Edgar Magana, profile picture
Uploaded byEdgar Magana
492 views

OpenContrail at Workday - Security Policies Use Case

The document outlines a presentation by Mick McCarthy and Edgar Magana regarding their networking model in Workday's private cloud, detailing their process for creating virtual networks and managing network policies. It also discusses past issues faced with Contrail and plans for future improvements, including evaluating new versions for better high availability and policy management. The presentation concludes with a Q&A session.

Technology
Related topics:
CI/CD
Download to read offline
OpenContrail User Group Mick McCarthy & Edgar Magana, Workday Private Cloud. Sydney – November 2017.
Who Are We? Mick McCarthy Software Engineer, Workday Private Cloud. Edgar Magana Principal Engineer/Architect, Workday Private Cloud.
Outline of Talk ► Our Networking Model ► Our Network Policies ► How We Manage Our Network Policies ► Summary of Contrail Issues (Past 12 Months) ► Future of Workday Private Cloud & Contrail ► Questions
Our Current Networking Model Tree Topology
WPC – Creating Target Virtual Networks (1/2) •  We use a custom script, which takes in certain parameters to create RT virtual networks – e.g. •  Project UUID •  Network name •  Subnet prefix •  Route Target •  We add a routing object to interconnect •  Therefore, we require rules to ensure only desired communications.
WPC – Creating Target Virtual Networks (2/2) The script creates tenants and rules using YAML definitions: 1.  Sample tenant definition: 2.  Sample ACL:
How We Manage Our Network Policies
Summary of Contrail Issues (Past 12 Months) •  ZK Timeout Issue •  TBB Issue •  “IROND is Broken” •  LARGE number of rules !!!
Future of Workday Private Cloud & Contrail •  High Availability – Contrail 3.2 / Evaluating 4.1 •  Better management of ACLs •  Contrail in BM •  Label-based policy management
Thank You. Questions?

More Related Content

PDF
MicroProfile
byjclingan
 
PPT
Cloud Computing- Easy to use and Affordable
byCloudSyntrix
 
PDF
Modeling and Provisioning IoT Cloud Systems for Testing Uncertainties
byHong-Linh Truong
 
PDF
SAJACC WG Report Summary and Conclusions Jan 2013
byAlan Sill
 
PPT
Get Off My Cloud - Launching your Startup on The Cloud
byJoe Drumgoole
 
PDF
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John Engates
byRackspace
 
PDF
Building mobile apps with Realm for React Native
byKenneth Geisshirt
 
PDF
Bond, swift bond
byHenrique Morbin
 
MicroProfile
byjclingan
 
Cloud Computing- Easy to use and Affordable
byCloudSyntrix
 
Modeling and Provisioning IoT Cloud Systems for Testing Uncertainties
byHong-Linh Truong
 
SAJACC WG Report Summary and Conclusions Jan 2013
byAlan Sill
 
Get Off My Cloud - Launching your Startup on The Cloud
byJoe Drumgoole
 
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John Engates
byRackspace
 
Building mobile apps with Realm for React Native
byKenneth Geisshirt
 
Bond, swift bond
byHenrique Morbin
 

What's hot

PPTX
Meteor Pittsburgh Meetup 1-21-2014
byCory Trimm
 
PPTX
MongoDB.local Austin 2018: PetroCloud: MongoDB for the Industrial IOT Ecosystem
byMongoDB
 
PPT
Osdc - Meteor Intorduction
byAyush Narula
 
PPTX
The Decomposition Dilemma
byJoAnna Cheshire
 
PDF
Google's Infrastructure and Specific IoT Services
byIntel® Software
 
PPTX
Final cloud computing
byJuber Mangure
 
PPTX
Mininet Research Projects Help
byNetwork Simulation Tools
 
PDF
Service mesh wars
byAhmed Atef
 
Meteor Pittsburgh Meetup 1-21-2014
byCory Trimm
 
MongoDB.local Austin 2018: PetroCloud: MongoDB for the Industrial IOT Ecosystem
byMongoDB
 
Osdc - Meteor Intorduction
byAyush Narula
 
The Decomposition Dilemma
byJoAnna Cheshire
 
Google's Infrastructure and Specific IoT Services
byIntel® Software
 
Final cloud computing
byJuber Mangure
 
Mininet Research Projects Help
byNetwork Simulation Tools
 
Service mesh wars
byAhmed Atef
 

Similar to OpenContrail at Workday - Security Policies Use Case

PDF
Banv meetup 04162014
byozkan01
 
PDF
Using OpenContrail with Kubernetes
byMatt Baldwin
 
PDF
PLNOG 13: Nicolai van der Smagt: SDN
byPROIDEA
 
PDF
Opencontrail network virtualization
byNicolai van der Smagt
 
PDF
OpenContrail Overview
byJames Kelly
 
PDF
Banv meetup-contrail
bynvirters
 
PDF
Kubernetes OpenContrail Meetup
byLachlan Evenson
 
PDF
apidays Australia 2023 - Building On-Premise Hybrid API Platforms, David Free...
byapidays
 
PPTX
SD-WAN features and proposed in details.pptx
byAlsherif95
 
PDF
PLNOG 17 - Nicolai van der Smagt - Building and connecting the eBay Classifie...
byPROIDEA
 
PDF
NFD9 - Dinesh Dutt, Data Center Architectures
byCumulus Networks
 
PPTX
Cloud Networking - Greg Blomquist, Scott Drennan, Lokesh Jain - ManageIQ Desi...
byManageIQ
 
Banv meetup 04162014
byozkan01
 
Using OpenContrail with Kubernetes
byMatt Baldwin
 
PLNOG 13: Nicolai van der Smagt: SDN
byPROIDEA
 
Opencontrail network virtualization
byNicolai van der Smagt
 
OpenContrail Overview
byJames Kelly
 
Banv meetup-contrail
bynvirters
 
Kubernetes OpenContrail Meetup
byLachlan Evenson
 
apidays Australia 2023 - Building On-Premise Hybrid API Platforms, David Free...
byapidays
 
SD-WAN features and proposed in details.pptx
byAlsherif95
 
PLNOG 17 - Nicolai van der Smagt - Building and connecting the eBay Classifie...
byPROIDEA
 
NFD9 - Dinesh Dutt, Data Center Architectures
byCumulus Networks
 
Cloud Networking - Greg Blomquist, Scott Drennan, Lokesh Jain - ManageIQ Desi...
byManageIQ
 

More from Edgar Magana

PPTX
OpenStack & OpenContrail in Production
byEdgar Magana
 
PPTX
OpenStack @ Workday - CI/CD
byEdgar Magana
 
PPTX
SDN Symposium - Cybera
byEdgar Magana
 
PPTX
Cloud computing and OpenStack
byEdgar Magana
 
PPTX
Neutron DVR
byEdgar Magana
 
PPTX
The Battle of the distros - OS Summit Atlanta2014
byEdgar Magana
 
PDF
OpenStack Neutron Havana Overview - Oct 2013
byEdgar Magana
 
OpenStack & OpenContrail in Production
byEdgar Magana
 
OpenStack @ Workday - CI/CD
byEdgar Magana
 
SDN Symposium - Cybera
byEdgar Magana
 
Cloud computing and OpenStack
byEdgar Magana
 
Neutron DVR
byEdgar Magana
 
The Battle of the distros - OS Summit Atlanta2014
byEdgar Magana
 
OpenStack Neutron Havana Overview - Oct 2013
byEdgar Magana
 

Recently uploaded

PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PDF
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
MathML Core in WebKit
byIgalia
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 

OpenContrail at Workday - Security Policies Use Case

  • 1.
    OpenContrail User Group MickMcCarthy & Edgar Magana, Workday Private Cloud. Sydney – November 2017.
  • 2.
    Who Are We? MickMcCarthy Software Engineer, Workday Private Cloud. Edgar Magana Principal Engineer/Architect, Workday Private Cloud.
  • 3.
    Outline of Talk ►Our Networking Model ► Our Network Policies ► How We Manage Our Network Policies ► Summary of Contrail Issues (Past 12 Months) ► Future of Workday Private Cloud & Contrail ► Questions
  • 4.
    Our Current NetworkingModel Tree Topology
  • 5.
    WPC – CreatingTarget Virtual Networks (1/2) •  We use a custom script, which takes in certain parameters to create RT virtual networks – e.g. •  Project UUID •  Network name •  Subnet prefix •  Route Target •  We add a routing object to interconnect •  Therefore, we require rules to ensure only desired communications.
  • 6.
    WPC – CreatingTarget Virtual Networks (2/2) The script creates tenants and rules using YAML definitions: 1.  Sample tenant definition: 2.  Sample ACL:
  • 7.
    How We ManageOur Network Policies
  • 8.
    Summary of ContrailIssues (Past 12 Months) •  ZK Timeout Issue •  TBB Issue •  “IROND is Broken” •  LARGE number of rules !!!
  • 9.
    Future of WorkdayPrivate Cloud & Contrail •  High Availability – Contrail 3.2 / Evaluating 4.1 •  Better management of ACLs •  Contrail in BM •  Label-based policy management
  • 10.