Site to Cloud lösning i Microsoft Azure / Site to Cloud solution in Microsoft Azure

Birgersson, Christoffer

January 2017

I dagens samhälle så blir vi allt mer och mer beroende av den teknik vi utvecklar, därför är det av större vikt att vi alltid skall ha tillgång till den information som vi behöver för att kunna göra våra dagliga sysslor. Detta lägger större press på att de system som utvecklas skall fungera felfritt och man skall ha snabba responstider för att allt ska flyta på så bra som möjligt och om det så skulle bli en kritisk systemkrasch så skall inte informationen gå helt förlorad. Därför har det blivit populärt att ändra från att ha personliga servrar till att köra allt mer och mer applikationer och information i det så kallade ”molnet”.  Därför är det av allt större intresse att ha koll på några av de större leverantörerna av molntjänster och hur man kan använda dessa för att få en bättre verksamhet. Därför kommer denna rapport att handla om hur ett arbete utförts på TeamNorrs begäran för att göra en jämförelse mellan Microsoft Azure, Google Cloud Platform och Amazon Web Services. Den kommer även gå igenom hur responstiderna ser ut till några av världens datacenter med en utgångspunkt från TeamNorrs huvudkontor i Umeå. Rapporten går även igenom hur man själv kan testa på Microsoft Azure, Google Cloud Platform och Amazon Web Services, och hur man i Microsoft Azure kan göra en så kallad ”Site to Cloud” lösning med en VPN tunnel för att kunna skapa en MSSQL backup i molnet. Sedan diskuteras för och nackdelar med det arbete som utförts, samt vilka förbättringar som skulle kunna vara aktuella i framtiden. / In todays society we become more and more dependent on the technology we develop, so it is of greater importance that we always have access to the information we need to do our daily tasks. It is more pressing than ever that the developed systems should work well and that you should have quick response times for everything to flow as smooth as possible and if there would be a critical system crash, the information should not be completely lost. Therefore, it has become more popular to go from, having personal servers to use more and more applications and information in the so-called "cloud". That´s why it is becoming increasingly important to keep track of some of the major cloud service providers and how to use them to archive a better business. This report will be about how a work was done at TeamNorrs request to make a comparison between Microsoft Azure, Google Cloud Platform and Amazon Web Services. It will also review the response times to some of the worlds data centers with a starting point from TeamNorrs headquarters in Umeå. It also describe how you can put up your own environment to test Microsoft Azure, Google Cloud Platform and Amazon Web Services, and how to do a so-called "Site to Cloud" solution with a Virtual Private Network tunnel in Microsoft Azure, where it will also show you how you can create an MSSQL backup in the cloud. Then discusses the pros and cons of the work done and what improvements could be relevant for the future.

Molntjänster

Azure

VPN

SQL

Computer Systems

Datorsystem

VPN kontrolér / VPN Controller

Fabiánek, Ondřej

January 2019

Tato práce se zabývá návrhem architektury a implementací flexibilního, škálovatelného a bezpečného systému pro správu virtuálních privátních sítích, který by umožnil propojení jinak nedostupných routerů a zařízení v jejich lokálních sítích. Ačkoli je systém primárně určen pro použití s routery od výrobce Advantech, podpora jiných zařízení může být později přidána.

Hardwarové kryptografické moduly pro zabezpečení LAN / Hardware cryptographic modules for LAN security

Loutocký, Tomáš

January 2008

The thesis deal with the problems of virtual private network (VPN). The first part of the thesis is focused on the description of the basic terms of computer security which are useful for better understanding the other parts. There is a description of VPN technology and its separation of VPN by various aspects in the second part of the thesis. The next chapter is dedicated to the description of realization of VPN by using IPSec. There is shown how to secure laboratory network by using of the products of the Safenet Company in the practical part of the thesis. There are also stated the modular techniques how to use products in the network in practical part. Some of the modular techniques describe security weaknesses of the products which are possible to exploit in the laboratory network and they also describe the ways how to protect them against misusage.

Útoky na bezdrátovou síť / Wireless network attacks

Brusnický, Pavel

January 2010

Objective of this thesis is to point out to almost everywhere present flaw in realization of second level network security access to WiFi networks with using traffic tunneling over DNS protocol. Realization has been accomplished by existing utilities OzymanDNS, DNS2TCP, NSTX, Iodine, Heyoka. Measurements were done on realistic traffic on the network. The effort was to show outline of these implementations. Transfer speeds in some implementations can be marked as applicable thanks to high speeds, which are on the same level as broadband internet. Functionality was tested on WiFi network, where was also compromised PPTP VPN tunnel, its function was to provide security of the communication on wireless network due to absence of first level security mechanisms such as WPA, WPA 2 and so on, with the help of Asleap, which comes out of Cisco LEAP attack. At the end of the work are suggested possible countermeasures for securing network by the topology change of the network infrastructure or by implementing IDS.

tunnel; WiFi; wireless; PPTP; DNS; VPN

Proyecto MIKHUNA SHAKE / Project Mikhuna Shake

Cerón García, Alejandra, Estrada Arias, Thelma Del Pilar, Galvez Palomino, Calef Yair, Quispe Sanchez, Nataly Rosario, Urrutia Rosazza, Nicole Jaqueline

31 July 2020

En el presente trabajo de investigación, se verán los aspectos que sean necesarios para la iniciación de nuestro proyecto para la elaboración y venta de nuestra bebida Mikhuna Shake. Nuestro segmento va dirigido a todas aquellas personas que mayores de 18 años, en búsqueda de un desayuno fácil, rápido de tomar y nutritivo. Nuestra propuesta de valor se basa en que es una bebida proteica, baja en grasas y azúcares, y está listo para tomar. Para el primer año, nuestro canal de ventas será por medio de las ventas directas a través de nuestras redes sociales. Por otra parte, hemos utilizado 5 experimentos a través de Facebook e Instagram, con la finalidad de obtener nuevos aprendizajes. Asimismo, se realizaron promociones y descuentos con la finalidad de atraer a más clientes. La estrategia que se realizará para nuestro producto será la de penetración, dado que estamos lanzando un precio de introducción para ambas presentaciones a un precio de S/3.90 para el 300 ML y S/7.90 para el de 900 ML. Nuestros ingresos son generados por nuestras ventas en ambos tamaños y se llevan a cabo mediante nuestras redes sociales. Además, se mantendrá una relación cercana con nuestros clientes para de darle un valor agregado al producto. La inversión que se realizará al comenzar nuestro proyecto será por un monto de S/29872. Esto nos permitirá iniciar nuestras operaciones y solventar los gastos necesarios. Finalmente, nuestro VAN resultante es positivo, el cual hace rentable nuestro negocio, a pesar de tener múltiples gastos preoperativos.

Investments

learnings

revenues

added value

VPN

Virtually@Home

Lindberg, Magnus, Nilsson, Anders

January 2009

With today's rapid development of technology and IT systems the demand for security and accessibility by both companies and individuals has increased. More and more people want access to their private files and services even when they are not at home. Geographical limitations can be a problem, and some such limitations have been deliberately added to a number of new services on the Internet, such as IPTV and other media services. Today it is neither safe nor appropriate to send sensitive information over public connections, such as the Internet. Because of this, several solutions including IPsec, SSL / TLS, and several other technologies have been developed and implemented. With these, you can create encrypted connections between two endpoints over an internet protocol. This implies in turn that you can access files and services just as you would have done if you actually been at home – you are “Virtually@home”. The report shows a solution to the problem of how to be virtually at home in a simple, cost-effective and safe manner by using a proxy server and a VPN. We review how each of the relevant technologies work and why we believe that this solution is an optimal solution to this problem. / Med dagens snabba utveckling av teknik och informationsteknologiska system har krav ställts på säkerhet och tillgänglighet hos både företag och privatpersoner. Fler och fler vill ha tillgång till sina privata filer och tjänster även när de inte är hemma. Geografiska begränsningar kan vara ett problem, och har medvetet lagts till på ett flertal nya tjänster på internet. såsom IPTV och andra mediaprodukter. Idag är det varken säkert eller lämpligt att skicka känslig information över publika anslutningar, såsom Internet. På grund av detta har ett flertal lösningar såsom IPsec, SSL/TLS, med flera andra tekniker utvecklas och implementerats. Med hjälp av dessa kan man skapa krypterade anslutningar mellan två ändpunkter genom att använda TCP/IP protokollet. Detta går sedan i sin tur att utnyttja för att komma åt filer och tjänster som man skulle gjort om man faktiskt varit hemma – du är Virtually@home. Rapporten visar hur man skapar en lösning till detta problem på ett enkelt, kostnadseffektivt och säkert sätt med hjälp av en proxy och ett VPN. Vi går igenom hur olika tekniker fungerar och varför vi anser att denna lösning är optimal för vårt syfte.

Proxy

Streaming

IPTV

VPN

Communication Systems

Kommunikationssystem

Projeto de uma VPN(Rede Privada Virtual) baseada em computação reconfigurável e aplicada a robôs móveis / A VPN (Virtual Private Network) design based on reconfigurable computing and applied to mobile robots

Marleta, Marcelo Honorato

11 April 2007

Este trabalho apresenta uma implementação de VPN utilizando-se dos circuitos reprogramáveis do tipo FPGA (Field Programmable Gate Array) que são a base da computação reconfigurável. VPNs utilizam criptografia para permitir que a comunicação seja privada entre as partes. Assim, todo o custo computacional decorrente desta prática é executado em nível de hardware, procurando-se atingir um alto desempenho e voltado para as aplicações de sistemas embutidos. O uso desta solução, VPN por hardware, será na interligação de um robô (em desenvolvimento no Laboratório de Computação Reconfigurável - LCR do Instituto de Ciências Matemáticas e de Computação da Universidade de São Paulo) ao seu servidor de configuração e tarefas, através de linhas privadas. O emprego de uma VPN em robótica permitirá a utilização de um sistema de comunicação, com ou sem fio, e toda a infra-estrutura da Internet para a comunicação com o robô (e no futuro entre os robôs) a qualquer distância de forma segura e confiável. O hardware reconfigurável utilizado para a VPN deste trabalho proporciona flexibilidade no modo de implementação, possibilitando que o sistema seja adequado para satisfazer situações que exijam alto desempenho. Além disso, a arquitetura proposta possibilita que parte das operações sejam executadas em software (no caso, foi utilizado o sistema operacional ?Clinux e ferramentas para se estabelecer a VPN) e parte das operações executadas em hardware (um coprocessador criptográfico AES). As principais ferramentas de software são o conjunto ipsec-tools que foram desenvolvidas para serem executadas com o IPSec nativo do Kernel e devidamente portadas para o ?Clinux / This work designs a system that implements a VPN using FPGA (Field Programmable Gate Array) reprogrammable circuits, which are the basis of reconfigurable computing. VPNs use cryptography to allow private communication between parts. In this manner, the computational cost of the cryptography is handled by the hardware, achieving great performance and allowing its usage on embedded systems applications. The system proposed in this thesis has been used to establish secure communication between a PC and a mobile robot (that is in development at Reconfigurable Computing Laboratory - LCR of Institute of Mathematics and Computer Science of Univesity of São Paulo). The use of VPN in robotics will allow a communication, either wired or wireless, using Internet?s infrastructure with the robot (and in the future among robots), in a secure and trustable manner. The reconfigurable hardware used in this work allows flexibility in the implementation, making possible its usage in situations that requires high performance. Furthermore, the proposed architecture allows part of applications executing in software (using ?Clinux operating system and tools to establish the VPN) and other parts in hardware (a cryptographic coprocessor AES). The main software tools are the ipsec-tools that were developed to execute with native Kernel IPSec?s implementation and were properly ported to ?Clinux

Computação reconfigurável

Embedded systems

FPGA

FPGA

Ipsec

Ipsec

Reconfigurable computing

Security

Segurança

Sistemas embarcados

VPN

VPN

Projeto de uma VPN(Rede Privada Virtual) baseada em computação reconfigurável e aplicada a robôs móveis / A VPN (Virtual Private Network) design based on reconfigurable computing and applied to mobile robots

Marcelo Honorato Marleta

11 April 2007

Este trabalho apresenta uma implementação de VPN utilizando-se dos circuitos reprogramáveis do tipo FPGA (Field Programmable Gate Array) que são a base da computação reconfigurável. VPNs utilizam criptografia para permitir que a comunicação seja privada entre as partes. Assim, todo o custo computacional decorrente desta prática é executado em nível de hardware, procurando-se atingir um alto desempenho e voltado para as aplicações de sistemas embutidos. O uso desta solução, VPN por hardware, será na interligação de um robô (em desenvolvimento no Laboratório de Computação Reconfigurável - LCR do Instituto de Ciências Matemáticas e de Computação da Universidade de São Paulo) ao seu servidor de configuração e tarefas, através de linhas privadas. O emprego de uma VPN em robótica permitirá a utilização de um sistema de comunicação, com ou sem fio, e toda a infra-estrutura da Internet para a comunicação com o robô (e no futuro entre os robôs) a qualquer distância de forma segura e confiável. O hardware reconfigurável utilizado para a VPN deste trabalho proporciona flexibilidade no modo de implementação, possibilitando que o sistema seja adequado para satisfazer situações que exijam alto desempenho. Além disso, a arquitetura proposta possibilita que parte das operações sejam executadas em software (no caso, foi utilizado o sistema operacional ?Clinux e ferramentas para se estabelecer a VPN) e parte das operações executadas em hardware (um coprocessador criptográfico AES). As principais ferramentas de software são o conjunto ipsec-tools que foram desenvolvidas para serem executadas com o IPSec nativo do Kernel e devidamente portadas para o ?Clinux / This work designs a system that implements a VPN using FPGA (Field Programmable Gate Array) reprogrammable circuits, which are the basis of reconfigurable computing. VPNs use cryptography to allow private communication between parts. In this manner, the computational cost of the cryptography is handled by the hardware, achieving great performance and allowing its usage on embedded systems applications. The system proposed in this thesis has been used to establish secure communication between a PC and a mobile robot (that is in development at Reconfigurable Computing Laboratory - LCR of Institute of Mathematics and Computer Science of Univesity of São Paulo). The use of VPN in robotics will allow a communication, either wired or wireless, using Internet?s infrastructure with the robot (and in the future among robots), in a secure and trustable manner. The reconfigurable hardware used in this work allows flexibility in the implementation, making possible its usage in situations that requires high performance. Furthermore, the proposed architecture allows part of applications executing in software (using ?Clinux operating system and tools to establish the VPN) and other parts in hardware (a cryptographic coprocessor AES). The main software tools are the ipsec-tools that were developed to execute with native Kernel IPSec?s implementation and were properly ported to ?Clinux

Computação reconfigurável

FPGA

Ipsec

Segurança

Sistemas embarcados

VPN

Embedded systems

FPGA

Ipsec

Reconfigurable computing

Security

VPN

Barnsäkring av Smartphones

Berg, Leonhard, Montelius, Olle

January 2018

Genom detta arbete demonstreras hur man, genom att kombinera tillgängliga gratistjänster, samt med lite egen kod, kan åstadkomma en prototyp av ett säkert och barnanpassat heltäckande system för användande av Android-enheter. Internettrafik från den mobila enheten dirigeras genom VPN-tunnel till hemmanätverket vilket ger minskad attackyta och minskad avlyssningsrisk, och genom användning av DNS-filtrering kan olämpliga webbsidor på förhand blockeras. Enheten kan användas för samtal (och med ytterligare modifiering SMS) men inkommande samtal från icke-godkända avsändarnummer, samt SMS blockeras. Genom Applocker, en sorts låsmekanism för applikationsåtkomst, förhindras olämpliga applikationer att installeras eller användas på enheten, likväl som inställningar förhindras att ändras av annan än administratör. Genom användande av en App-launcher kan begränsningen stramas åt ytterligare. Den sammantagna lösningen renderar i ett system där en Smartphone på ett fördelaktigt sätt kan handhas av barn och där utvalda funktioner går att använda på vanligt sätt men där, i förväg spärrade, funktioner har eliminerats från enheten. Vad som krävs utöver en Smartphone, är ett fungerande hemmanätverk och en enklare - alltid påslagen - ”server”-dator, förslagsvis en Raspberry Pi. / In this work, the ability to create a prototype for a throughout secure and childproof system for Android is shown. This is done by combining already available products combined with some own code. Internet traffic is being pushed through a VPN tunnel to an already existing LAN in the own home. This mitigates the risks of eavesdropping attacks and other threats, and by using DNS Filtering, unwanted web pages can be blocked beforehand. The mobile unit can be used for calls (and with further development SMS) but incoming calls from unknown numbers, and SMS, will be blocked. With the addition of Applocker, a sort of locking mechanism for software access, the use of unwanted application will be restricted. By adding a custom App-Launcer, this restriction can be even more firm. The complete solution brings a system where the Smartphone preferably can be handled by a child and where chosen functions can be used in their regular manner but where, predetermined, functions has been eliminated from the unit – or is only accessible by the administrator. What is needed for this prototype, besides of a Smartphone, is a working LAN in the home, and an always-on computer that acts like a server, preferably a Raspberry Pi.

Android

Childproof

Parental Control

VPN

Net security

Android

Barnsäkerhet

Föräldrakontroll

VPN

Nätsäkerhet

Computer Sciences

Datavetenskap (datalogi)

MobiVPN: Towards a Reliable and Efficient Mobile VPN

January 2017

abstract: A Virtual Private Network (VPN) is the traditional approach for an end-to-end secure connection between two endpoints. Most existing VPN solutions are intended for wired networks with reliable connections. In a mobile environment, network connections are less reliable and devices experience intermittent network disconnections due to either switching from one network to another or experiencing a gap in coverage during roaming. These disruptive events affects traditional VPN performance, resulting in possible termination of applications, data loss, and reduced productivity. Mobile VPNs bridge the gap between what users and applications expect from a wired network and the realities of mobile computing. In this dissertation, MobiVPN, which was built by modifying the widely-used OpenVPN so that the requirements of a mobile VPN were met, was designed and developed. The aim in MobiVPN was for it to be a reliable and efficient VPN for mobile environments. In order to achieve these objectives, MobiVPN introduces the following features: 1) Fast and lightweight VPN session resumption, where MobiVPN is able decrease the time it takes to resume a VPN tunnel after a mobility event by an average of 97.19\% compared to that of OpenVPN. 2) Persistence of TCP sessions of the tunneled applications allowing them to survive VPN tunnel disruptions due to a gap in network coverage no matter how long the coverage gap is. MobiVPN also has mechanisms to suspend and resume TCP flows during and after a network disconnection with a packet buffering option to maintain the TCP sending rate. MobiVPN was able to provide fast resumption of TCP flows after reconnection with improved TCP performance when multiple disconnections occur with an average of 30.08\% increase in throughput in the experiments where buffering was used, and an average of 20.93\% of increased throughput for flows that were not buffered. 3) A fine-grained, flow-based adaptive compression which allows MobiVPN to treat each tunneled flow independently so that compression can be turned on for compressible flows, and turned off for incompressible ones. The experiments showed that the flow-based adaptive compression outperformed OpenVPN's compression options in terms of effective throughput, data reduction, and lesser compression operations. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2017

Computer science

Adaptive Compression

Mobile VPN

Mobility

Persistent TCP

Session Resumption

VPN