... Prozesse in SAP EWM ... 599 13.3 ... Radio-Frequency-Framework ... 624 13.4 ... Integration mit SAP Transportation Management (TM) ... 625 13.5 ... Evolution von SAP EWM 9.0 zu SAP S/4HANA 1909 ... 629 14. SAP S/4HANA Stock Room Management ... 631 14.1 ... Funktionale Unterschiede ... 631 14.2 ... SAP-Lagerlösungen im Vergleich ... 634 14.3 ... Migration von WM nach SAP S/4HANA Stock Room Management ... 638 A. Glossar ... 641 B. Literaturverzeichnis ... 649 Der Autor ... 651 Index ... 653
SAP-Schnittstellenmanagement
So beherrschen Sie die Schnittstellen Ihrer komplexen Systemlandschaft. Dieser praktische Leitfaden hilft Ihnen dabei, sich im Dschungel der verschiedenen Schnittstellenformate und Datenaustauschprotokolle zurechtzufinden. Die Autoren stellen Ihnen die Werkzeuge der hybriden Integrationsplattform von SAP vor und führen Sie durch die Anwendung der Integration Solution Advisory Methodology (ISA-M). So entsteht eine kohärente Integrationsarchitektur aus Cloud- und On-Premise-Software. Aus dem Inhalt: Methoden und FrameworksSAP API Business Hub und SAP GraphIntegrationskonzepte und ArchitekturenSAP Enterprise MessagingSAP API ManagementOpen ConnectorsSAP Cloud IntegrationMonitoring, Governance und BetriebSAP Data IntelligenceDigital Integration Hub Einleitung ... 15 Teil I. Grundlagen ... 19 1. SAP-Schnittstellenverwaltung im Zeitalter der Digitalisierung ... 21 1.1 ... Was bedeutet Integration? ... 21 1.2 ... Evolution der Schnittstellentechnologien von SAP R/3 bis SAP S/4HANA ... 24 1.3 ... SAP-Schnittstellenbibliotheken ... 35 1.4 ... Herausforderungen an das Schnittstellenmanagement ... 44 2. Integrationskonzepte und -technologien im SAP-Umfeld ... 51 2.1 ... Integrationsarchitekturen ... 51 2.2 ... Integrationsstile ... 72 2.3 ... Integrationstechnologien, Standards und Protokolle ... 84 3. Methoden und Frameworks ... 109 3.1 ... Integration Solution Advisory Methodology (ISA-M) ... 109 3.2 ... Reifegradmodell ... 130 3.3 ... Integration Competency Center of Excellence ... 136 3.4 ... Hybrid Integration Platform ... 150 4. Die hybride Integrationsplattform von SAP ... 165 4.1 ... Vision ... 166 4.2 ... Komponenten ... 177 Teil II. Werkzeuge der hybriden Integrationsplattform von SAP ... 183 5. SAP Process Orchestration ... 185 5.1 ... Übersicht über SAP Process Orchestration ... 186 5.2 ... Funktionen für das Schnittstellenmanagement ... 189 5.3 ... Anwendungsmöglichkeiten ... 202 6. SAP Cloud Integration ... 207 6.1 ... Übersicht ... 208 6.2 ... Funktionen für das Schnittstellenmanagement ... 210 6.3 ... Anwendungsmöglichkeiten ... 220 7. SAP API Management ... 227 7.1 ... Übersicht ... 228 7.2 ... Funktionen für das Schnittstellenmanagement ... 232 7.3 ... Anwendungsmöglichkeiten ... 243 8. SAP Enterprise Messaging ... 247 8.1 ... Übersicht über SAP Enterprise Messaging ... 248 8.2 ... Funktionen für das Schnittstellenmanagement ... 250 8.3 ... Anwendungsmöglichkeiten ... 258 9. Open Connectors ... 265 9.1 ... Übersicht über Open Connectors ... 266 9.2 ... Funktionen für das Schnittstellenmanagement ... 267 9.3 ... Anwendungsmöglichkeiten ... 279 10. SAP Data Intelligence ... 283 10.1 ... Übersicht ... 284 10.2 ... Funktionen für das Schnittstellenmanagement ... 287 10.3 ... Anwendungsmöglichkeiten ... 298 11. Werkzeuge zur Datenintegration ... 301 11.1 ... Übersicht ... 302 11.2 ... Funktionen ... 310 11.3 ... Anwendungsmöglichkeiten ... 315 12. SAP Application Interface Framework ... 319 12.1 ... Übersicht ... 319 12.2 ... Funktionen für das Schnittstellenmanagement ... 321 12.3 ... Anwendungsmöglichkeiten ... 333 13. Digital Integration Hub ... 335 13.1 ... Übersicht über den Digital Integration Hub ... 336 13.2 ... Digital Integration Hub von SAP ... 338 13.3 ... Anwendungsmöglichkeiten und Empfehlungen ... 343 Teil III. Aufgaben des Schnittstellenmanagements ... 349 14. Governance ... 351 14.1 ... Prinzipien und Policys ... 351 14.2 ... Entwicklungsrichtlinien ... 363 14.3 ... Katalogisierung ... 377 14.4 ... Reporting ... 385 15. Betrieb ... 397 15.1 ... Monitoring und Alerting ... 397 15.2 ... Testmanagement ... 411 15.3 ... Change Management und Transportwesen ... 422 16. Organisation ... 437 16.1 ... Produktorientierte Organisationsmodelle ... 438 16.2 ... Rollen ... 446 16.3 ... Verantwortlichkeiten ... 457 17. Plattformwerkzeuge ... 465 17.1 ... SAP Solution Manager ... 465 17.2 ... SAP-Partnerlösungen ... 480 18. Zusammenfassung und Ausblick ... 497 18.1 ... Zusammenfassung ... 497 18.2 ... Ausblick ... 499 18.3 ... Schlusswort ... 500 Quellen- und Literaturverzeichnis ... 503 Die Autoren ... 505 Index ... 507
Android for Absolute Beginners
Get started as a mobile app developer and learn the art and science of Android app development. With no assumed knowledge about programming languages or Android required, you will gain the key skills for constructing fully functional Android apps for smartphones, tablets, and other devices.You will also build a solid foundation in the Java programming language and the business of creating and releasing software for Android. Along the way you’ll get comfortable with Android Studio - the best way to write modern Android apps - before diving into your first Android code. The author spends plenty of time explaining how to build a robust UI with widgets, menus, layouts and more. These components will be the basis of your Android apps and so are covered in depth.Having grasped the basics, you’ll move onto what will make your app stand out: sound, music, images, animations, and notifications. Taking these elements and combining them with phone features like calling and sensors, will take your apps to the next level.The final part of the book covers services, events, intents, receivers, files and databases, essential sources of information and functionality for users and your app. In addition, you'll see how to protect your users and their data with permissions and security in examples throughout the bookWHAT YOU WILL LEARN* Get started with Android and build your first apps with it* Install and use the Android Studio IDE* Set up and manage the app development life cycle* Master the basics of Java and XML required to create Android apps* Discover the strengths and features of the Android APIs and device capabilitiesWHO THIS BOOK IS FORTotal beginners who have little or no exposure to software development. This book is also useful for developers who are completely new to Android. GRANT ALLEN, PH.D. has worked in the technology field for over 20 years, as a CTO, entrepreneur, and emerging technology expert. After successful startup exits and a decade at Google, Grant's focus is now mentoring and coaching startups and hi-tech companies on building great teams and great technology. He is a frequent speaker on topics such as big data, mobile ecosystems, Android, wearables, IoT, disruptive innovation, and more. Grant has a PhD in computer science based on research he performed whilst at Google, an MBA specializing in technology management, and he is the author of seven books on various mobile platform and data technology topics.Part I - Get Android, Get Started1. Introducing AndroidWhat is it, history, Google, etc.2. Introducing Android StudioWhat and IDE is, Android Studio and IntelliJ, downloading, installing.3. Your First Android App, Already!Create first project and first emulator, run it successfully4. Exploring Your First ProjectAnatomy of an Android Studio project5. Android Studio in depthExploring all the features of Android Studio, including debugging, profiling, and other tools6. Mastering Your Entire Development EcosystemAll other tools outside of Android Studio, including JDK, gradle, source control, etc.Part II - Get The Android Development Know-how7. Introducing Java for Android DevelopmentCore topics to learn to start java programming8. Introductin XML for Android DevelopmentCore topics to learn to understand XML and its use in Android9. Exploring Android UI Concepts - Widgets, Menus and moreAndroid API components for building basic UIs10. Exploring Android UI Concepts - Layouts, Activity Bars, and moreWider Android API components for more sophisticated UIs11. Activities and Fragments to Organize Your AppsActivities, lifecycles, Fragments, screen handlingPart III - Get Sophisticated12. Sound, Music and Audio for Android Apps creating, recording, using, playback of audio13. Video and Movies for Android Appscreating, recording, using, playback of video14. Exploring Images, Pictures and Animation for Android Appscreating, capturing, using of still images15. Exploring device capabilities - calls, location, sensors and moremore device featuresPart IV - Get Together16. Understanding Events, Notifcations, Intents and Receiversevents, intents and user- and system-handling17. Working with Services, Libraries, Notifications and Parallel Applicationscreating and using services, and threads, using other libraries18. Understanding Files, Databases and Content Providers for Androidfile handling, SQLite, 3rd-party providers19. Protecting Users and Data with Permissions and Securitymanifest controls, encryption, basic infosec20. Preparing Your Android App for Release and Sale!APK packaging, Google developer accounts, Google Play
Extending Kubernetes
Rely on this comprehensive guide to understand the extension patterns and discover the extension plugins for Kubernetes.In this book, state-of-the-art extension patterns and extension points of Kubernetes are covered in depth with real-life use cases and examples. There are comprehensive discussions in the text on all possible aspects of Kubernetes, starting from end-user to the fully-automated controller development. The book focuses on creating applications that work on Kubernetes and also interact and operate Kubernetes itself.The book starts with a recap of Kubernetes, its rich configuration options, extension patterns, and points. The journey of extending Kubernetes starts with the CLI tool plugins. By the end of this section, you will be able to create and manage kubectl plugins. Then, the API access plugins with authentication and authorization webhooks are presented. In this section, you will learn how to extend and interfere with the API flow of Kubernetes. You then move on to learn how to extend Kubernetes API with new resources and controllers. You will make Kubernetes API work for you by creating a Kubernetes operator. Extensions for Kubernetes schedulers are covered to create a custom scheduler and run it side-by-side with the default scheduler. Finally, the last extension points will be discussed for the infrastructure, such as networking or storage. At the end of the text, you will learn the upcoming extension points. This book is designed to cover all the extension points of Kubernetes with state-of-the-art implementations.This book is intended for those who wish to understand Kubernetes in depth and go further by making Kubernetes work for their custom requirements. By the end of this book, readers with a cloud-native mindset will broaden their vision to create future-proof applications. Rather than focus on overwhelming theoretical information and YAML files for Kubernetes resources, readers are provided with the philosophy behind Kubernetes extensions. With real-life examples and hands-on development steps, you will be more confident in working with Kubernetes.WHAT YOU WILL LEARN* Know the Kubernetes extension patterns and available extension points * Be familiar with the philosophy behind Kubernetes extensions and how they should be integrated into the clusters* Design Kubernetes extensions and make Kubernetes work for you* Develop, deploy, and operate plugins for Kubernetes ranging from the CLI tool to custom resources, schedulers, infrastructure, and more * Study real-life use cases for extending Kubernetes with code examplesWHO THIS BOOK IS FORSoftware engineers, developers, DevOps engineers, cloud security analysts, architects, and managers who have Kubernetes in their short- and long-term plansONUR YILMAZ is a senior software engineer at a multinational enterprise software company. He is a Certified Kubernetes Administrator (CKA) and works on Kubernetes and cloud management systems. He is a keen supporter of cutting-edge technologies, including Docker, Kubernetes, and cloud-native applications. He is the author of multiple books on Kubernetes, Docker, serverless architectures, and cloud-native continuous integration and delivery. He has one master and two bachelor degrees in the engineering field.Chapter 1: IntroductionCHAPTER GOAL: Provide an introduction to Kubernetes, configuration options, extension patterns, and extension points with real-life use casesNO OF PAGES: 25-30SUB-TOPICS:1. Kubernetes Recap2. Configuring Kubernetes Cluster3. Kubernetes Extension Patterns4. Kubernetes Extension PointsChapter 2: kubectl pluginsCHAPTER GOAL: Understand how to extend Kubernetes CLI tool, kubectl, for the custom requirements. How to develop, install and release new plugins for kubectlNO OF PAGES: 30-35SUB-TOPICS:* kubectl Installation and Usage* kubectl Plugin Design* Create Your First kubectl Plugin* Plugin Repository and LifecycleCHAPTER 3: API FLOW EXTENSIONSCHAPTER GOAL: Understand the flow of Kubernetes API server to handle requests. Learn how to extend the flow with authentication, authorization, and admission controls.NO OF PAGES: 25-30SUB -TOPICS:* Authentication WebhooksAuthorization Webhooks * Dynamic Admission ControlCHAPTER 4: EXTENDING KUBERNETES APICHAPTER GOAL: Discuss how Kubernetes API can be extended with custom resources and the automation of the custom resources, namely operators.NO OF PAGES: 50-55SUB-TOPICS:* Kubernetes API Overview* Kubernetes Client Libraries* Custom Resources in Kubernetes* Operator Pattern in Kubernetes* kubebuilder Framework* Operators in ActionCHAPTER 5: SCHEDULER EXTENSIONSCHAPTER GOAL: Learn how Kubernetes scheduling mechanism works and how it could be extended. Write, deploy, and use a custom scheduler for Kubernetes cluster.NO OF PAGES: 35-40SUB-TOPICS:* Kubernetes Scheduler OverviewDevelop and Deploy a Custom Scheduler * Configure and Manage Multiple Schedulers CHAPTER 6: INFRASTRUCTURE EXTENSIONSCHAPTER GOAL: Discover how Kubernetes interacts with the infrastructure in terms of storage and networking. Learn how to extend Kubernetes clusters with new pod networking and volume drivers.NO OF PAGES: 25-30SUB-TOPICS:* Storage Plugins* Network Plugins (They are still in development, and in alpha stage, if they become stable, it is an excellent asset to have in the book) CHAPTER 7: UPCOMING EXTENSION POINTSCHAPTER GOAL: Summarize the extension points of Kubernetes and discuss the upcoming trends and libraries in the market.NO OF PAGES: 20-25
Comparison between Internet Fax Services
Internet faxing uses the same principles as facsimile transmission, but it uses a Web interface instead of a fax machine. It can be a flexible, inexpensive option for transmitting documents.Internet fax services usually assign a fax number to each person who signs up for the service. people can send faxes to this number, and customers can send faxes via e-mail without using a fax machine.To send a fax through an Internet fax service:• The sender attaches a document to an e-mail message. The document can be a scan of a paper document, or it can be created in a program like Microsoft Word.• The sender addresses the message to the recipient's fax number, followed by the name of the faxing service (for example: 18005551234@emailfaxes.com).• The service translates the attachment so that a fax machine can read it.• The service sends the data across the phone line.• The recipient's fax machine decodes the data and prints the fax.To receive a document from a traditional fax machine through an Internet fax service:• The sender dials the fax number that the service has assigned to the recipient.• The fax machine translates the data and transmits it over the phone line.• The service receives the data, translates it into an image file and sends the image to the recipient's e-mail address.• The recipient opens the em-ail message and the attachment and views the file.As getting cheap internet fax service is important, I tried to look for cheap internet fax service that can fax to any country worldwide and can also use PayPal as it is safe payment than credit card. Unfortunately, I could not find cheap fax service for international destination. All internet fax services offer only cheap services to the free zones countries such as usa and Canada. I could not find cheap service to international destinations.Maybe the best of my search for faxing to international destination was FAX.PLUS that allows also paypal. But when I tried to subscribe to basic plane using paypal, paypal asked me to give them permission to access my registered credit card, and I refused that and so I could not subscribe.I will divide web sites that I had look to their internet fax services in the following groups1-Part1: Websites that accepts paypal payments and supports faxing to international countries. Some of these are:• Gotfreefax• fax.to• Faxfresh• PamFax.biz• Faxzero• FAX.PLUS2-Part2: Websites that accepts only credit/debit card payments and supports faxing to international countries• Hellofax• J2 global services vendors. It includes Metrofax, myfax, smartfax, efax, trustfax, rapidfax and fax.com3-Part3: Websites that supports faxing to usa and Canada only• Nextiva• FAXAGE• FAXBetterIn this report, I will compare the internet fax services according to the cost for sending fax to United Arab Emirate. I will assume that I have three pages to be sent to any fax number in UAE.I am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator.I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering.I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: www.hidaia-alassouli.000space.comEmail: hidaia_alassouli@hotmail.com
Data Engineering 4.0
Digitale Systeme und Infrastrukturen werden in der Regel gemeinsam oder wie im öffentlichen Sprachgebrauch üblich, „geteilt“ genutzt.Das gilt sowohl für die Systeme und Infrastrukturen selbst, als auch für Daten, die häufig als das Öl der Digitalisierung bezeichnet werden.In industriellen Nutzungen sind Daten in den meisten Fällen eine geschäftskritische Ressource und können nicht, wie im privaten Nutzungsumfeld, bedingungslos und uneigennützig Dritten überlassen werden. Dennoch ist das Teilen von Daten für industrielle Anwendungen gewünscht und häufig auch zwingend notwendig, aber ebenso häufig unzulässig und gefährlich. Genauso zwingend wie das Teilen von Daten ist in industriellen Anwendungen das nutzungsgerechte und passgerechte Zusammenführen von Daten unterschiedlicher Bedeutung zu Daten-Konglomeraten.Um die digitale Souveränität gemeinsam berechtigter Nutzer von Daten gewährleisten zu können, muss zur Bewältigung dieser beiden Aufgaben ein systematisches Data Engineering bereitgestellt werden.HERBERT WEBEr war Universitätsprofessor im Fachbereich Informatik der Technischen Universität Berlin sowie Gründer und langjähriger Leiter des Fraunhofer-Instituts für Software und Systemtechnik. Informationen und Informationsmodelle.- Informationsmodellierung für industrielle Anwendungen.- Methoden der Informationsmodellierung.- Kompositionale konstruierte Informationsmodelle.- Extensionale Konstruktionen.- Intensionale Konstruktionen.- Das HERMES Komponentenmodell.- Zusammenfassung.
Multi-Site Network and Security Services with NSX-T
Know the basics of network security services and other stateful services such as NAT, gateway and distributed firewalls (L2-L7), virtual private networks (VPN), load balancing (LB), and IP address management. This book covers these network and security services and how NSX-T also offers integration and interoperability with various other products that are not only created by VMware, but are also referred by VMware as third-party integrated vendors.With the integration of VMware vRealize Automation, you can automate full application platforms consisting of multiple virtual machines with network and security services orchestrated and fully automated.From the operational perspective, this book provides best practices on how to configure logging, notification, and monitoring features and teaches you how to get the required visibility of not only your NSX-T platform but also your NSX-T-enabled network infrastructure.Another key part of this book is the explanation of multi-site capabilities and how network and security services can be offered across multiple on-premises locations with a single management pane. Interface with public cloud services also is included. The current position of NSX-T operation in on-premises private clouds and the position and integration with off-premises public clouds are covered as well.This book provides a good understanding of integrations with other software to bring the best out of NSX-T and offer even more features and capabilities.WHAT YOU WILL LEARN* Understand the NSX-T security firewall and advanced security* Become familiar with NAT, DNS, DHCP, and load balancing features* Monitor your NSX-T environment* Be aware of NSX-T authentication and authorization possibilities* Understand integration with cloud automation platforms* Know what multi-cloud integrations are possible and how to integrate NSX-T with the public cloudWHO THIS BOOK IS FORVirtualization administrators, system integratorsIWAN HOOGENDOORN started his IT career in 1999 as a help desk agent. Soon after, he started to learn Microsoft products and obtained MCP, MCSA, MCDBA, and MCSE certifications. While working as a Microsoft Systems Engineer, Iwan developed additional skills and knowledge in computer networking. Networking became a passion in his life. This passion resulted in learning networking with Cisco products. One of Iwan's dreams was to work for Cisco. But before this could happen, he first needed to finish his bachelor's degree in ICT, which he completed in 2009. In early 2010, he started working for his dream company, Cisco. After finishing his master's degree (part-time) in computer science at the University of Amsterdam and becoming a CCIE (#13084) in six different technology areas, Iwan wanted to learn something new, and that was virtualization. Because networking was something that ran through his veins, network virtualization was the next logical step. So he decided to learn VMware NSX.Iwan got the opportunity to work for VMware in 2016 as Senior NSX PSO Consultant. In his time at VMware, he gained more knowledge on private and public clouds and the related products that VMware developed to build the Software-Defined Data Center (SDDC). As new technology is growing at a rapid pace (especially within VMware and the VMware cloud space), Iwan is trying to keep up.After working for four years as Senior NSX PSO Consultant (primarily with VMware NSX-v and NSX-T), Iwan was promoted to Staff SDDC Consultant, focusing on the full SDDC stack that includes Hyperscaler offerings on the main public clouds such as AWS (VMC on AWS), Microsoft (Azure VMware Solution), and Google (Google Cloud VMware Engine).Iwan is certified on multiple VMware products, including NSX, and he is actively working together with VMware certification to develop network-related exams for VMware. Next to his VMware certifications, Iwan is also AWS and TOGAF certified.Iwan is the author of the Apress book, Getting Started with NSX-T: Logical Routing and Switching.· CHAPTER 1o Title: NSX-T SECURITY | FIREWALLo Chapter Goal: The theory about the Basic Security Services offered by NSX-T followed by the deployment’s details and steps with proper verification.o Number of Pages: 20o Subtopics:§ Gateway Firewalls§ Distributed Firewall§ Security Profiles§ Time-Based Firewall Policy· CHAPTER 2o Title: NSX-T ADVANCED SECURITYo Chapter Goal: The theory about the Advanced Security Services/features offered by NSX-T.o Number of Pages: 20o Subtopics:§ Distributed IDS§ Layer-7 Context Profiles§ Identity based Firewall§ Bare Metal Server Security· CHAPTER 3o Title: NSX-T SERVICE INSERTIONo Chapter Goal: The theory about the Security Services/features offered by 3rd Party vendors from VMware’s perspective and how the integration works.o Number of Pages: 15o Subtopics:§ East/West Third-party service insertion§ North/South Third-party service insertion§ End-Point Protection§ Network Introspection Settings· CHAPTER 4o Title: NETWORK ADDRESS TRANSLATION (NAT), DNS AND DHCPo Chapter Goal: Know the difference between SNAT and DNAT and explanation on how to configure NAT, DNS and DHCP IP address Management using the internal NSX-T.o Number of Pages: 20o Subtopics:§ SNAT§ DNAT§ Configure NAT Services§ DNS Zone§ DNS Forwarding Zone§ DHCP Profile§ IP Address Pool§ IP Address Block· CHAPTER 5o Title: LOAD BALANCING (LB)o Chapter Goal: Discuss Load Balancing capabilities and configuration.o Number of Pages: 30o Subtopics:§ Load Balancing Concepts§ Distributed Load Balancer§ Setting up the Load Balancer Components· CHAPTER 6o Title: VIRTUAL PRIVATE NETWORK (VPN)o Chapter Goal: Know the differ types of VPN and how to configure and monitor them.o Number of Pages: 25o Subtopics:§ IPSEC (L3 VPN)§ L2 VPN§ Configuration of VPN· L3· L4§ Monitoring of VPN sessions· CHAPTER 7o Title: NSX-T MONITORINGo Chapter Goal: Tools to verify the Routing and Routing performance.o Number of Pages: 30o Subtopics:§ Network Monitoring§ Logging§ vRealize Network insight integration§ IPFIX§ Network Performance Testing using IPERF Tools§ Monitoring / Events and Alarms§ Logging§ vRealize Log insight integration§ vRealize Operations integration§ Other Operation Tools Integration· CHAPTER 8o Title: AUTHENTICATION AND AUTHORIZATIONo Chapter Goal: Information on how to integrate NSX-T with an external LDAP server and create user (groups) with different roles and rights (RBAC).o Number of Pages: 15o Subtopics:§ vIDM Integration & LDAP Integration§ LDAP only integration§ RBAC· CHAPTER 9o Title: MULTI-SITE AND FEDERATIONo Chapter Goal: Design Principles regarding Multi Site routingo Number of Pages: 40o Subtopics:§ Multi-Site Capabilities§ NSX-T Federation overview§ Networking with Federation§ Security with Federation§ Backup & Restore with Federation· CHAPTER 10o Title: PUBLIC CLOUD INTEGRATIONo Chapter Goal: NSX-T is also used in all major Public Clouds. This chapter gives you an overview on what is deployed there and how NSX-T can be consumed in these Public Clouds.o Number of Pages: 30o Subtopics:§ Forwarding Policies§ VMC on AWS§ Azure VMware Solution (AVS)§ Google Cloud VMware Engine· CHAPTER 11o Title:CLOUD MANAGEMENT PLATFORM INTEGRATION & AUTOMATIONo Chapter Goal: Get familiar on the out-of-the-box automation capabilities and vRO extensibility.o Number of Pages: 20o Subtopics:§ vCloud Director· Allowing Tenants to Create / Use NSX-T Related automated network and security Services§ vRealize Automation / vRealize Orchestration· Allowing Tenants to Create / Use NSX-T Related automated network and security Services§ NSX-T API Capabilities
Monitoring Cloud-Native Applications
Introduce yourself to the nuances of modern monitoring for cloud-native applications running on Kubernetes clusters. This book will help you get started with the concepts of monitoring, introduce you to popular open-source monitoring tools, and help with finding the correct set of use cases for their implementation. It covers the in-depth technical details of open-source software used in modern monitoring systems that are tailor made for environments running microservices.Monitoring Cloud-Native Applications is divided into two parts. Part 1 starts with an introduction to cloud-native applications and the foundational concepts of monitoring. It then walks you through the various aspects of monitoring containerized workloads using Kubernetes as the de-facto orchestration platform. You will dive deep into the architecture of a modern monitoring system and look at its individual components in detail.Part 2 introduces you to popular open-source tools which are used by enterprises and startups alike and are well established as the tools of choice for industry stalwarts. First off, you will look at Prometheus and understand its architecture and usage. You will also learn about InfluxDB, formerly called TICK Stack (Telegraf, InfluxDB, Chronograf, and Kapacitor). You will explore the technical details of its architecture and the use cases which it solves. In the next chapter, you will be introduced to Grafana, a multi-platform open source analytics and interactive visualization tool that can help you with visualization of data and dashboards.After reading this book, you will have a much better understanding of key terminologies and general concepts around monitoring and observability. You will also be able to select a suitable monitoring solution from the bouquet of open-source monitoring solutions available for applications, microservices, and containers. Armed with this knowledge, you will be better prepared to design and lead a successful agile operations team.What You Will LearnMonitor and observe of metrics, events, logs, and tracesCarry out infrastructure and application monitoring for microservices architectureAnalyze and visualize collected dataUse alerting, reporting, and automated actions for problem resolutionWho This Book Is ForDevOps administrators, cloud administrators, and site reliability engineers (SREs) who manage and monitor applications and cloud infrastructure on a day-to-day basis within their organizations.MAINAK CHAKRABORTY works as a senior solutions architect at a leading public cloud company, specializing in cloud management and automation tools. He has been instrumental in shaping the cloud journey of customers across industry segments whether they be established enterprises or born-in-the-cloud startups. Mainak is an open source enthusiast and regularly presents at industry technical events on his favorite topics of automation, cloud native applications, and cloud computing.AJIT PRATAP KUNDAN stands at the leading edge of the innovative technologies of todays’ information technology world. He’s worked with HPE, VMware, Novell, Redington, and PCS and helped their customers in transforming their datacenters through software-defined services. Ajit is a valued author on cloud technologies and has authored two books VMware Cross-Cloud Architecture and Intelligent Automation with VMware published by Packt and has reviewed one book Deep Learning with Pytorch.PART I: INTRODUCTION TO MONITORINGCHAPTER 1: BASIC CONCEPTS OF MONITORINGCHAPTER GOAL: This chapter is about the foundational concepts of monitoring and the associated terminology. It starts with explaining why monitoring is important and also discusses the parameters which can be monitored. We will take a look at the different ways in which monitoring can be done —some systems generate data continuously and others produce data when some event happens. It is most useful for identifying and investigating problems within your systems.No of pages: 20 PagesSub -Topics:1. Overview of Monitoring Concepts2. Proactive and Reactive Monitoring3. Importance of Observability4. What to Monitor – Infrastructure, Application and Services5. Advanced Monitoring of Business KPIs and User ExperienceCHAPTER 2: COLLECTION OF EVENTS, LOGS AND METRICSCHAPTER GOAL: This chapter will explain the difference between Events, Logs and Metrics. It also goes into the details of collection of telemetry from Work Metric and Resource Metric. We will take a look at which data to collect and how to collect that data.No of pages: 40 PagesSub - Topics1. Granularity and Resolution – observations at fixed time interval2. Types of Metrics – Histograms, Gauges, Counters and Timers3. Statistical functions – Count, Sum, Average etc.4. Work Metric – Throughput, Success, Error, Performance5. Resource Metric – Utilization, Saturation, Errors, Availability6. Introduction to Telegraf, collectd, statdCHAPTER 3: ARCHITECTURE OF A MODERN MONITORING SYSTEMCHAPTER GOAL: In this chapter we would take a look at the architecture of a modern monitoring system, its components and the integrations. We would look at how to configure a modern monitoring system, how to manage the collected data, run a query on the data, integrations with alerting tools and the reporting of the analysis.No of pages : 20 PagesSub - Topics:1. Architecture and Components2. Data management3. Query Engine4. Alerting Tools5. VisualizationPART 2- OPEN SOURCE MONITORING TOOLSCHAPTER 4: PROMETHEUSCHAPTER GOAL: This chapter will introduce Prometheus as an open-source monitoring and alerting tool. We will cover the basic concepts, installation and configuration and integration with other tools. We will also look at the use cases which can be delivered with Prometheus and its advantages when compared to Open Source tools like Graphite.No of pages: 50Sub - Topics:1. Introduction to Prometheus2. Architecture and Data Model3. Installation and Configuration4. Instrumenting Prometheus5. Integrations with other solutionsCHAPTER 5: TICK PLATFORMCHAPTER GOAL: We would take a look at Open Source TICK Stack collectively, Telegraf, InfluxDB, Chronograf and Kapacitor. The TICK Stack is a loosely coupled yet tightly integrated set of open source projects designed to handle massive amounts of time-stamped information to support the metrics analysis needs.No of pages: 50Sub - Topics:1. Architecture of TICK Stack2. Deep Dive into Telegraf3. Introduction to Influx DB4. Chronograf and Kapacitor5. Use cases delivered by Tick StackCHAPTER 6: ELASTIC STACK – ELASTIC SEARCHCHAPTER GOAL: In this chapter we will take a look at the open source Elastic Stack – formerly known as the ELK Stack, to understand the practical application of this tool. We would understand the primary areas where we can use it and how is it different from other tools available in the market today.No of pages: 50Sub - Topics:1. Introduction to Elastic Search, Log Stash and Kibana2. Architecture and Data Model3. Installation and Configuration4. Integrations with other solutionsPart 3- Visualization and DashboardsPART 3- VISUALIZATION AND DASHBOARDSCHAPTER 7: ANALYZE AND INVESTIGATECHAPTER GOAL: This chapter is focused on explaining the techniques around choosing the right set of graphs for visualizing your data, specifically time series data. It is important to know the different types, how they work and when to use them. We will also look at how to find a co-relation amongst millions of metrics and arrive at a resolution.No of pages: 20CHAPTER 8: TYPE OF TIME SERIES GRAPHSCHAPTER GOAL: This chapter is focused on explaining the techniques around choosing the right set of visualization for your data, specifically time series data. It is important to know the different types, how they work and when to use them.No of pages: 20Sub - Topics:1. Line Graphs2. Stacked Area Graphs3. Bar Graphs4. Heat MapsCHAPTER 9:TYPE OF SUMMARY GRAPHSCHAPTER GOAL: This chapter will cover summary graphs, which are visualizations that flatten a particular span of time to provide a summary window into your infrastructure. For each graph type, we’ll explain how it works and when to use it. But first, we’ll quickly discuss two concepts that are necessary to understand infrastructure summary graphs: aggregation across time (which you can think of as “time flattening” or “snapshotting”), and aggregation across space.NO OF PAGES: 20SUB - TOPICS:1. Single Value Summaries2. Toplists3. Change Graphs4. Host Maps5. DistributionsCHAPTER 10:GRAPHANACHAPTER GOAL: In this chapter will take a look at Open Source Grafana tool which allows users to query, visualize, alert on and understand metrics wherever they might be stored. It can integrate with Graphite, Influx DB, Prometheus, AWS CloudWatch etc. as a data source and can act as a single visualization option to help better understand your environment.NO OF PAGES: 50PART 4 - ACTING ON THE DATACHAPTER 11:ALERTING AND NOTIFICATIONSChapter Goal: The chapter is focused on how to start your journey to notifications – set up alerts with a simple click or perform complex anomaly detection based on machine learning algorithms. We will look at sending alerts to popular services like Slack, SMS and PagerDuty. We will also explain using automatic action on alerts through orchestration and how to create custom triggers to perform any action.NO OF PAGES: 20SUB - TOPICS:1. False Alarms2. Notifications3. Setup integration with alerting tools4. Setup integration with ITSM tools5. Automated actions
From Traditional Fault Tolerance to Blockchain
This book covers the most essential techniques for designing and building dependable distributed systems, from traditional fault tolerance to the blockchain technology. Topics include checkpointing and logging, recovery-orientated computing, replication, distributed consensus, Byzantine fault tolerance, as well as blockchain.This book intentionally includes traditional fault tolerance techniques so that readers can appreciate better the huge benefits brought by the blockchain technology and why it has been touted as a disruptive technology, some even regard it at the same level of the Internet. This book also expresses a grave concern on using traditional consensus algorithms in blockchain because with the limited scalability of such algorithms, the primary benefits of using blockchain in the first place, such as decentralization and immutability, could be easily lost under cyberattacks.DR. ZHAO received the PhD degree in Electrical and Computer Engineering from the University of California, Santa Barbara, in 2002. He is now a Full Professor in the Department of Electrical Engineering and Computer Science at Cleveland State University. He has more than 200 academic publications and three of his recent research papers in the dependable distributed computing area have won the best paper awards. Dr. Zhao also has two US utility patents and a patent application on blockchain under review.List of Figures xiiiList of Tables xixAcknowledgments xxiPreface xxiiiReferences xxix1 INTRODUCTION 11.1 Basic Concepts and Terminologies for Dependable Computing 21.1.1 System Models 21.1.2 Threat Models 31.1.3 Dependability Attributes and Evaluation Metrics 61.2 Means to Achieve Dependability 91.2.1 Fault Avoidance 91.2.2 Fault Detection and Diagnosis 91.2.3 Fault Removal 101.2.4 Fault Tolerance 111.3 System Security 13References 182 LOGGING AND CHECKPOINTING 212.1 System Model 222.1.1 Fault Model 232.1.2 Process State and Global State 232.1.3 Piecewise Deterministic Assumption 262.1.4 Output Commit 262.1.5 Stable Storage 272.2 Checkpoint-Based Protocols 272.2.1 Uncoordinated Checkpointing 272.2.2 Tamir and Sequin Global Checkpointing Protocol 292.2.3 Chandy and Lamport Distributed Snapshot Protocol 352.2.4 Discussion 382.3 Log Based Protocols 402.3.1 Pessimistic Logging 422.3.2 Sender-Based Message Logging 51References 603 RECOVERY-ORIENTED COMPUTING 633.1 System Model 653.2 Fault Detection and Localization 683.2.1 Component Interactions Modeling and Anomaly Detection 723.2.2 Path Shapes Modeling and Root Cause Analysis 763.2.3 Inference-Based Fault Diagnosis 803.3 Microreboot 893.3.1 Microrebootable System Design Guideline 903.3.2 Automatic Recovery with Microreboot 913.3.3 Implications of the Microrebooting Technique 923.4 Overcoming Operator Errors 933.4.1 The Operator Undo Model 943.4.2 The Operator Undo Framework 95References 994 DATA AND SERVICE REPLICATION 1034.1 Service Replication 1054.1.1 Replication Styles 1074.1.2 Implementation of Service Replication 1094.2 Data Replication 1114.3 Optimistic Replication 1164.3.1 System Models 1174.3.2 Establish Ordering among Operations 1194.3.3 State Transfer Systems 1224.3.4 Operation Transfer System 1264.3.5 Update Commitment 1314.4 CAP Theorem 1364.4.1 2 out 3 1394.4.2 Implications of Enabling Partition Tolerance 140References 1435 GROUP COMMUNICATION SYSTEMS 1475.1 System Model 1495.2 Sequencer Based Group Communication System 1525.2.1 Normal Operation 1535.2.2 Membership Change 1575.2.3 Proof of Correctness 1655.3 Sender Based Group Communication System 1665.3.1 Total Ordering Protocol 1675.3.2 Membership Change Protocol 1745.3.3 Recovery Protocol 1835.3.4 The Flow Control Mechanism 1905.4 Vector Clock Based Group Communication System 192References 1976 CONSENSUS AND THE PAXOS ALGORITHMS 1996.1 The Consensus Problem 2006.2 The Paxos Algorithm 2026.2.1 Algorithm for Choosing a Value 2026.2.2 Algorithm for Learning a Value 2046.2.3 Proof of Correctness 2046.2.4 Reasoning of the Paxos Algorithm 2066.3 Multi-Paxos 2126.3.1 Checkpointing and Garbage Collection 2136.3.2 Leader Election and View Change 2146.4 Dynamic Paxos 2166.4.1 Dynamic Paxos 2176.4.2 Cheap Paxos 2206.5 Fast Paxos 2276.5.1 The Basic Steps 2286.5.2 Collision Recovery, Quorum Requirement, and Value Selection Rule 2296.6 Implementations of the Paxos Family Algorithms 2356.6.1 Hard Drive Failures 2366.6.2 Multiple Coordinators 2366.6.3 Membership Changes 2376.6.4 Limited Disk Space for Logging 241References 2427 BYZANTINE FAULT TOLERANCE 2457.1 The Byzantine Generals Problem 2467.1.1 System Model 2477.1.2 The Oral Message Algorithms 2507.1.3 Proof of Correctness for the Oral Message Algorithms 2607.2 Practical Byzantine Fault Tolerance 2617.2.1 System Model 2627.2.2 Overview of the PBFT Algorithm 2637.2.3 Normal Operation of PBFT 2657.2.4 Garbage Collection 2677.2.5 View Change 2687.2.6 Proof of Correctness 2717.2.7 Optimizations 2737.3 Fast Byzantine Agreement 2777.4 Speculative Byzantine Fault Tolerance 2787.4.1 The Agreement Protocol 2797.4.2 The View Change Protocol 2837.4.3 The Checkpointing Protocol 2887.4.4 Proof of Correctness 288References 2908 CRYPTOCURRENCY AND BLOCKCHAIN 2958.1 History of Cryptocurrency 2958.2 Bitcoin 2988.2.1 Decentralized Network and Architecture 3018.2.2 Self-Contained Cryptography 3028.2.3 Decentralized Data Structure 3048.2.4 Decentralized Algorithms 3138.3 Ethereum 3178.3.1 Ethereum Computing Model 3188.3.2 Block and Consensus 3268.3.3 Tokenization 3408.4 Attacks on Blockchain 342References 3479 CONSENSUS ALGORITHMS FOR BLOCKCHAIN 3499.1 Model on Blockchain Consensus 3539.1.1 Requirements on Puzzle Design 3549.1.2 Zero-Knowledge Proof 3559.2 Proof of Work 3569.3 Proof of Resources 3579.3.1 Using Storage as Resource 3579.3.2 Using Computing as Resource 3599.4 Virtual Mining 3609.4.1 PeerCoin PoS 3609.4.2 Fixed-Epoch Time Based PoS Schemes 3689.4.3 Proof of Elapsed Time 371References 37510 BLOCKCHAIN APPLICATIONS 37710.1 The Value of Blockchain 37810.1.1 Non-Functional Benefits 37910.1.2 Functional Benefits 38210.2 Blockchain-Enabled Cyber-Physical Systems 38310.2.1 Cyber-Physical Systems 38310.2.2 Application Categories 38510.2.3 Blockchain-Enabled Operations in CPS 39010.3 On Blockchain Throughput 39810.3.1 On-Chain Approach 39910.3.2 Off-Chain Approach 40210.4 A Critical Look on Blockchain from Economy Perspective 40810.4.1 Blockchain Technology from the Economic View 40910.4.2 Economic Functions of Blockchain 41210.4.3 Blockchain as a Financial Infrastructure 416References 419Index 427
JavaServer Faces und Jakarta Server Faces 2.3 (3.Auflg.)
Das Arbeitsbuch für Java-Webentwickler in aktualisierter 3. Auflage.JavaServerTM Faces und Jakarta Server Faces 2.3 sind ein Framework für die Entwicklung von Benutzerschnittstellen für bzw. als Teil einer Java-Web-Anwendung. Dieses Arbeitsbuch führt Sie Schritt für Schritt in die Programmierung mit JSF ein. Sie erfahren, wie Sie damit moderne Benutzerschnittstellen für die Praxis entwickeln.Und natürlich geht es auch darum, wie JSF in eine Java-Web-Anwendung zu integrieren sind. Behandelt werden auch Themen wie die Anbindung an eine Datenbank mit JPA, die Verwendung von CDI sowie Authentifizierung und Autorisierung.Verfolgen Sie Schritt für Schritt die Entwicklung einer betrieblichen Anwendung und lernen Sie so anhand realer Aufgabenstellungen alle wichtigen Aspekte von JSF 2.3 kennen. Mit Hilfe der Übungen, deren Lösungen sich von der Website zum Buch und von GitHub herunterladen lassen, können Sie das Gelernte selbst ausprobieren und umsetzen.Aus dem Inhalt:EinleitungJSF im DetailContext und Dependency InjectionWeiterführende ThemenClassic ModelsSpezialthemenVerwendete SystemeAusblick/Anhang: Die Tags der Standardbibliotheken
JavaServer™ Faces und Jakarta Server Faces 2.3
DAS ARBEITSBUCH FÜR JAVA-WEBENTWICKLER // - Steigen Sie mit diesem fundierten Arbeitsbuch in die Entwicklung von Benutzerschnittstellen mit JavaServerTM Faces und Jakarta Server Faces 2.3 ein. - Anhand einer Beispielanwendung werden alle wichtigen Aspekte von JSF erläutert. - Vertiefen und erweitern Sie Ihre Fertigkeiten mit den zahlreichen Übungen. - Verwendet werden ausschließlich Open-Source-Systeme, so dass Sie alle Übungen und Beispiele ohne weitere Lizenzkosten nachvollziehen können. - Im Internet: Quell-Code zu den Beispielen und Lösungen der Übungen auf der Autorenwebsite zum Buch und GitHub - Ihr exklusiver Vorteil: E-Book inside beim Kauf des gedruckten Buches JavaServerTM Faces und Jakarta Server Faces 2.3 sind ein Framework für die Entwicklung von Benutzerschnittstellen für bzw. als Teil einer Java-Web-Anwendung. Dieses Arbeitsbuch führt Sie Schritt für Schritt in die Programmierung mit JSF ein. Sie erfahren, wie Sie damit moderne Benutzerschnittstellen für die Praxis entwickeln. Und natürlich geht es auch darum, wie JSF in eine Java-Web-Anwendung zu integrieren sind. Behandelt werden auch Themen wie die Anbindung an eine Datenbank mit JPA, die Verwendung von CDI sowie Authentifizierung und Autorisierung. Verfolgen Sie Schritt für Schritt die Entwicklung einer betrieblichen Anwendung und lernen Sie so anhand realer Aufgabenstellungen alle wichtigen Aspekte von JSF 2.3 kennen. Mit Hilfe der Übungen, deren Lösungen sich von der Website zum Buch und von GitHub herunterladen lassen, können Sie das Gelernte selbst ausprobieren und umsetzen. AUS DEM INHALT // Einleitung/JSF im Detail/Context und Dependency Injection/Weiterführende Themen/Classic Models/Spezialthemen/Verwendete Systeme/Ausblick/Anhang: Die Tags der Standardbibliotheken
Information Refinement Technologies for Crisis Informatics
Marc-André Kaufhold explores user expectations and design implications for the utilization of new media in crisis management and response. He develops a novel framework for information refinement, which integrates the event, organisational, societal, and technological perspectives of crises. Therefore, he reviews the state of the art on crisis informatics and empirically examines the use, potentials and barriers of both social media and mobile apps. Based on these insights, he designs and evaluates ICT concepts and artifacts with the aim to overcome the issues of information overload and quality in large-scale crises, concluding with practical and theoretical implications for technology adaptation and design.About the author:Marc-André Kaufhold is a postdoc at the Chair of Science and Technology for Peace and Security (PEASEC) in the Department of Computer Science at the Technical University of Darmstadt. His research focuses on the user-centred design and evaluation of mobile apps and social media technologies in the context of crisis and security research.Part I: Outline.- Part II: Theoretical and Empirical Findings.- Part III: Design and Evaluation Findings.- Part IV: Conclusion and Outlook.
Configuration of Apache Server To Support ASP
The paper aim is to configure Apache Server to support ASP. Two methods were tested. The first, by installing Bundle::Apache::ASP, and the second, by installing SUN ONE ASP Server. Two possible options for connecting to a Microsoft Access database with Sun ONE ASP for UNIX or Linux, using the using SequeLink, and using the Sun ONE ASP Database Publisher tool to migrate an Access database to MySQL, were studied. The paper is composed from the following parts,1. Setting up working environment when working with CodeCharge Studio program, software for building web applications.2. Connecting to databases in ASP.3. ASP program example.4. Configuring apache server to support ASP by installing Bundle::Apacahe::ASP.5. Configuring apache server to support ASP by installing Sun ONE ASP.I am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator.I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering.I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: www.hidaia-alassouli.000space.comEmail: hidaia_alassouli@hotmail.com
Cisco Networks
For beginning and experienced network engineers tasked with building LAN, WAN, and data center connections, this book lays out clear directions for installing, configuring, and troubleshooting networks with Cisco devices. Cisco Networks, 2nd Edition is a practical guide and desk reference for Cisco engineers. This new edition will discuss tools that can be used to automate and troubleshoot networks. A new chapter on quality of service has been added to teach managing network resources by prioritizing specific types of network traffic. The new edition has an updated wireless section which focuses on an updated controller and integration with Cisco Identity Services Engine (ISE) and Cisco Prime Infrastructure.This practical desk companion doubles as a comprehensive overview of the basic knowledge and skills needed by CCNA and CCNP exam takers. Prior familiarity with Cisco routing and switching is desirable but not necessary, as Chris Carthern, Dr. Will Wilson, and Noel Rivera start their book with a review of network basics. Further they explain practical considerations and troubleshooting when establishing a physical medium for network communications. Later they explain the concept of network layers, intermediate LAN switching, and routing. Next they introduce you to the tools and automation used with Cisco networks. Moving forward they explain management planes, data planes, and control planes. Next they describe advanced security, trouble shooting, and network management. They conclude the book with a section which focuses on using network automation to automate Cisco IOS networks.WHAT YOU WILL LEARN* Configure Cisco switches, routers, and data center devices in typical corporate network architectures* Use black-hat tools to conduct penetration testing on the security of your network* Configure and secure virtual private networks (VPNs)* Enable identity management in your network with the Cisco Identity Services Engine (ISE) WHO THIS BOOK IS FORNetwork designers, engineers, programmers, managers, and students.CHRIS is a senior network engineer for Mantech and has worked for the department of defense. He is responsible for designing, installing, and maintaining the Cisco network infrastructure and mentoring junior network engineers. Carthern took his BS (honors) in computer science from Morehouse College and his MS in system engineering from the University of Maryland Baltimore County (UMBC). He holds the following certifications: Cisco Certified Network Professional (CCNP), Certified Information Systems Security Professional (CISSP), Brocade Certified Network Professional (BCNP), and ITIL v3. He is also an award winning photographer and indie movie producer.NOEL RIVERA is a systems architect with CACI who specializes in communications networks, IT security, and infrastructure automation. He has worked at NASA, DoD, Lockheed Martin, and CACI. Mr. Rivera holds a bachelors of electrical engineering from the University of Puerto Rico at Mayaguez and two masters degrees one in electrical engineering and another in computer science from Johns Hopkins University. Mr. Rivera holds the following certifications: Cisco Internetwork Expert in Routing and Switching (CCIE-RS), Cisco Internetwork Expert in Security (CCIE-SEC), Certified Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Juniper Network Certified Service Provider Professional (JNCIP-SP ), Juniper Networks Certified Cloud Professional (JNCIP-Cloud), VMWare Certified Data Center Virtualization Professional (VCP-DCV), VMWare Certified Network Virtualization Professional (VCP-NV), ITILv3 and is currently working on his Juniper Networks Certified Service Provider Expert certification (JNCIE-SP) and Microsoft Azure Solutions Architect Expert certification.DR. WILSON is a senior network consulting engineer. He specializes in optimization of routing and in security. He is responsible for assisting customers with resolving complex architectural and operation issues. He holds a bachelor’s degree in mathematics from the University of Colorado. His doctorate is in computer science with a focus on applications of artificial intelligence in information security. He maintains the following certifications: Cisco CCIE Routing and Switching, CCIE Security, all of the CCNP tracks, Cisco DevNet Professional, VMware VCP-NV, Certified Ethical Hacker, CISSP, MCSE, and PMP.CHAPTER 1. PRACTICAL NETWORKING INTRO[The purposes and functions each layer in network communications; discussion of OSI and TCP/IP protocols. How the layers work together and what do they tell us about the layers below.]1.1 OSI Model1.2 Physical layer1.3 Data Link layer1.4 Network layer1.5 Transport layer1.6 Session layer1.7 Presentation layer1.8 Application layer1.9 TCP/IP Protocol1.10 Port Numbers - (List common enterprise port numbers)1.11 Types of Communications - Broadcast, Unicast, Multicast and Anycast1.12 Types of Networks1.13 Network Architectures1.14 Intro and use case for software define networking1.15 SummaryCHAPTER 2. THE PHYSICAL MEDIUM[Practical considerations and troubleshooting when establishing a physical medium for network communications. Common problems at the physical layer.]2.1 Physical medium2.2 Standards2.3 Cables2.4 Ethernet2.5 Negotiation2.6 Duplex2.7 Unidirectional Link Detection (UDLD)2.8 Common issues2.9 SummaryCHAPTER 3. PROTOCOLS AND THE DATA LINK LAYER[The idea of protocols and their use, functions of the data link layer using IEEE 802.3 and switching. What the data link tells about the physical medium state and the higher layer protocols.]3.1 Protocols -- Ethernet, MPLS, LLDP, CDP, Spanning Tree, LACP, DOT1Q,3.2 Link layer functions3.3 Link layer discovery protocol3.4 Link layer related to other layers3.5 Types of messages3.6 SummaryCHAPTER 4. THE NETWORK LAYER[The concept of routing, which protocol transmissions are routable and IP addressing, including architecture requirements for IPv4 and IPv6 networks; subnetting. Observing the protocol layer transitions with packet captures]4.1 IP Communication Types - Broadcast, Multicast, Unicast, Anycast4.2 IP Addressing (Public vs Private) Bogons and Martians4.3 CIDR4.4 IPv44.5 IPv64.6 Subnetting4.7 Subnetting exercises4.8 SummaryCHAPTER 5. INTERMEDIATE LAN SWITCHING[Basic switching concepts, switch operations, common switching helper protocols their use and functions: (Trunking 802.1q, EtherChannels 802.3ad, RSTP 802.1D. Review the purpose of VLANs; their implementation and multilayer devices.]5.1 Switching5.2 LAGs5.3 Spanning Tree and Spanning Tree interop, Spanning Tree Convergence5.4 VLANs5.5 Trunking5.6 VTP5.7 MSTP5.8 Labs; Exercises5.9 SummaryCHAPTER 6. ROUTING[Routing concepts with practical implementation, including static routing and dynamic protocols such as OSPF, BGP, RIP and EIGRP.]6.1 Static routing6.2 Routing protocols6.3 IS-IS6.4 EIGRP6.5 OSFP6.6 BGP6.7 Labs; Exercises6.8 SummaryCHAPTER 7. INTRODUCTION TO TOOLS AND AUTOMATION[Introduction into using tools and automation that will be used in further chapters for different use cases.]7.1 Tools overview7.2 Introduction to prime infrastructure7.3 Introduction to ISE7.4 Introduction to SD-WAN / vManage7.5 Introduction to DNACHAPTER 8. SWITCH AND ROUTER TROUBLESHOOTING (NOTE: NEEDS WORK, ADD MPLS TROUBLESHOOTING.ROUTING TROUBLESHOOTING CAN BE QUIET BIG SHOULD WE BREAK IT DOWN?WE ALSO NEED TO ADD DATA STRUCTURES FOR SWITCHING/ROUTING: MAC TABLE, ARP TABLE, CEF ADJACENCY TABLE, FIB TABLES, RIB TABLE ETC.)[How to troubleshoot and resolve issues with Cisco network devices and Client side tools.]8.1 Techniques8.2 VLANs8.3 Trunking8.4 Routing8.5 Dynamic routing8.6 Spanning tree8.7 EtherChannel8.8 Tools8.9 Labs; Exercises8.10 SummaryCHAPTER 9. NAT/DHCP (ADD A SECTION ON NAT AND IPSEC AND NAT AFFECTED PROTOCOLS)[The purpose of NAT and DCHP and how to configure them on network devices.]9.1 NAT9.2 Static Nat9.3 Dynamic Nat9.4 PAT9.5 DHCP9.6 Setting up router as DHCP server9.7 NAT affected protocols9.8 Labs; Exercises9.9 SummaryCHAPTER 10. MANAGEMENT PLANE[How to administer Cisco devices, including booting, working from rommom, managing cisco images, upgrading the IOS, and configuring syslog and SNMPv3. Also port security, access-lists, password security and ssh, SNMPv3, TACACS, RADIUS, Logging]10.1 Authentication and authorization10.2 SSH10.3 Password recovery10.4 User accounts10.5 Logging10.6 Banners10.7 AAA10.8 Disabling services10.9 IOS switch upgrade10.10 Configuration using prime infrastructure10.11 Introduction to netconf10.12Labs; Exercises10.13 SummaryCHAPTER 11. DATA PLANE[Commons traffic protocols and the applications of filters. Netflow/Sflow]11.1 Traffic protocols11.2 Filters11.3 Netflow/Sflow11.4 Labs; Exercises11.5 SummaryCHAPTER 12. CONTROL PLANE[Securing the protocol exchange, IGP, BGP, DNS and NTP]12.1 Layer 212.2 IGP12.3 BGP12.4 DNS12.5 Protocol independent multicasting12.6 NTP12.7 Managing control plane using tools12.8 Labs; Exercises12.9 SummaryCHAPTER 13. INTRODUCTION TO AVAILABILITY[Redundancy at layer 2 and layer 3: GLBP, VRRP and multilinks. How to VoIP and video configurations; creating high availability and redundancy.]13.1 High availability13.2 HSRP13.3 VRRP13.4 GLBP13.5 SLB13.6 Multilinks13.7 Layer 2 extensions overview13.8 Labs; Exercises13.9 SummaryCHAPTER 14. ADVANCED ROUTING[How to implement multi-area OSPF, eBGP, IPv6 routing, IPv4 route redistribution to static routes, and dynamic routing protocols; layer 3 path control; implementing basic teleworker and branch services, including GRE tunnels]14.1 Route maps14.2 Policy based routing14.3 Redistribution14.4 EIGRP14.5 Multi-area OSPF14.6 BGP14.7 IPv6 routing14.8 GRE tunnels14.9 IPsec VPNs14.10 Labs; Exercises14.11 SummaryCHAPTER 15. QOS[How to implement, manage and optimize QoS in Cisco Networks]15.1 Intro to QoS15.2 Classification and marking15.3 Policing and shaping15.4 QoS in IPv615.5 QoS design strategies15.6 QoS for tunnels and sub-interfaces15.7 Troubleshooting15.8 Labs15.9 SummaryCHAPTER 16. ADVANCED SECURITY[How to implement advanced security solutions, including private VLANs, VACLs and PACLs; implementing port authentication, and Extended ACLs.]16.1 Private VLANs16.2 Dot1x16.3 Extended ACL16.4 VACL16.5 PACL16.6 MAC ACL16.7 DHCP snooping16.8 IDS/IPS16.9 MAC SEC16.10 Compliance16.11 Labs; Exercises16.12 SummaryCHAPTER 17. ADVANCED TROUBLESHOOTING[How to verify advanced routing problems, including EIGRP, OSPF, eBGP, route redistribution, NAT, DHCP, VACLs, PACLs, and IPv6 routing.]17.1 Route redistribution17.2 ACLs17.3 NAT17.4 PACL17.5 Dynamic routing protocols17.6 IPv617.7 IPsec17.8 GRE tunnels17.9 HSRP, VRRP, GLBP17.10 Labs; Exercises17.11 SummaryCHAPTER 18. EFFECTIVE NETWORK MANAGEMENT[Aggregation of data from the control, data and managementplane for effective network and data flow management. Use of logs, SNMP, IDSalerts and Netflow/Sflow]18.1 Logs18.2 SNMP18.3 SLAs and embedded event manager18.4 sFlow/NetFlow18.5 Tools18.6 Labs; Exercises18.7 SummaryCHAPTER 19. DATA CENTER[How to configure VLANs and interswitch communications using a Nexus with NX-OS software; configuring routing on NX-OS software, including OSPF and BGP; port channels and port profiles; configuring the Nexus for Fabric Extender (FEX) support.]19.1 NX-OS19.2 NX-OSv overview19.3 VLAN19.4 VTP19.5 Virtual Route Forwarding (VRF)19.6 EIGRP19.7 OSPF19.8 BGP19.9 Port profiles19.10 Fabric extenders19.11 Fabric design19.12 GLBP19.13 Virtual Port Channel (vPC)19.14Virtual Device Context (VDC)19.15 VXLAN19.16 OTV19.17 ACI overview19.18 Labs; Exercises19.19 SummaryCHAPTER 20. WIRELESS LAN[The basic components of the Cisco Wireless Network architecture; how to install access points and wireless controllers and incorporate them into switches; wireless security, including port authentication, authentication, and encryption.]20.1 Wireless components20.2 Wireless access points20.3 Wireless controllers20.4 Integration with ISE20.5 Cisco prime infrastructure20.6 Security and authentication20.7 Labs; Exercises20.8 SummaryCHAPTER 21. FIREPOWER[The basic components of the Cisco Firepower; how to configure and manage firewalls and Intrusion Prevention and incorporating them into network architectures, including traffic analysis, Packet filtering, NAT, VPNs, Remote Access and device management.]21.1 Testing Policies in a Safe Environment21.2 Baseline network21.3 Access rules21.4 Open services21.5 Anti-Spoofing21.6 Service policies21.7 Cluster21.8 Multi-Context21.9 Virtual21.10 Active/Active21.11 Active/Standby21.12 SGT based ACLs21.13 Routing21.14 VPNs21.15 Labs; Exercises21.16 SummaryCHAPTER 22. NETWORK PENETRATION TESTING[This section will focus on testing the security of your network; performing basic network penetration testing using NMAP, NESSUS, Linux Backtrack and Metasploit tools.]22.1 Reconnaissance and scanning22.2 Vulnerability assessment22.3 Exploitation22.4 Labs22.5 SummaryCHAPTER 23. MPLS[This section will focus on Multiprotocol Label Switching (MPLS) and its implementation in modern networks that is mostly used by enterprises and service providers.]23.1 Intro to MPLS23.2 LDP23.3 MPLS Layer3 VPN23.4 MPLS Layer2 VPN (VPLS)23.5 VRF Lite23.6 IPv6 over MPLS23.7 MPLS troubleshooting23.8 Labs23.9 SummaryCHAPTER 24. DMVPN[This section will focus on the implementation of dynamic multipoint virtual private networks (DMVPN). We will explore implementing DMVPNs with a hub and spoke architecture; using routing protocols and IPsec.]24.1 Intro DMVPN24.2 Phase 124.3 Phase 224.4 Phase 324.5 Flex VPN24.6 DMVPN troubleshooting24.7 Labs24.8 SummaryCHAPTER 25. NETWORK AUTOMATION[This section will focus on using network automation to automate Cisco IOS networks.]25.1 Python25.2 Python APIs25.3 Napalm25.4 Nornir25.5 Labs25.6 Summary
SAP Solution Manager
Mit diesem Buch lernen Sie alle Funktionen von SAP Solution Manager 7.2 SPS11 in praktischen Anleitungen kennen. Das Autorenteam zeigt Ihnen, wie Sie die verschiedenen Werkzeuge einrichten und anwenden, z.B. Change Request Management, Projektmanagement, Focused Build und die Test-Suite. Nicht zuletzt erfahren Sie, wie der SAP Solution Manager Sie in allen Phasen eines SAP-S/4HANA-Projekts unterstützt. Aus dem Inhalt: GrundkonfigurationNeue FunktionenProzessmanagement und LösungsdokumentationIT-ServicemanagementProjektmanagementAnforderungsmanagementChange Control ManagementTest-SuiteTechnischer und fachlicher BetriebCustom Code ManagementFocused Build, Focused Run und Focused InsightsMigration nach SAP S/4HANA Vorwort ... 19 Einleitung ... 21 1. SAP Solution Manager 7.2 - Funktionsüberblick ... 27 1.1 ... Einsatzmöglichkeiten des SAP Solution Managers ... 27 1.2 ... ITIL mit dem SAP Solution Manager ... 28 1.3 ... Die wichtigsten Neuerungen in SAP Solution Manager 7.2 SPS05 bis SPS11 ... 32 1.4 ... Erste Schritte mit SAP Solution Manager 7.2 in der SAP Cloud Appliance Library ... 36 1.5 ... Einführungsmethode der nächsten Generation - SAP Activate ... 40 1.6 ... Offen für alles - neue APIs ... 40 1.7 ... Nutzungsrechte für Kunden ... 41 2. Grundkonfiguration ... 43 2.1 ... Wichtige Informationen und SAP-Hinweise zur Grundkonfiguration ... 44 2.2 ... Obligatorische Konfigurationsaufgaben ... 45 2.3 ... Verwaltete Systeme konfigurieren ... 66 2.4 ... Grundkonfiguration der Embedded Search ... 76 2.5 ... Benutzer mit der Benutzerverwaltung anlegen ... 78 3. Prozessmanagement ... 81 3.1 ... Grundlegende Begriffe und Konzepte ... 83 3.2 ... Voraussetzungen für die Nutzung des Prozessmanagements ... 91 3.3 ... Lösungsverwaltung ... 96 3.4 ... Lösungsdokumentation ... 116 3.5 ... Deployments ... 152 3.6 ... Integration in andere Bereiche des SAP Solution Managers ... 156 3.7 ... SAP Best Practices für die Lösungsdokumentation ... 162 4. IT-Servicemanagement ... 165 4.1 ... Benutzeroberflächen des IT-Servicemanagements ... 165 4.2 ... Grundvoraussetzungen für den Einsatz des IT-Servicemanagements ... 181 4.3 ... Zentrale Funktionen des IT-Servicemanagements ... 197 4.4 ... Prozesse im IT-Servicemanagement ... 232 4.5 ... Focused-Build-Erweiterung »einfache IT-Anforderung« ... 257 4.6 ... Kundenbericht: Erweiterungen für das ITSM und ChaRM bei der bonprix Handelsgesellschaft mbH ... 265 5. Projektmanagement ... 271 5.1 ... Einführung in das IT-Portfolio- und Projektmanagement ... 272 5.2 ... Voraussetzungen für den Einsatz des IT-Projektmanagements ... 274 5.3 ... Projektarten ... 281 5.4 ... Projekte verwalten ... 282 5.5 ... Projektanalyse und Dashboards ... 304 5.6 ... Integration von IT-PPM und SAP Solution Manager ... 308 5.7 ... SAP-Roadmaps ... 313 6. Anforderungsmanagement ... 315 6.1 ... Wichtige Begriffe im Kontext des Anforderungsmanagements ... 315 6.2 ... Grundkonfiguration des Anforderungsmanagements ... 317 6.3 ... Funktionen des Anforderungsmanagements ... 327 6.4 ... SAP-Fiori-Applikation »Meine Geschäftsanforderungen« ... 346 7. Change Control Management ... 351 7.1 ... Einordnung von Change Request Management und Quality Gate Management ... 352 7.2 ... Grundvoraussetzungen für den Einsatz von Change Request Management und Quality Gate Management ... 354 7.3 ... Quality Gate Management ... 381 7.4 ... Verfügbare Transportmanagementinfrastruktur ... 389 7.5 ... Transportbezogene Prüfungen ... 396 7.6 ... Nützliche Funktionen für duale Systemlandschaften ... 413 7.7 ... Transportanalyse und Änderungsdiagnose ... 422 8. Change Request Management ... 429 8.1 ... Architektur des Change Request Managements ... 429 8.2 ... Änderungszyklen ... 434 8.3 ... Aufgabenpläne ... 448 8.4 ... Änderungsantrag ... 450 8.5 ... Änderungsdokumente ... 456 8.6 ... Nützliche Funktionen im Change Request Management ... 489 8.7 ... Integration des Change Request Managements mit anderen SAP-Solution-Manager-Szenarien ... 503 9. Test-Suite ... 511 9.1 ... Die Test-Suite im Überblick ... 512 9.2 ... Grundkonfiguration der Test-Suite ... 514 9.3 ... Der Testprozess ... 526 9.4 ... Testautomatisierung ... 557 9.5 ... Änderungseinflussanalyse ... 571 10. Technischer Betrieb ... 591 10.1 ... Einheitliche User Experience für das Monitoring ... 592 10.2 ... Berechtigungen im Umfeld des technischen Betriebs ... 595 10.3 ... Architektur der Monitoring and Alerting Infrastructure ... 596 10.4 ... Technisches Monitoring ... 606 10.5 ... Integrations-Monitoring ... 636 10.6 ... Monitoring von SAP HANA und Business-Intelligence-Lösungen ... 645 10.7 ... Ausnahmenverwaltung ... 647 10.8 ... SAP EarlyWatch Alert ... 650 10.9 ... Technische Administration ... 652 10.10 ... Konfigurationsvalidierung ... 665 10.11 ... Ursachenanalyse ... 673 10.12 ... Monitoring-Dashboards ... 675 10.13 ... Kundenbericht: System Monitoring bei der s.Oliver Bernd Freier GmbH & Co.KG ... 678 11. Fachlicher Betrieb ... 683 11.1 ... Was wir unter dem Begriff »Business Process Operations« verstehen ... 684 11.2 ... Voraussetzungen für die Nutzung von Business-Process-Operations-Anwendungen ... 685 11.3 ... Geschäftsprozess-Monitoring ... 689 11.4 ... Geschäftsprozessoptimierung ... 704 11.5 ... Jobverwaltung ... 715 11.6 ... Datenkonsistenzmanagement ... 724 11.7 ... Perfomanceoptimierung für Geschäftsprozesse ... 733 11.8 ... Anwendungsbeispiel: IDoc-Monitoring ... 734 11.9 ... Kundenbericht: Geschäftsprozess-Monitoring bei der Otto Group ... 736 12. Verwaltung kundeneigener Entwicklungen ... 745 12.1 ... Einführung in das Custom Code Lifecycle Management ... 745 12.2 ... Grundvoraussetzungen für den Einsatz des Custom Code Lifecycle Managements ... 747 12.3 ... Stadtmodell ... 754 12.4 ... Bibliothek für kundeneigene Entwicklungen ... 756 12.5 ... Qualitäts-Cockpit ... 760 12.6 ... Stilllegungs-Cockpit ... 765 12.7 ... SAP-BW-Reporting ... 772 12.8 ... Dashboard für die Verwaltung kundeneigener Entwicklungen ... 774 12.9 ... Custom Code Analytics ... 776 12.10 ... Kundenbericht: Vorbereitung auf SAP S/4HANA bei den Wuppertaler Stadtwerken ... 778 13. Focused Solutions ... 783 13.1 ... Focused Build ... 783 13.2 ... Focused Insights ... 841 13.3 ... SAP Focused Run ... 863 14. SAP Solution Manager und SAP S/4HANA ... 871 14.1 ... Phase »Discover« ... 873 14.2 ... Phase »Prepare« ... 876 14.3 ... Phase »Explore« ... 878 14.4 ... Phasen »Realize« und »Deploy« ... 880 14.5 ... Phase »Run« ... 882 15. Weitere Funktionen ... 885 15.1 ... Datenvolumenmanagement ... 885 15.2 ... SAP-Engagement und Servicelieferung ... 896 15.3 ... Systemempfehlungen ... 899 15.4 ... TREX ... 902 Das Autorenteam ... 905 Index ... 909