1 01:00:00,133 --> 01:00:04,466 Welcome to the VCD Roundtable Episode 47. 2 01:00:06,333 --> 01:00:10,133 We want to talk about the importance of hardening. 3 01:00:10,599 --> 01:00:11,766 So hardening software. 4 01:00:12,533 --> 01:00:14,466 So we added the software at the end. 5 01:00:17,000 --> 01:00:18,199 Oh, I didn't know that. 6 01:00:18,633 --> 01:00:19,000 I thought... 7 01:00:21,233 --> 01:00:22,833 The topic is around hardening, but OK. 8 01:00:23,166 --> 01:00:25,466 If it goes around VMware products, 9 01:00:26,199 --> 01:00:27,400 maybe I can help as well. 10 01:00:28,199 --> 01:00:29,233 Hi, this is Matthias, 11 01:00:29,599 --> 01:00:32,500 also a part of the VCD Roundtable stream again. 12 01:00:33,099 --> 01:00:35,733 Today's guest speaker with us is Fabian. 13 01:00:35,966 --> 01:00:37,366 Fabian, for the introduction. 14 01:00:38,133 --> 01:00:38,333 Hello. 15 01:00:38,866 --> 01:00:41,766 So I've been here many episodes ago. 16 01:00:41,766 --> 01:00:44,633 I don't know, maybe one of the first and never came back. 17 01:00:44,633 --> 01:00:47,766 But now if things get hard, I'm back in the team. 18 01:00:48,233 --> 01:00:50,466 Fabian, architect at comdividion. 19 01:00:51,199 --> 01:00:54,866 I do a lot around architecture and consulting service 20 01:00:54,866 --> 01:00:56,933 providers when things get tough. 21 01:00:56,966 --> 01:00:57,833 Nah, just kidding. 22 01:00:58,233 --> 01:01:00,933 No, but the topic around hardening is something 23 01:01:00,933 --> 01:01:02,433 I dropped in during our Kickoff 24 01:01:02,566 --> 01:01:06,099 because we see that a lot of service providers 25 01:01:06,333 --> 01:01:08,733 need to be prepared 26 01:01:08,733 --> 01:01:10,366 against any kind of cyber threats 27 01:01:10,466 --> 01:01:12,666 and attacks and also audits. 28 01:01:13,233 --> 01:01:14,533 So be prepared for the audits. 29 01:01:15,033 --> 01:01:16,933 That's why hardening is an important thing. 30 01:01:17,633 --> 01:01:21,066 And maybe I can drop the one or other story 31 01:01:21,199 --> 01:01:24,466 to give you guys out there some feedback around that. 32 01:01:24,466 --> 01:01:26,333 Absolutely. 33 01:01:26,699 --> 01:01:29,066 What's also interesting, based on the questions 34 01:01:29,133 --> 01:01:32,666 we get from many customers and service providers, 35 01:01:32,866 --> 01:01:38,166 is do we need hardening only if we need to get certified 36 01:01:38,333 --> 01:01:41,366 or is it also relevant in normal environments? 37 01:01:43,033 --> 01:01:46,633 Yeah, I mean, hardening is a general concept for many years 38 01:01:46,633 --> 01:01:49,533 to change your software probably in a way 39 01:01:49,533 --> 01:01:52,133 that differs from the default settings. 40 01:01:52,333 --> 01:01:55,566 Yeah, there were many years ago 41 01:01:55,666 --> 01:02:00,233 when... was telling you 42 01:02:00,233 --> 01:02:01,833 how to harden your Windows systems 43 01:02:01,833 --> 01:02:03,033 and all kinds of software can be 44 01:02:03,033 --> 01:02:05,333 hardened by disabling features, 45 01:02:05,333 --> 01:02:09,033 by also giving you guidance around operational steps. 46 01:02:09,366 --> 01:02:10,533 You need to patch your environment. 47 01:02:10,766 --> 01:02:14,699 You need to make sure people are trained. 48 01:02:14,699 --> 01:02:16,833 All those things come together 49 01:02:16,966 --> 01:02:18,599 when we talk about the topic hardening. 50 01:02:19,066 --> 01:02:22,333 That's why I always see it as a three-part thing. 51 01:02:22,333 --> 01:02:24,033 One is the architecture around solution. 52 01:02:24,533 --> 01:02:25,566 That must be hardened. 53 01:02:26,099 --> 01:02:28,933 One is the configuration, how is it applied? 54 01:02:30,066 --> 01:02:31,133 Those hardening settings. 55 01:02:31,666 --> 01:02:32,633 And also how is it lived? 56 01:02:32,900 --> 01:02:38,366 So how are daily procedures hardened against security? 57 01:02:38,866 --> 01:02:41,133 This is something you always need to observe 58 01:02:42,566 --> 01:02:45,233 as a complete item from my opinion. 59 01:02:45,833 --> 01:02:47,733 And if someone promised you, 60 01:02:47,766 --> 01:02:51,099 "Hey, we deploy Aria Operations or VCF Operations" 61 01:02:51,266 --> 01:02:53,633 and you have automatically your environment hardened 62 01:02:54,166 --> 01:02:56,233 or get reports of the hardening status. 63 01:02:56,900 --> 01:02:58,666 In my opinion, that's not true. 64 01:02:58,666 --> 01:03:00,933 It's one important toolkit for it. 65 01:03:00,933 --> 01:03:02,766 But there's much more to hardening 66 01:03:02,766 --> 01:03:04,033 than just installing something 67 01:03:04,033 --> 01:03:05,066 and saying, "Now it's hardened." 68 01:03:07,033 --> 01:03:09,233 I wouldn't phrase it that simple 69 01:03:09,233 --> 01:03:12,466 because honestly speaking using Operations Manager 70 01:03:12,466 --> 01:03:16,866 and the implemented policy or the implemented framework 71 01:03:17,766 --> 01:03:21,433 with the hardening configuration is pretty straightforward. 72 01:03:21,866 --> 01:03:26,066 It just reflects Broadcom's default view: 73 01:03:26,333 --> 01:03:28,800 which configuration should be taken 74 01:03:28,800 --> 01:03:31,266 or which feature could be reconfigured 75 01:03:31,766 --> 01:03:33,733 to have a hardened infrastructure 76 01:03:33,833 --> 01:03:35,066 from a Broadcom perspective. 77 01:03:35,666 --> 01:03:37,033 That is one of many approaches. 78 01:03:37,033 --> 01:03:38,699 It might fit your needs. 79 01:03:38,699 --> 01:03:40,633 It might not, but you get a proper 80 01:03:40,633 --> 01:03:45,366 report based on Broadcom's default view, 81 01:03:45,366 --> 01:03:46,533 how it should be done. 82 01:03:46,866 --> 01:03:49,266 If you don't agree, if you have a different approach 83 01:03:49,366 --> 01:03:51,333 on hardening your infrastructure 84 01:03:51,433 --> 01:03:53,033 or you have different security 85 01:03:53,033 --> 01:03:56,000 and recommendations/needs, 86 01:03:56,900 --> 01:04:00,733 you just need to reconfigure the 87 01:04:00,733 --> 01:04:03,033 framework within Operations Manager 88 01:04:03,133 --> 01:04:04,466 to fit your needs. 89 01:04:04,466 --> 01:04:06,300 Then you have a proper report based on your infrastructure 90 01:04:06,300 --> 01:04:08,066 and you can start reconfiguring everything. 91 01:04:08,933 --> 01:04:10,066 Yeah, totally right. 92 01:04:10,599 --> 01:04:13,500 But from my point of view, 93 01:04:13,599 --> 01:04:18,400 as you know Ops Manager has a limited view on things. 94 01:04:18,800 --> 01:04:22,466 If I think about the environment of the service provider 95 01:04:22,466 --> 01:04:25,633 who might also have NSX, Advanced Load Bancer 96 01:04:26,800 --> 01:04:29,033 or I don't know Cloud Director in place, 97 01:04:29,533 --> 01:04:31,633 that's typically something the 98 01:04:31,633 --> 01:04:32,966 Operations Manager does not get. 99 01:04:32,966 --> 01:04:36,966 If we talk about those, let's say hardening relevant items 100 01:04:36,966 --> 01:04:39,733 like "Hey, your Active Directory must be secured." 101 01:04:40,566 --> 01:04:45,133 Let's say, immutable against any kind of attacks. 102 01:04:45,333 --> 01:04:46,666 That's also something we cannot. 103 01:04:47,199 --> 01:04:48,566 So we have only this limited view 104 01:04:48,800 --> 01:04:55,066 and I really love using those built-in compliance options 105 01:04:55,133 --> 01:04:58,966 from Aria Operations as a starting point. 106 01:04:59,266 --> 01:05:02,199 But still, and you did a great point by saying, 107 01:05:02,199 --> 01:05:04,333 "Hey, it's everything related to risk 108 01:05:04,333 --> 01:05:06,566 and everyone needs to decide fon their own 109 01:05:06,900 --> 01:05:10,633 if they want to accept the risk of not applying this item 110 01:05:10,733 --> 01:05:12,233 or maybe this item does not fit 111 01:05:12,233 --> 01:05:14,033 for your specific use case environment." 112 01:05:14,933 --> 01:05:16,666 And from my experience over the last years, 113 01:05:17,266 --> 01:05:20,066 I did a lot of... I was involved in a lot of audits 114 01:05:20,166 --> 01:05:22,166 around Enterprise solutions. 115 01:05:23,166 --> 01:05:25,099 And the important thing is you 116 01:05:25,099 --> 01:05:26,833 need to have something in place. 117 01:05:27,199 --> 01:05:28,166 That's the first thing. 118 01:05:28,166 --> 01:05:29,900 So you need to do this kind of hardening. 119 01:05:30,266 --> 01:05:32,666 VMware has done a great job over the years 120 01:05:32,666 --> 01:05:34,633 together with the community of 121 01:05:34,633 --> 01:05:36,300 creating those hardening guides; 122 01:05:36,333 --> 01:05:38,000 in the past they were called 123 01:05:38,000 --> 01:05:40,433 security configuration guides. 124 01:05:40,866 --> 01:05:42,199 Those big Excel sheets 125 01:05:42,199 --> 01:05:44,500 where you have the default setting, 126 01:05:44,566 --> 01:05:45,866 that's what it should be. 127 01:05:45,866 --> 01:05:47,966 That's the argument why you should have that. 128 01:05:48,466 --> 01:05:50,566 And what we always did, what we still do nowadays 129 01:05:50,633 --> 01:05:54,266 is taking that extension for certain customers 130 01:05:54,733 --> 01:05:58,266 and have the discussion -- item per item with the customer. 131 01:05:58,266 --> 01:05:59,933 "Hey, how does it look like in your environment? 132 01:05:59,933 --> 01:06:00,866 Is it a risk we take? 133 01:06:01,599 --> 01:06:04,699 Shall we live with the operational downside 134 01:06:04,733 --> 01:06:06,566 of enabling lockdown mode?" 135 01:06:06,800 --> 01:06:08,666 Which obviously makes sense 136 01:06:09,533 --> 01:06:12,433 from a security perspective in many scenarios, 137 01:06:12,666 --> 01:06:15,133 but sometimes from operational perspective, 138 01:06:15,366 --> 01:06:16,666 it can be quite annoying. 139 01:06:17,199 --> 01:06:21,466 So we need to get the risks together, 140 01:06:21,800 --> 01:06:24,099 calculate what's relevant for the customer 141 01:06:24,099 --> 01:06:25,133 and then make a decision. 142 01:06:26,633 --> 01:06:29,766 And I think that's a very important point you just covered, 143 01:06:30,400 --> 01:06:36,199 because even though a guide tells a customer or a CSP 144 01:06:37,599 --> 01:06:42,033 setting ABC needs to be reconfigured to whatever, 145 01:06:43,599 --> 01:06:46,733 you can still come up with a decision 146 01:06:46,966 --> 01:06:49,066 against the recommendations. 147 01:06:49,666 --> 01:06:52,666 Say, "I'll configure a feature 148 01:06:52,666 --> 01:06:55,266 in a certain way because of..." 149 01:06:55,966 --> 01:06:58,066 And even if you have an audit... 150 01:06:58,966 --> 01:07:03,466 so an auditor has no chance to make any... 151 01:07:04,533 --> 01:07:06,733 He cannot force you to reconfigure it 152 01:07:06,733 --> 01:07:09,066 to a certain configuration. 153 01:07:09,933 --> 01:07:12,566 But if you have it configured differently 154 01:07:13,266 --> 01:07:15,233 based on common guidelines, 155 01:07:15,633 --> 01:07:18,166 you always need to have a justification in place. 156 01:07:18,833 --> 01:07:21,333 You need to take a proper decision and justify 157 01:07:21,933 --> 01:07:24,133 why is it configured that way? 158 01:07:24,633 --> 01:07:26,333 And as long as you have a justification, 159 01:07:26,966 --> 01:07:27,733 you're good to go. 160 01:07:27,766 --> 01:07:29,533 Because if you have a justification, 161 01:07:29,933 --> 01:07:33,133 you made the decision and you're perfectly aware 162 01:07:33,199 --> 01:07:35,133 about the pros and cons. 163 01:07:35,733 --> 01:07:37,633 Yeah, depends on the justification. 164 01:07:38,066 --> 01:07:40,933 I don't encrypt because it's complicated. 165 01:07:41,733 --> 01:07:41,766 [laughter] 166 01:07:41,766 --> 01:07:42,866 Would be the... 167 01:07:44,066 --> 01:07:45,699 I mean, from my point of view, 168 01:07:45,933 --> 01:07:49,333 most auditors I work with, most of them, 169 01:07:49,333 --> 01:07:51,933 they audit a broad area of IT. 170 01:07:51,933 --> 01:07:52,933 They're not experts in VMware. 171 01:07:53,599 --> 01:07:55,433 But they react differently 172 01:07:55,699 --> 01:07:58,833 if they have a question and want to see something 173 01:07:58,833 --> 01:08:00,533 or some documents, artifacts, whatever. 174 01:08:01,199 --> 01:08:02,966 And you take something out of the box. 175 01:08:02,966 --> 01:08:04,300 Here, that's a complete list. 176 01:08:04,533 --> 01:08:06,833 It looks great with bullet 177 01:08:06,833 --> 01:08:08,566 points and score and justification. 178 01:08:09,000 --> 01:08:09,766 You show it to them. 179 01:08:09,966 --> 01:08:13,233 You then take an extract from the Aria Operations report. 180 01:08:13,866 --> 01:08:16,166 So they see there is a mechanism in place 181 01:08:16,166 --> 01:08:21,433 to prove that certain configurations are in place. 182 01:08:21,933 --> 01:08:24,766 This is something that really helps you 183 01:08:24,800 --> 01:08:25,633 during the audit. 184 01:08:25,899 --> 01:08:27,166 And for sure, for your own sake, 185 01:08:27,733 --> 01:08:31,866 it's up to you to still make the best design decision 186 01:08:32,000 --> 01:08:35,833 that secures you, but still keeps operations alive. 187 01:08:36,566 --> 01:08:39,366 And this is really relevant from my point of view. 188 01:08:39,366 --> 01:08:42,833 That's why, I mean, if you do those security engagements 189 01:08:42,833 --> 01:08:44,100 or hardening engagements, 190 01:08:45,333 --> 01:08:48,033 three to five days of architecture is easily gone. 191 01:08:48,266 --> 01:08:49,833 You have one, two, three days of workshops, 192 01:08:50,133 --> 01:08:54,399 then everyone goes back together and make maybe different 193 01:08:54,966 --> 01:08:58,399 decision about those 10, 15 complex points. 194 01:08:59,366 --> 01:09:01,000 You need to, let's say, also, 195 01:09:01,566 --> 01:09:04,566 or try to get the proof for certain statements. 196 01:09:05,000 --> 01:09:08,633 Yeah, maybe that the backup is encrypted. 197 01:09:08,866 --> 01:09:10,366 Simply something you cannot see. 198 01:09:10,366 --> 01:09:12,433 You need to assume that the backup is encrypted. 199 01:09:12,433 --> 01:09:14,899 But still, when we go out there, I ask them, 200 01:09:14,899 --> 01:09:18,666 hey, give me some proof or some configuration proof 201 01:09:18,733 --> 01:09:21,066 that the backups in the back end are encrypted. 202 01:09:22,000 --> 01:09:23,966 And this is really relevant. 203 01:09:24,000 --> 01:09:26,100 So those engagements are really important, 204 01:09:26,800 --> 01:09:28,566 but also take a little while. 205 01:09:28,833 --> 01:09:29,833 And that's what I said. 206 01:09:29,833 --> 01:09:31,766 You cannot simply deploy Aria Operations. 207 01:09:31,766 --> 01:09:34,800 Say, now it's hardened and let it run. 208 01:09:36,833 --> 01:09:40,399 You need to discuss that. 209 01:09:40,399 --> 01:09:43,199 It's an architectural decision you need to take 210 01:09:43,199 --> 01:09:44,066 around the environment. 211 01:09:45,666 --> 01:09:48,600 And even if you have some configuration monitoring 212 01:09:48,800 --> 01:09:51,166 in place, like Operations Manager, for example, 213 01:09:52,000 --> 01:09:55,500 it's just a supporting tool, 214 01:09:56,233 --> 01:09:57,566 because you need to make the architecture. 215 01:09:57,833 --> 01:10:00,333 You take the decisions, you justify. 216 01:10:01,066 --> 01:10:04,366 The monitoring is just a tool supporting you 217 01:10:04,366 --> 01:10:09,033 to prove that you implemented what you have discussed 218 01:10:09,033 --> 01:10:10,466 and designed. 219 01:10:11,100 --> 01:10:11,966 That's one point. 220 01:10:11,966 --> 01:10:15,233 But what we also often saw on the health checks, 221 01:10:15,233 --> 01:10:17,266 for example, that there is hardening 222 01:10:17,266 --> 01:10:19,666 or hardening was done, hardening was documented. 223 01:10:20,266 --> 01:10:23,166 But then they had an issue and needed to open SSH 224 01:10:23,266 --> 01:10:25,300 or direct access to hosts 225 01:10:25,300 --> 01:10:27,733 again and never configured it back. 226 01:10:28,899 --> 01:10:31,966 So from that perspective, I think, it is necessary 227 01:10:31,966 --> 01:10:36,866 to have proper control of all mechanisms and changes made 228 01:10:36,866 --> 01:10:40,533 during the hardening process to ensure they remain active. 229 01:10:42,466 --> 01:10:47,100 And totally, totally true. 230 01:10:47,433 --> 01:10:49,333 And one example that always comes to mind is, 231 01:10:49,833 --> 01:10:53,266 for example, I'm a big fan of 232 01:10:53,266 --> 01:10:55,100 segmenting the VMkernel ports 233 01:10:55,100 --> 01:10:57,433 of the ESXi, onboard firewall. 234 01:10:57,800 --> 01:11:00,766 We simply say only management networks can interact 235 01:11:00,766 --> 01:11:04,833 with the ESXi VMkernel, which is easy to do 236 01:11:05,199 --> 01:11:08,333 and gives you direct or reduces the attack vectors. 237 01:11:08,566 --> 01:11:09,633 And even though there's some 238 01:11:09,633 --> 01:11:10,866 malware in your infrastructure, 239 01:11:10,866 --> 01:11:13,733 they cannot reach the ESXi network. 240 01:11:14,233 --> 01:11:18,466 Except, I mean, you could, if 241 01:11:18,466 --> 01:11:21,233 you have some within data center 242 01:11:21,233 --> 01:11:23,033 firewall, you could do something similar. 243 01:11:23,033 --> 01:11:27,866 But it's one way to make sure the packets don't arrive 244 01:11:27,866 --> 01:11:30,866 from unknown networks at the ESXi. 245 01:11:31,899 --> 01:11:36,033 And when I look at all... fortunately, over the last two 246 01:11:36,033 --> 01:11:39,733 years, I've known many companies had 247 01:11:39,733 --> 01:11:41,266 some issues with crypto attacks 248 01:11:41,266 --> 01:11:42,133 on their VMware environment. 249 01:11:42,466 --> 01:11:47,966 Fortunately, none of my direct customers were 250 01:11:48,533 --> 01:11:54,766 attacked by that, or it was broken or encrypted. 251 01:11:55,699 --> 01:11:58,433 But the primary way I got engaged afterwards, 252 01:11:58,433 --> 01:11:59,833 it was always the same thing. 253 01:12:00,066 --> 01:12:03,033 Some older version, non-patched version of ESXi, 254 01:12:03,433 --> 01:12:05,733 they were reachable from one of the desktops 255 01:12:05,733 --> 01:12:07,166 that had some malware installed. 256 01:12:07,866 --> 01:12:09,333 So client network, server network, 257 01:12:09,533 --> 01:12:12,366 server network, they could scan the network, 258 01:12:12,600 --> 01:12:15,633 figure out ESXi host, figure out older versions, 259 01:12:15,633 --> 01:12:16,633 and did some attacks. 260 01:12:17,433 --> 01:12:20,000 And the other perspective was always 261 01:12:20,066 --> 01:12:23,100 around this active directory integration of the ESXi host. 262 01:12:23,566 --> 01:12:26,466 So also one thing, when the ESXi host was integrated 263 01:12:26,466 --> 01:12:29,033 in Active Directory for use authentication, 264 01:12:29,466 --> 01:12:33,166 there were a lot of attacks happening over this path. 265 01:12:33,833 --> 01:12:36,466 And today, I think in the hardening guide for security, 266 01:12:36,833 --> 01:12:37,833 there's still the recommendation 267 01:12:38,066 --> 01:12:40,933 to add the ESXi host to the Active Directory, 268 01:12:40,933 --> 01:12:45,366 to have a proper directory or non-route-based log on 269 01:12:45,366 --> 01:12:49,133 as possible, even though that's the official statement. 270 01:12:49,333 --> 01:12:52,100 And you also see in the CIS guidelines 271 01:12:52,566 --> 01:12:55,300 for security or other documentation 272 01:12:55,433 --> 01:12:56,766 when you want to reach a certification, 273 01:12:57,066 --> 01:12:59,766 I always argume," hey, let's not do that right now." 274 01:12:59,766 --> 01:13:02,966 There were so many bad things happening over this way. 275 01:13:03,666 --> 01:13:04,699 We do log them out. 276 01:13:04,733 --> 01:13:06,800 We segment the ESXi from the network, 277 01:13:07,166 --> 01:13:10,533 and we make sure we have some alerting in place 278 01:13:10,966 --> 01:13:13,433 when the root user is used on the ESXi host. 279 01:13:14,000 --> 01:13:17,366 So you have Log insight configured, making alerts 280 01:13:17,366 --> 01:13:21,466 if roots are doing any actions 281 01:13:21,766 --> 01:13:24,433 out of our role-based authentication mechanism, 282 01:13:24,833 --> 01:13:26,033 because that is really important 283 01:13:26,333 --> 01:13:30,800 to make sure every action is accountable 284 01:13:31,033 --> 01:13:32,266 to a specific user or system. 285 01:13:33,566 --> 01:13:36,933 But that's... all the topics you've mentioned. 286 01:13:37,166 --> 01:13:39,766 They're all part of a proper hardening, 287 01:13:40,533 --> 01:13:42,566 because hardening is not a tool. 288 01:13:42,566 --> 01:13:43,366 It's not a solution. 289 01:13:44,066 --> 01:13:45,300 It's a process, right? 290 01:13:45,533 --> 01:13:45,733 It's something-- 291 01:13:45,899 --> 01:13:46,466 It's a lifestyle. 292 01:13:47,199 --> 01:13:48,666 It's a lifestyle, right? 293 01:13:49,066 --> 01:13:52,066 That we're not going down there. 294 01:13:52,433 --> 01:13:55,033 Yves is not here, Fabian is here, and we're drifting. 295 01:13:55,833 --> 01:14:00,366 So it's a process you take. 296 01:14:00,399 --> 01:14:03,533 It's an approach, and also monitoring, 297 01:14:04,066 --> 01:14:06,766 and many different things that come to your mind 298 01:14:06,866 --> 01:14:08,899 might be part of a hardening process. 299 01:14:08,899 --> 01:14:12,199 Like you said, if a user is used to log into a system, 300 01:14:12,633 --> 01:14:15,966 or you mentioned the AD thing with the ESXi host, 301 01:14:16,166 --> 01:14:17,600 it's also pretty fine. 302 01:14:17,800 --> 01:14:21,899 But I think even if a recommendation exists 303 01:14:22,399 --> 01:14:25,166 and you come up with, "no, I 304 01:14:25,166 --> 01:14:27,533 don't think that this is a good idea," 305 01:14:28,033 --> 01:14:31,066 like joining an ESXi host to the Active Directory, 306 01:14:32,399 --> 01:14:34,166 you just justify it. 307 01:14:34,766 --> 01:14:39,500 The downside of it is, and just being really blunt, 308 01:14:40,366 --> 01:14:45,666 is there are many auditors out there without any clue-- 309 01:14:46,033 --> 01:14:49,166 No, I should not say without any clue. 310 01:14:49,166 --> 01:14:49,833 That's not good. 311 01:14:50,266 --> 01:14:54,866 Not being in depth with a certain product behavior. 312 01:14:55,766 --> 01:14:59,766 We'll tell you in the report, your ESXi host 313 01:14:59,766 --> 01:15:02,699 is not joined with Active Directory, so you get a minus 314 01:15:02,699 --> 01:15:04,633 score for something which does not make any sense 315 01:15:04,633 --> 01:15:06,033 because they have no clue. 316 01:15:06,566 --> 01:15:08,466 And then if they have a good name, 317 01:15:08,666 --> 01:15:11,533 if the company has a very well-known name, 318 01:15:12,399 --> 01:15:14,800 they are always right, even though they are wrong. 319 01:15:16,066 --> 01:15:16,266 Absolutely. 320 01:15:16,766 --> 01:15:19,333 But the good thing is, those are the items, 321 01:15:19,566 --> 01:15:20,766 even if everything's correct, 322 01:15:20,766 --> 01:15:22,366 those are the things they can find. 323 01:15:23,933 --> 01:15:24,800 But they feel good. 324 01:15:24,800 --> 01:15:25,300 We feel good. 325 01:15:25,800 --> 01:15:27,633 But still, the Active Directory thing, 326 01:15:27,833 --> 01:15:28,933 and if anyone is here 327 01:15:28,933 --> 01:15:30,500 listening, I would be really interested 328 01:15:30,500 --> 01:15:33,233 how you are dealing that around the ESXi hosts, 329 01:15:33,366 --> 01:15:36,633 because I have a clear opinion just based on what I saw. 330 01:15:36,899 --> 01:15:40,399 Because I saw things, and I don't want to see them again. 331 01:15:42,166 --> 01:15:45,566 I think if you're coming up with your approach 332 01:15:45,666 --> 01:15:48,233 and how you would configure infrastructure, 333 01:15:49,233 --> 01:15:50,733 I think as long as you have, 334 01:15:51,133 --> 01:15:53,533 as long as you take the decision 335 01:15:54,399 --> 01:15:57,833 document the decision, that's the proper justification, 336 01:15:58,533 --> 01:16:01,666 you're good to go because that documents 337 01:16:01,666 --> 01:16:04,333 that you're perfectly aware of what you're doing. 338 01:16:05,766 --> 01:16:08,333 I think that's one very important point 339 01:16:08,333 --> 01:16:13,433 around the whole hardening and those topics. 340 01:16:16,833 --> 01:16:16,966 True. 341 01:16:17,500 --> 01:16:20,066 Sasha, how can Cloud Foundation help us with hardening? 342 01:16:21,133 --> 01:16:22,733 I want to hear some sales talk, come on. 343 01:16:23,633 --> 01:16:23,866 Yeah. 344 01:16:26,566 --> 01:16:28,033 It's the best solution. 345 01:16:29,066 --> 01:16:29,433 Absolutely. 346 01:16:29,800 --> 01:16:35,166 So you get a lot of configurations pre-configured by VCF, 347 01:16:35,399 --> 01:16:36,399 so that's interesting. 348 01:16:37,333 --> 01:16:41,133 But I think the one topic also for me, 349 01:16:41,133 --> 01:16:44,233 a big part in hardening is to work with certificates. 350 01:16:46,333 --> 01:16:47,866 Work with public certificates, 351 01:16:48,066 --> 01:16:49,866 make sure that you have a trusted CA 352 01:16:50,166 --> 01:16:53,199 behind your certificates and not working with 353 01:16:55,199 --> 01:16:57,766 self-signed certificates out of the host. 354 01:16:58,466 --> 01:17:01,033 And having a hardened certificate authority. 355 01:17:01,600 --> 01:17:02,333 Now we start again. 356 01:17:02,600 --> 01:17:04,166 Yeah, I mean, that's also a thing. 357 01:17:04,533 --> 01:17:04,733 Absolutely. 358 01:17:04,966 --> 01:17:05,766 It doesn't matter if your 359 01:17:05,766 --> 01:17:07,533 certificate authority is compromised. 360 01:17:08,433 --> 01:17:11,233 That's a huge thing. 361 01:17:12,399 --> 01:17:14,866 I always get the feeling when you go down the security 362 01:17:14,866 --> 01:17:17,866 in Hardening Road, it's opening the box of Pandora 363 01:17:18,033 --> 01:17:20,533 because from one item, you get to the next one, ask, 364 01:17:20,633 --> 01:17:24,066 hey, what kind of CA certificate authority do you have? 365 01:17:24,066 --> 01:17:25,566 Is that something we can 366 01:17:25,566 --> 01:17:28,966 assume as being reliable and secure? 367 01:17:30,833 --> 01:17:32,766 We don't know to be honest. Especially if you talk 368 01:17:32,766 --> 01:17:34,466 to smaller corporations where 369 01:17:34,466 --> 01:17:37,533 that was set up by, I don't know, 370 01:17:37,733 --> 01:17:39,899 Erwin and Dieter. 371 01:17:40,433 --> 01:17:42,266 And they left the company 20 years ago. 372 01:17:43,266 --> 01:17:45,566 You know, Erwin and Dieter, that's a common German name, 373 01:17:45,633 --> 01:17:50,466 just for Mike and Jane, if you're from the US. 374 01:17:51,166 --> 01:17:53,666 But still, this is something where you then also say, 375 01:17:53,666 --> 01:17:54,433 okay, perfect. 376 01:17:54,666 --> 01:17:59,133 When we are done with our, I would say, assessment 377 01:17:59,133 --> 01:18:02,733 or hardening sessions, and everyone is really hard. 378 01:18:03,133 --> 01:18:04,433 No, that's not the right thing. 379 01:18:04,933 --> 01:18:09,699 And everyone is really getting items to work 380 01:18:09,699 --> 01:18:11,033 in the VMware infrastructure. 381 01:18:11,733 --> 01:18:14,466 There's also a lot of to-dos to figure out 382 01:18:14,666 --> 01:18:17,600 if we assume the right things around Active Directory, 383 01:18:17,600 --> 01:18:24,033 certificate authorities, and other topics. 384 01:18:30,133 --> 01:18:31,766 Erwin and Dieter. 385 01:18:34,233 --> 01:18:36,766 Come on, you said we can cut this later on. 386 01:18:36,766 --> 01:18:37,033 So therefore-- 387 01:18:37,033 --> 01:18:38,366 Well, we'll let it slide. 388 01:18:38,399 --> 01:18:40,399 So, cool. 389 01:18:42,133 --> 01:18:44,266 But again, it's also the combination 390 01:18:44,333 --> 01:18:45,566 with the monitoring tool. 391 01:18:46,266 --> 01:18:48,933 Because you need to have a report, 392 01:18:48,933 --> 01:18:50,566 because we are all just human beings. 393 01:18:50,766 --> 01:18:53,266 And if we are tasked to configure something, 394 01:18:53,666 --> 01:18:57,433 and even though it's very well prepared and documented, 395 01:18:58,033 --> 01:19:01,266 and we receive a monkey, see monkey, do instruction set, 396 01:19:01,699 --> 01:19:03,066 there is still the chance that 397 01:19:03,066 --> 01:19:04,033 you're fat-fingered something. 398 01:19:04,466 --> 01:19:07,733 And that's the reason you need to have a pool 399 01:19:07,866 --> 01:19:09,633 in the backend, monitoring the infrastructure, 400 01:19:09,899 --> 01:19:12,033 being aware what should be configured, 401 01:19:12,333 --> 01:19:14,433 and compare it with what is configured. 402 01:19:15,266 --> 01:19:19,233 And, Sascha, I love the example you came up with earlier on 403 01:19:19,533 --> 01:19:20,366 with the SSH. 404 01:19:21,366 --> 01:19:24,233 So that's a common use case, like, 405 01:19:24,399 --> 01:19:26,100 "oh, I need to troubleshoot something." 406 01:19:26,566 --> 01:19:27,533 I enable SSH. 407 01:19:27,966 --> 01:19:29,500 What is perfectly fine, right? 408 01:19:29,966 --> 01:19:33,800 And at the end, because you disabled all the warnings, 409 01:19:33,833 --> 01:19:36,466 because they drive you bonkers in the UI, 410 01:19:36,500 --> 01:19:40,366 you forgot to turn off the SSH service 411 01:19:40,399 --> 01:19:42,833 at the end of your troubleshooting session. 412 01:19:43,266 --> 01:19:45,766 So latest and next day, 413 01:19:46,233 --> 01:19:48,800 the compliance report within the monitoring tool, 414 01:19:49,233 --> 01:19:51,033 which is Operations, 415 01:19:52,399 --> 01:19:55,433 you shall have only one Operations Management tool, 416 01:19:57,699 --> 01:19:59,433 pops up saying, "I found this... 417 01:19:59,433 --> 01:20:01,800 "design and deployed by comdivision" 418 01:20:01,800 --> 01:20:02,000 Yeah. 419 01:20:02,933 --> 01:20:05,833 ... here is a new host, and this host has 420 01:20:06,633 --> 01:20:09,266 SSH turned on," and then you receive an alert, 421 01:20:09,833 --> 01:20:12,933 saying, all right, I detected a configuration drift. 422 01:20:12,933 --> 01:20:14,533 Please help me turn off SSH. 423 01:20:15,500 --> 01:20:18,033 And even though you have an incident, 424 01:20:18,533 --> 01:20:21,266 so you violate one of your policies, 425 01:20:21,933 --> 01:20:24,199 but if you have a monitoring tool, you get an alert, 426 01:20:24,466 --> 01:20:27,500 and then you can react on, like, "oh, I forgot. 427 01:20:27,866 --> 01:20:29,666 I turned the SSH servers off." 428 01:20:30,333 --> 01:20:34,133 That's a proper approach, and that's perfectly fine. 429 01:20:34,966 --> 01:20:37,633 The worst thing is you are not 430 01:20:37,633 --> 01:20:39,699 aware of that a configuration 431 01:20:39,933 --> 01:20:42,333 drift happened, and you are not 432 01:20:42,333 --> 01:20:45,766 compliant with your old policies anymore. 433 01:20:46,233 --> 01:20:47,366 That's the worst thing. 434 01:20:51,199 --> 01:20:54,366 Yeah, totally something we need to keep in mind. 435 01:20:54,366 --> 01:20:56,266 I mean, the good thing is over the years, 436 01:20:56,266 --> 01:20:57,766 the core VMware products, and 437 01:20:57,766 --> 01:21:00,033 if you now look into the security 438 01:21:00,066 --> 01:21:03,966 configuration guide for vSphere 8, there's not so much more 439 01:21:04,000 --> 01:21:05,100 in it anymore. 440 01:21:05,433 --> 01:21:09,199 The product team did a great job over the years 441 01:21:10,000 --> 01:21:13,833 to bring the core hypervisor to a 442 01:21:13,833 --> 01:21:16,133 level where you should typically, 443 01:21:16,366 --> 01:21:18,366 or you don't need to tweak that much. 444 01:21:19,966 --> 01:21:23,333 I think Mike Foley, who was also in the product team, 445 01:21:23,333 --> 01:21:26,766 he's very often shouting out on LinkedIn that he 446 01:21:28,733 --> 01:21:33,833 was very keen after getting the hardening into the product. 447 01:21:34,333 --> 01:21:35,866 We see that VMware is getting 448 01:21:35,866 --> 01:21:38,133 better and better in a lot of areas. 449 01:21:38,866 --> 01:21:42,100 That will also be much more better than with VCF 9. 450 01:21:42,100 --> 01:21:43,500 I'm pretty sure about that because 451 01:21:43,500 --> 01:21:46,699 now they all try to make it secure 452 01:21:46,866 --> 01:21:48,166 right from the beginning. 453 01:21:48,166 --> 01:21:51,466 But again, there are a lot of things we need to decide. 454 01:21:51,866 --> 01:21:53,433 Second factor of indication, for example, 455 01:21:53,666 --> 01:21:55,733 that's nothing you can bake into the product. 456 01:21:55,933 --> 01:21:58,266 We need to make a proper decision, and 457 01:21:58,266 --> 01:22:01,033 then also how to configure it concretely. 458 01:22:01,933 --> 01:22:04,233 Even if that's not a real word, I think. 459 01:22:06,466 --> 01:22:09,233 But also Cloud Director. 460 01:22:09,500 --> 01:22:12,966 I mean, we are big old fans of good ol' Cloud Director, 461 01:22:12,966 --> 01:22:14,833 and also there are still a lot of 462 01:22:14,833 --> 01:22:16,666 things we need to tweak afterwards 463 01:22:16,733 --> 01:22:20,166 to make sure it is hardened according to the recommendation 464 01:22:20,566 --> 01:22:23,433 that VMware put it out also many years ago. 465 01:22:23,633 --> 01:22:25,566 Maybe not Broadcom. 466 01:22:26,000 --> 01:22:27,666 Maybe the recommendation which 467 01:22:27,666 --> 01:22:30,199 comes from either comdivision 468 01:22:30,433 --> 01:22:33,033 or even better from the customer themself. 469 01:22:34,033 --> 01:22:38,566 Because that's one thing we do with our CSPs and customers 470 01:22:38,566 --> 01:22:40,333 is interview them. 471 01:22:40,733 --> 01:22:41,866 What's your expectation? 472 01:22:42,166 --> 01:22:43,033 What are your business 473 01:22:43,033 --> 01:22:45,600 requirements towards security hardening? 474 01:22:45,833 --> 01:22:46,966 And those bits and pieces. 475 01:22:49,399 --> 01:22:51,466 Another interesting topic. 476 01:22:52,066 --> 01:22:56,233 Let's move away a bit from the base infrastructure. 477 01:22:56,866 --> 01:22:58,966 And let's maybe for the last few minutes 478 01:22:59,033 --> 01:23:01,899 focus a bit more on the workloads which are running 479 01:23:01,899 --> 01:23:05,733 on the already successfully hardened base infrastructure. 480 01:23:06,766 --> 01:23:09,333 So we have guest operating systems. 481 01:23:09,333 --> 01:23:12,800 We have applications and a ton of stuff running. 482 01:23:13,033 --> 01:23:16,600 And if we are now back into the CSP game, it's a CSP. 483 01:23:17,333 --> 01:23:19,066 You need to make sure that you 484 01:23:19,066 --> 01:23:21,033 have proper network implementation. 485 01:23:21,600 --> 01:23:23,600 Because you have no clue what your 486 01:23:23,600 --> 01:23:26,833 customers are doing inside the virtual machine. 487 01:23:26,866 --> 01:23:29,866 They install the guest user and you just don't know 488 01:23:30,333 --> 01:23:33,533 if the customer applying all the 489 01:23:33,533 --> 01:23:35,333 security patches as recommended 490 01:23:35,666 --> 01:23:39,766 by the operating system vendor for example. 491 01:23:40,300 --> 01:23:40,500 Yeah. 492 01:23:40,633 --> 01:23:45,966 And remember those site channel attacks a few years ago. 493 01:23:45,966 --> 01:23:48,366 You know where they said, "Oh, disable hyper threading." 494 01:23:48,366 --> 01:23:50,366 Because there were chances of 495 01:23:50,366 --> 01:23:53,166 whatever this is something that could be. 496 01:23:54,133 --> 01:23:55,033 Could be a real... 497 01:23:55,699 --> 01:23:59,666 So winning the lottery had a higher chance than that one. 498 01:23:59,866 --> 01:24:00,066 But... 499 01:24:00,866 --> 01:24:01,633 I'm not sure. 500 01:24:01,633 --> 01:24:04,066 I mean there were attack patterns 501 01:24:04,066 --> 01:24:06,433 where you could extract certain things. 502 01:24:06,433 --> 01:24:07,166 And this is something you 503 01:24:07,166 --> 01:24:09,033 cannot control as a service provider. 504 01:24:10,133 --> 01:24:10,899 The thing here. 505 01:24:11,133 --> 01:24:12,233 What was the name of it? 506 01:24:12,800 --> 01:24:13,166 Spectre and Meltdown. 507 01:24:14,333 --> 01:24:17,500 Winning the lottery has a higher chance than that. 508 01:24:17,500 --> 01:24:19,699 No, I prove it wrong in the show notes. 509 01:24:19,699 --> 01:24:20,466 Do we have show notes? 510 01:24:21,600 --> 01:24:22,233 We will get some. 511 01:24:22,800 --> 01:24:27,366 So I can tell you on the side why. 512 01:24:27,566 --> 01:24:29,699 But the thing is you have your... 513 01:24:30,333 --> 01:24:32,166 And that's not a guest OS thing. 514 01:24:32,166 --> 01:24:33,966 It was a hypervisor attack. 515 01:24:34,566 --> 01:24:35,966 So two different things. 516 01:24:36,433 --> 01:24:37,666 But you have no clue what your 517 01:24:37,666 --> 01:24:39,933 customers are doing inside the virtual machine. 518 01:24:40,433 --> 01:24:42,366 And if they're patching their OSs, 519 01:24:42,366 --> 01:24:45,233 if they apply security patches to the applications. 520 01:24:45,600 --> 01:24:47,566 And we are perfectly aware, because 521 01:24:47,566 --> 01:24:51,166 virtualization is a big invitation to keep 522 01:24:51,833 --> 01:24:55,433 expired software running year after year 523 01:24:55,433 --> 01:24:57,666 after year out of support, out of everything, 524 01:24:57,666 --> 01:24:58,633 not supported anymore. 525 01:24:58,933 --> 01:25:00,699 So many companies do that. 526 01:25:00,966 --> 01:25:02,633 So as a service provider, you never know 527 01:25:02,633 --> 01:25:04,533 what's happening inside the infrastructure. 528 01:25:04,933 --> 01:25:06,666 So it's even more important 529 01:25:06,666 --> 01:25:08,666 from our perspective to take care 530 01:25:08,666 --> 01:25:11,166 that the underlying infrastructure is properly secured. 531 01:25:11,766 --> 01:25:15,566 And also you are logging all the 532 01:25:15,566 --> 01:25:17,433 traffic between tenant networks 533 01:25:17,933 --> 01:25:20,866 and the CSP basic network infrastructure. 534 01:25:22,600 --> 01:25:22,766 Separate. 535 01:25:23,566 --> 01:25:25,866 And additional to that and additional to hardening. 536 01:25:26,166 --> 01:25:28,133 So really take a look what 537 01:25:28,133 --> 01:25:31,533 options you have to help your customers, 538 01:25:32,199 --> 01:25:34,866 your end customers, to bring more 539 01:25:34,866 --> 01:25:37,100 security inside their environment. 540 01:25:37,633 --> 01:25:41,033 So take a look at advanced threat protection with NSX, 541 01:25:41,500 --> 01:25:44,433 which you can buy as an add-on. 542 01:25:44,933 --> 01:25:46,933 So that's one point. 543 01:25:46,966 --> 01:25:52,300 And the other point is take a look at advanced ALB. 544 01:25:52,699 --> 01:25:54,399 So advanced load balancer. 545 01:25:54,800 --> 01:25:57,666 So for all the web services your customers hosting. 546 01:25:58,100 --> 01:26:01,600 So you can activate web application firewall on top of it 547 01:26:01,966 --> 01:26:03,966 and make your environment or the 548 01:26:03,966 --> 01:26:06,333 customers' environments more secure. 549 01:26:07,266 --> 01:26:09,066 So ATP, so I first mentioned 550 01:26:09,066 --> 01:26:11,366 ATP, that's a different ballgame. 551 01:26:11,833 --> 01:26:13,033 It's an amazing feature. 552 01:26:13,033 --> 01:26:17,500 It's there and even with DPUs it gets usable. 553 01:26:18,333 --> 01:26:21,199 Because you're offloading everything to the smart name. 554 01:26:22,633 --> 01:26:25,566 And use those features because I haven't. 555 01:26:25,800 --> 01:26:30,766 So I've been in IT for more than 25 years. 556 01:26:31,433 --> 01:26:38,199 So over time, year after year, you just see more different 557 01:26:39,266 --> 01:26:40,466 different patterns. 558 01:26:41,000 --> 01:26:42,066 It got more and more and more. 559 01:26:43,066 --> 01:26:45,100 There was no year where you had less 560 01:26:45,100 --> 01:26:47,600 threats running around the internet 561 01:26:47,600 --> 01:26:48,566 than the year before. 562 01:26:49,333 --> 01:26:50,733 So it gets worse and worse. 563 01:26:54,066 --> 01:26:54,466 Okay. 564 01:26:55,733 --> 01:26:57,500 And then in the end, you always need to have 565 01:26:58,466 --> 01:27:00,866 Operations in the back end for monitoring. 566 01:27:02,833 --> 01:27:03,166 Awesome. 567 01:27:04,100 --> 01:27:08,733 So if you are not hardened already, what can we do? 568 01:27:11,266 --> 01:27:12,933 Sascha, how much is our hardening? 569 01:27:12,966 --> 01:27:14,100 Standard offering. 570 01:27:14,100 --> 01:27:15,433 What do you say? 571 01:27:15,866 --> 01:27:19,133 You need now to turn on the red light. 572 01:27:20,800 --> 01:27:21,066 And then... 573 01:27:22,000 --> 01:27:22,633 Wait a sec. 574 01:27:25,533 --> 01:27:29,233 So if you need... 575 01:27:31,399 --> 01:27:33,533 Not red enough, I would say. 576 01:27:37,600 --> 01:27:40,199 So if you need it really hard. 577 01:27:40,766 --> 01:27:41,433 No, wait a sec. 578 01:27:41,666 --> 01:27:43,966 Guys, you are aware that it's a podcast. 579 01:27:44,833 --> 01:27:47,066 Most people won't see the video. 580 01:27:48,000 --> 01:27:48,199 Really? 581 01:27:49,133 --> 01:27:51,166 We're now waiting for the audio description. 582 01:27:51,666 --> 01:27:53,633 That's why we talked about the red light. 583 01:27:54,566 --> 01:27:54,766 Yeah. 584 01:27:55,033 --> 01:27:58,300 So for all the audience who's not watching the video, 585 01:27:59,133 --> 01:28:01,433 the light in my room is now pretty red. 586 01:28:02,366 --> 01:28:06,866 And joking aside, if you need any guidance around that, 587 01:28:06,866 --> 01:28:08,366 if you feel your VMware 588 01:28:08,366 --> 01:28:12,166 environment could use a third party look up 589 01:28:12,233 --> 01:28:13,899 around the topic of security 590 01:28:13,899 --> 01:28:16,433 hardening, just drop us a message 591 01:28:16,566 --> 01:28:19,733 and we can make you pretty quick and offer to help you 592 01:28:20,333 --> 01:28:22,466 nearly on all continents nowadays, isn't it? 593 01:28:23,133 --> 01:28:23,300 Sure. 594 01:28:24,833 --> 01:28:25,033 Yeah. 595 01:28:25,699 --> 01:28:26,800 Feel free to ping us. 596 01:28:27,433 --> 01:28:31,133 Feel free to drop us messages on 597 01:28:31,133 --> 01:28:33,566 LinkedIn, as an email, over our webpage, etc. 598 01:28:34,633 --> 01:28:36,966 and we can sit together and talk 599 01:28:36,966 --> 01:28:40,833 with you about what we can do for you. 600 01:28:40,833 --> 01:28:45,800 How can we solve your problems and provide hardening 601 01:28:45,833 --> 01:28:48,066 or a design for hardening for your environment? 602 01:28:50,966 --> 01:28:54,166 Yeah, also from my side, thanks for tuning in. 603 01:28:54,566 --> 01:28:57,733 Famous last words, I think hardening is very important. 604 01:28:58,000 --> 01:28:59,066 Also monitoring and implementing 605 01:28:59,066 --> 01:29:01,266 the stuff, but always keep in mind 606 01:29:01,300 --> 01:29:06,233 that you keep your risks and hardening 607 01:29:06,233 --> 01:29:08,066 aligned with your business requirements 608 01:29:08,633 --> 01:29:10,500 to have a solution because in the 609 01:29:10,500 --> 01:29:12,899 end you need an infrastructure solution 610 01:29:12,899 --> 01:29:16,133 which supports the goals the business has. 611 01:29:16,333 --> 01:29:23,166 Otherwise it doesn't make the best sense out of it. 612 01:29:24,833 --> 01:29:27,199 Short outlook Ep. 48. 613 01:29:28,733 --> 01:29:29,933 I heard a rumor. 614 01:29:31,533 --> 01:29:34,166 I heard a rumor that Episode 48 will 615 01:29:34,166 --> 01:29:36,899 be around Orchestration Automation. 616 01:29:37,366 --> 01:29:39,266 Yeah, I want to come back. 617 01:29:40,366 --> 01:29:41,433 So that's the rumor. 618 01:29:43,366 --> 01:29:45,300 So we won't discuss VCF 619 01:29:45,300 --> 01:29:47,333 Automation because that's not released. 620 01:29:48,433 --> 01:29:50,433 So Orchestration Automation will be 621 01:29:50,433 --> 01:29:54,766 around Cloud Director and Orchestrator. 622 01:29:55,866 --> 01:29:56,466 That's the plan. 623 01:29:57,766 --> 01:29:58,166 Interesting. 624 01:29:58,633 --> 01:29:59,899 I'm looking forward to this one. 625 01:30:00,566 --> 01:30:02,633 Who will present, not me. 626 01:30:03,733 --> 01:30:04,366 I'm sure you. 627 01:30:05,133 --> 01:30:06,533 He's Mr. Orchestrator. 628 01:30:06,533 --> 01:30:07,300 Come on. 629 01:30:07,966 --> 01:30:09,000 I know. 630 01:30:10,433 --> 01:30:12,500 Okay, thanks for tuning in. 631 01:30:12,933 --> 01:30:13,866 Have a great day. 632 01:30:14,633 --> 01:30:16,733 We're more than happy to help just ping us. 633 01:30:17,266 --> 01:30:18,366 See you in the next episode. 634 01:30:20,000 --> 01:30:20,433 See you.