Hi, this-is steve…government engineering I have with me today scott oxley also from as our government engineering and we’re going to be talking about infrastructure security on as our government welcome scott. Scott I knew that you are a security architect and you’ve been working with many government customers so, I guess the first question I have is how do you think about cloud security architecture and maybe more importantly how do you want your customers to think about I know …lot of customers they’re coming from a world of they have their on premise data center where they’re used to being able to reach out and touch their servers and having complete control so…the cloud is a shift for them so you’re working with them what do you tell them and how do you want them to think about it really it’s a is kind of starting a generational approach, you know, with the enterprise where they usually on all the hardware they see it they run their datacenters and that’s kind of more over the years that …they get that network service provider that provider that’s actually running into stuff for them well this is …next generation words basically you’re still have your asset to still can view those as virtual object …you know, session services but now the physical part of it becomes, you know, much more advanced much more complex and you still have the same view you had before you just don’t have those physical individual servers that you could touch before okay makes sense so this is a mindset shift but you can do a lot of the similar things you could do before you have very similar things very similar approaches so in that security approaches really back to the basics are still…still the same and, then working with those working with customers to understand how they transition are actually supporting bring those into their okay so…like that is not so scary thing okay, so, now that I understand a little bit about how to think about it from a big-picture perspective what are we talking about from a big-picture what do you communicate there, yeah, so, a lot of is really try to go just the basics of layer defense … kind of saying it doesn’t go away your enterprise and in the cloud is…capabilities is to really create their defense for your services that you move out there whether those be, you know, I as a pass services what you have an extension of your network or you setting up a small enclave or other, you know, supportive environment for service…so extension of your network so this something like expert something connected with express round here so expression comes into play this way or vp and even …can actually create…set of virtual network set of services that you deploy your servers on that connect back to your own enterprise networking maybe don’t connect to the internet so, I don’t have to go all cloud I don’t have to do all-or-nothing I can extend my current data center not necessarily do away with my own…datacenter extended exactly so I can actually start to create these hybrid services for I have no …back in enterprise services also influence…controlling my services I put in …okay I’m hearing the theme of this the layers …security architecture in layers not just one thing that just one silver bullet but fully having that defense in-depth he…a defense…and like I like to start off with…little thing to get out the cloud that you don’t normally have an enterprise is a worldwide difference dos protection, you know,…know something that microsoft is handling the …you know, you’re so we actually have, you know, we connect to isp worldwide…as an attack would happen or something like that usually goes regional…can actually isolate those two…mitigate them so they never actually get back to that full strength attack to a service ok so that’s kinda one of those…things that we could do as a cloud provider…going down below that now…gets …customers have the ability to define how they actually want their environment to look and operate okay so what do you mean by virtual network isolation so basically customer has ability create virtual networks these are networks that they actually define, define the ip addressing on it they actually control it it’s not controlled by the cloud services controlled by the customers …definitions are there’s you go deeper they can create subdivide that into some nuts and again also apply their own addressing how they want to …to manage and how they want each of those submits to communicate to each other, you know, that gets into this section of where they can define? Foot networks what devices sit on what networks there ip addressing and this …back into a gateway back to, you know, they’re on prime through express route or to the internet through load balance …of…gateways that way so I’m hearing you talk about …and I’m here you talk about …it as a developer I’ve put my developer had on I think to myself this sounds a little bit like…you know, my business tear my data theorem web tear in my sort of on the right tracker very much so, again, you can have between two subnet I can actually create one is being my light back-end or my dmv my mid tier and I can actually have functions between those two route between those formulas allowed to flow which is not allowed to flow so that actually sounds pretty familiar…my dune on prime datacenter anyway so again we’re very familiar concepts…when you’re talking about what’s allowed to flow I heard you mention something a few minutes ago network security groups and …a lot like you were talking about something like a firewall my thinking about that right what is a network security group …network secured groups are really a step below the firewall so these are more of the basic router apples or traditional just…rules you set up towards is loud what is not to …we have the ability to set both…chris rules and, you can set those by basically on a virtual network on individual subnet …against individual host so these are actually run below the layer virtual network that run actually outside of you were to do the traditional network flows are actually operated…level or within the base routers cloud ok so conceptually it sounds like a firewall because we’re talking about things like which ip ranges or even specific ip …available on what port but you say it’s not exactly a…one let’s actually earlier so again it basically has some hard fast rules about what it will our not allow now do you want to get that firewall approach where the …web application far…network base firewall you still have the ability to do that through appliances you have the ability to bring up those appliances and define the network routes …flow through that device and now you actually get that high-level player for level of firewall protection that you’re expecting…used to I’m seeing the common theme here which again goes back to that those layers not only do we have…also we can addition …a firewall and I… that last picture there you had the different subnet and you had your business…do to your …so frontier so he has a web developer I see that frontier…think that looks a lot like a dmv is that subnet a gmc what if I want to secure…even further, yeah, so, the…you do have that abilities like you could actually put in one of these appliances to be your gmc up to the internet so again if you’re protecting a web service front-end or other api …things like that you can put in really the…that makes sense for what the traffic flow you want to go through there then you have the ability to also put that in between so your dmv anger mid tier for eva and you’re back in back to your own program I see so this network virtual clients isn’t necessarily just for dmv I can actually use…anywhere…we used anywhere, anywhere in that because…a customer control flows between your networks you define your networks and you define the point is that traffic flows through so these pictures you have on the slide here I’m looking a lot of these and these look like this same appliances that maybe I’ve seen a traditional data center is it accurate for me to say that are they the same or they sort of software equivalence help me understand…much software equivalence mostly companies and producing been producing virtual firewalls virtual pointers for years now these are the same code …that they have for whether beyond physical…or the virtual …so you get the same capabilities again based on what they’ve released for the version and product environment and the within also …environment…the government you have the ability to actually select the size of machine …actually run that appliance on so-if you need one with,… two interfaces you can do that virtual machine that way with so much memory so much cpu processing capability for scale it up as you need okay cool so while there’s a really a lot of layers to this no pun intended but, it against the defense…and lot of options very robust that we have available any closing thoughts are key take ways that we should keep my… religious back too it’s like this doesn’t really change how you approach security it really just expands what you can do the agility you have but those basics you secure environment with now still…to the cloud…again getting back to what is the capability of trying to do what are you trying to protect and what’s the best way to proceed with that okay great makes sense…been very helpful but there’s been steve …with scott actually talking about security measure government thanks for listening.