Hypori Performance Webinar
-
Upload
graficguru -
Category
Business
-
view
57 -
download
0
Transcript of Hypori Performance Webinar
![Page 1: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/1.jpg)
![Page 2: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/2.jpg)
Slide 2
Host Android in the cloud, access via remote client apps:
Hypori ACE Serverssimilar to VDI servers
Hypori ACE Client from public app store or distributed by MAM
What is Hypori?
![Page 3: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/3.jpg)
Hypori Platform Terminology
Slide 3
![Page 4: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/4.jpg)
Hypori ACE System At Scale
Slide 4
![Page 5: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/5.jpg)
Typical ACE System Deployment
Slide 5
![Page 6: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/6.jpg)
Typical ACE System Deployment
Slide 6
![Page 7: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/7.jpg)
Slide 7
What is Hypori?
DEMO
![Page 8: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/8.jpg)
Slide 8
Cloud hosted Android for secure enterprise mobility
![Page 9: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/9.jpg)
Slide 9Slide 9
From DroidCloud to Hypori
![Page 10: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/10.jpg)
Slide 10
Sandbox AppsVMs / Containers
MAM
Don’t work on iOS, require ‘jail breaking’, limited market traction, not suitable for BYOD.
Proprietary containers, typically just email, browser + MS office, few apps, no sensors.
MDM
Cannot protect enterprise apps and data on personal devices, DroidCloud VDM partner.
Miscellaneous
Thin Clients
Various security approaches, typically a components of a broader solution.
Windows 7 not suited to mobile devices, Win8 struggling
Less intrusive than MDM for BYOD, but also less secure – low level of assurance.
Hypori compliments VDI thin clients, and is partnering with companies in every other box.
Enterprise Mobile Ecosystem
![Page 11: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/11.jpg)
Slide 11
Mobile Teleworking
Tactical CloudSenior Leader Comms
A virtual smartphone for every soldier, running in DISA’s DECC (the DoD cloud) – analogous to BYOD.
Forward deployed tactical clouds on land, sea and air platforms for special operations forces.
Partners
NGOs as part of international aid efforts, logistics providers, coalition partners.
Classified mobile communications for senior leaders and other DoD personnel.
What are the DoD use cases?
![Page 12: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/12.jpg)
Slide 12
• BYOD or EOD• Securing MDM for sensitive data• Email, calendar and web• Transaction approvals• Salesforce / CRM• SAP / ERP• In-house Android apps• TripIt / travel management• Phone calls / VTC
• BYOD published app mode• Extending MDM to third parties• Banking communications• Doc reviews / deal rooms• Viewing transaction activity• Transaction approvals• Treasury services• Market information services• Stock trading
CustomerEmployee
What are the banking use cases?
![Page 13: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/13.jpg)
Slide 13
Hypori leverages SEAndroid as the ACE Virtual Device remote OS, as well as existing Android apps.
Hypori leverages Linux with KVM as the backend baseline for its ACE Server.
Hypori leverages the SPICE (Red Hat) protocol as a foundation for its communications / traffic between the ACE Server and ACE clients.
Client Apps for Android, iOS, Windows 8, …
Linux & KVM for vHost, OpenStack, SEAndroid/AOSP for vDevice, plus storage, user directory, AV, app store.
What technologies do we use?
![Page 14: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/14.jpg)
Slide 14
How do we change Android?
![Page 15: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/15.jpg)
Slide 15
Product – RoadmapHypori product progress and roadmap:
• Version 3.0: Q3, 14 – MVP for Enterprise Deployments.Basic camera, server-side OpenGL / 3D, KitKat VD upgrade, SEAndroid, tuned X.264, status bar bypass, notifications, client certs, S/MIME, hardware crypto, high availability, geographical roaming, admin UI and APIs, LDAP/AD integration, SELinux, Splunk auditing integration.
• Version 3.1: Q1, 15 – MVP for Multi-Tenant Private Cloud.Client for Win8, remote camera / VTC, client-side OpenGL, media bypass, keyboard bypass, more PKI auth options, app data/sensor access controls, improved VD management and administration, basic instrumentation data exposed to security partners.
• Version 3.2: Q2, 15 – MVP for Multi-Tenant Public Cloud.Additional functionality TBD based on customer feedback, stability improvements, house keeping.
• Version 4.0: Q3, 15 – MVP for Multi-Tenant Public Cloud.Support for Google CTS, improved sensor support, Official Play support, improved client-side OpenGL, more advanced security instrumentation integration.
![Page 16: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/16.jpg)
Slide 16
ACE Virtual Device• SEAndroid providing:
o Privileged daemon protection.
o Application isolation.o Middleware controls.o Instrumentation & auditing.o App install protection.o Limit app access to sensors.
• ‘Untrusted’ app sandboxing.• Read only core OS partition.• Centralized patching.• MDM / MAM controls.
ACE Client• Remote two factor auth.• Remote signing and decryption.• TLS (and VPN) encryption for
data in transit.• GPS-based access policies.• Attributes exposed for MDM
integration.• Screenshot ‘prevention’.• Integration with client-side
attestation technologies.• Eventually, integration with
mobile device MTMs.
ACE Server• Protocol aware firewall.• KVM hypervisor containment.• SELinux-based VD separation.• Server-side TPM attestation.• VPN service for apps in VDs.• Network proxy for traffic
monitoring.• System-wide app management.• Behavioral and signature-based
malware detection.• User behavioral biometrics.• VD instrumentation / auditing.
Architecting for Defense in Depth
![Page 17: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/17.jpg)
Slide 17
Hypori ACE Admin Authentication & Connection
VPN (optional)ENTERPRISE
INTERNET
ACE Management Server
Web Server (nginx)
Enterprise Directory
(LDAP / AD)
mongoDB
OpenStackSystem
Present User Certificate (https / TLS v1.2)1
Validate User Certificate Signing Chain
2
Proxy http3
Verify Account Status +Password
Return valid user data +LDAP parameters
4
Look up User by DN for Role5
OpenStack API calls6
REST API Calls(https / TLS v1.2)
Splunk / Nagios /
Monit / etc
HTML + JSON7
3rd PartyIntegration
![Page 18: Hypori Performance Webinar](https://reader031.fdocuments.in/reader031/viewer/2022021922/58a7d5711a28ab8a7e8b52fd/html5/thumbnails/18.jpg)
Slide 18
Hypori ACE Client Authentication & Connection
ENTERPRISE
INTERNETVPN (optional)
ACE Client
ACE Management Server
Web Server (nginx)
Enterprise Directory
(LDAP / AD)
mongoDB
OpenStackSystem
Present User Certificate (TLS v1.2) + LDAP Password
1
Validate User Certificate Signing Chain
2
Proxy http3
Verify Account Status +Password
Return valid user data +LDAP parameters
4
Look up User by DN for Role5
ACE Virtual DeviceInformation
6
Deliver signedToken w/ Compute
Node name + AVD TCP Port
7
Connect with signed token to ACE Virtual Device using
the ACE Protocol over TLS v1.2
8
Splunk / Nagios /
Monit / etc3rd Party
Integration