WEBVTT 00:00.000 --> 00:13.000 Yes, it's a myth. 00:13.000 --> 00:15.000 Okay, hello. 00:15.000 --> 00:20.000 Thanks for being here and this is the room and idea for today 00:20.000 --> 00:25.000 to have some cloud security talk about the detail more 00:25.000 --> 00:33.000 as we try to illustrate something that we can consider private clouds 00:33.000 --> 00:36.000 in first or two is something that we have to cover. 00:36.000 --> 00:39.000 And we try to go with it. 00:39.000 --> 00:40.000 I'm Jordi. 00:40.000 --> 00:42.000 I'm based in Barcelona. 00:42.000 --> 00:45.000 I work in a principal technology innovation here in Open Nebula 00:45.000 --> 00:47.000 systems for some years. 00:47.000 --> 00:51.000 I was in research in HPC. 00:51.000 --> 00:55.000 And now I'm trying to have some new features to Open Nebula 00:55.000 --> 01:01.000 and today we will focus this part of cybersecurity in the, you know, in the, in the edge. 01:01.000 --> 01:05.000 I'm happy to be here because this, today we will present something 01:05.000 --> 01:09.000 that was oriented to go through the ecosystem. 01:09.000 --> 01:12.000 In this case with people from ProLare, I don't know if you know ProLare. 01:12.000 --> 01:18.000 The Open Cloud Security platform that I was covering more than 2,000 tests in public 01:18.000 --> 01:20.000 and not public cloud. 01:20.000 --> 01:23.000 And with the Open University of Catalonia, 01:23.000 --> 01:28.000 the time you know a master instructor and we have some master tests around this. 01:28.000 --> 01:33.000 With this, let's see what is the thing that we will cover today. 01:33.000 --> 01:37.000 The first and only to escape more as part of information. 01:37.000 --> 01:39.000 Do you know Open Nebula? 01:39.000 --> 01:43.000 Yes, some of you, okay. 01:43.000 --> 01:45.000 ProLare is clear. 01:45.000 --> 01:49.000 Let's see more some introduction because we know that there are some people that not. 01:49.000 --> 01:53.000 Previously my colleague Pablo presented Open Nebula 01:53.000 --> 01:58.000 and our support to devices where H has to converge 01:58.000 --> 02:00.000 and some initial definitions. 02:00.000 --> 02:04.000 I have not to be a teacher, but we need an introduction. 02:04.000 --> 02:07.000 We are in some European Commission projects 02:07.000 --> 02:09.000 and this is important to define the H. 02:09.000 --> 02:12.000 Because at the end, when you are talking to the H for a telecom operator, maybe the H for them 02:12.000 --> 02:16.000 is a one megabyte, one megabyte data center. 02:16.000 --> 02:20.000 You know, and maybe if you ask for you that what is H computing, 02:20.000 --> 02:23.000 you can answer that maybe it can be. 02:23.000 --> 02:28.000 This one computer that you are at home, not only 02:28.000 --> 02:31.000 we try to go with this definition. 02:31.000 --> 02:34.000 And the important thing here is about the latency. 02:34.000 --> 02:37.000 The latency is trying to define if we are in the H or not. 02:38.000 --> 02:42.000 If you can see here the image from this observatory from the Commission, 02:42.000 --> 02:46.000 we can see that if we are below 20 milliseconds, we are in the H. 02:46.000 --> 02:48.000 See now here we are in the H. 02:48.000 --> 02:53.000 For this, you know, it opens a lot of you know challenges, 02:53.000 --> 03:01.000 not only from innovation that we have to try to follow to release real things in the H. 03:01.000 --> 03:05.000 Something that I can highlight here is the physical and cyber security 03:05.000 --> 03:07.000 when you are in the H, theoretically. 03:07.000 --> 03:09.000 You can have to be, you know, 03:09.000 --> 03:13.000 or be aware of a tampering for instance, or you know, 03:13.000 --> 03:20.000 because at the end the device or the rack can be accessible for out of the data center. 03:20.000 --> 03:22.000 With this in mind, let's go. 03:22.000 --> 03:25.000 This is a line with a specific, you know, 03:25.000 --> 03:30.000 program that is called EPSI-C, that we are managing to build the 03:30.000 --> 03:31.000 architecture. 03:31.000 --> 03:38.000 And this is the last, the last architectural reference is in our version two. 03:38.000 --> 03:43.000 Where you can see that we are expanding to the IoT world. 03:43.000 --> 03:49.000 And this is that I, you know, try to explain in the in the title is that 03:49.000 --> 03:54.000 IoT has to be covered and at the end has to be protected. 03:54.000 --> 03:57.000 But in the way that if we were from the cloud, you know, 03:57.000 --> 04:02.000 with the fog until the edge of this IoT device is has to be, 04:02.000 --> 04:05.000 like the same stream. 04:05.000 --> 04:06.000 Okay. 04:06.000 --> 04:10.000 We are working in this project, the European project that is called OCI, 04:10.000 --> 04:14.000 that we are expanding this architecture to reach the IoT. 04:14.000 --> 04:16.000 And why we are doing this? 04:16.000 --> 04:19.000 The first, Open Nebula, at the end, Open Nebula, 04:19.000 --> 04:22.000 Assistant is the company this is behind Open Nebula. 04:22.000 --> 04:25.000 That is an open source solution. 04:25.000 --> 04:29.000 And this open source solution at the end with more than 20 years ago, 04:29.000 --> 04:33.000 that, you know, was born from the university. 04:33.000 --> 04:38.000 And now we are operating, you know, from private clouds to heavy clouds for 04:38.000 --> 04:40.000 multi clouds. 04:40.000 --> 04:44.000 As we have, we can provide something is now we will define Open Nebula. 04:44.000 --> 04:50.000 This open source Apache to, you know, license. 04:50.000 --> 04:53.000 When you can manage from your private cloud, 04:53.000 --> 04:56.000 we will work for this until a multi cloud. 04:56.000 --> 04:57.000 Is it this way? 04:57.000 --> 04:59.000 We are very agnostic to the hardware. 04:59.000 --> 05:02.000 But if you want to manage VMs, containers or Kubernetes, 05:02.000 --> 05:06.000 throw a cluster API and a multi hypervisor environment, 05:06.000 --> 05:08.000 throw KVM, LXC. 05:08.000 --> 05:11.000 In a district with a way, we are, you know, facilitating this. 05:11.000 --> 05:14.000 And this is the first step that we have to cover. 05:14.000 --> 05:18.000 If we want to run different workloads, maybe AI ready, 05:18.000 --> 05:20.000 in the, in the edge. 05:20.000 --> 05:24.000 With this, and we are now in the 7-0, we have to analyze from of the 05:24.000 --> 05:27.000 different options that we have to cover the edge. 05:27.000 --> 05:31.000 As you can see here, we put three cases, as an example. 05:31.000 --> 05:35.000 All, you know, for the typical private cloud solutions are not focus, 05:35.000 --> 05:39.000 you know, to cover the edge from now, okay? 05:39.000 --> 05:42.000 And we can say now that this support for arm, 05:42.000 --> 05:46.000 this inclusion of arm images in our marketplace, 05:46.000 --> 05:51.000 and mainly our reduced footprint that can be installed 05:51.000 --> 05:55.000 in a Raspberry Pi 5, can help with edge computing. 05:55.000 --> 06:00.000 And at the end, if you are trying to assume the continuum, 06:00.000 --> 06:03.000 and we are trying to be not only in the private core, 06:03.000 --> 06:07.000 that is our main, you know, business, 06:07.000 --> 06:09.000 is to have in their phone notes. 06:09.000 --> 06:13.000 And here you can see, as an example, for instance, 06:13.000 --> 06:16.000 our edge gateway, an edge gateway that is at the end 06:16.000 --> 06:19.000 for by definition, something that can aggravate services 06:19.000 --> 06:21.000 to provide in the edge. 06:21.000 --> 06:26.000 Because imagine, if we try to use all this private core 06:26.000 --> 06:29.000 with networking until the edge, we are in a real problem. 06:29.000 --> 06:34.000 Because the edge, maybe, is not being connected in the best way 06:34.000 --> 06:35.000 that we can. 06:35.000 --> 06:39.000 And what we are trying to reduce, this orchestration gaps, 06:39.000 --> 06:43.000 is that your control plane is near the workload. 06:43.000 --> 06:46.000 Always, and in the edge. 06:46.000 --> 06:50.000 With this, you can avoid to have this orchestration gaps 06:50.000 --> 06:51.000 that you can see here. 06:51.000 --> 06:53.000 We can put an example in a demo. 06:53.000 --> 06:57.000 This credentials, like edge, that can be distributed or not. 06:57.000 --> 07:00.000 And this, you know, container risk, 07:00.000 --> 07:05.000 when are not centralized in the data center. 07:05.000 --> 07:08.000 With this, we compare, you know, the different types of clouds. 07:08.000 --> 07:11.000 More centralized, more edge compute needs. 07:11.000 --> 07:16.000 And in this case, we have to align with this cloud security 07:16.000 --> 07:19.000 posterior management, that is the total for today. 07:19.000 --> 07:25.000 We can see that we need something that can out it all these installations. 07:25.000 --> 07:29.000 Because if we deploy, as you know, using infrastructure as code, 07:29.000 --> 07:33.000 the workload in the edge, who is following that the orchestrator 07:33.000 --> 07:35.000 that is distributed, it's okay. 07:35.000 --> 07:38.000 And this maintain its security levels. 07:38.000 --> 07:41.000 You know, maybe you have to maintain this without connectivity. 07:41.000 --> 07:45.000 You can have to maintain this in the edge without to reconnect it 07:45.000 --> 07:50.000 to this centralized cloud that we are now working on and mainly. 07:50.000 --> 07:57.000 And this is why we start this problem integration as a part of our orchestr system. 07:57.000 --> 08:02.000 And with this, about the problem. 08:02.000 --> 08:09.000 I put here this image, sorry, but we can simplify the image. 08:09.000 --> 08:17.000 With this image, the idea of problem is to, from this open cloud security mission, 08:17.000 --> 08:22.000 is to try to out it different hyperscalers, 08:22.000 --> 08:25.000 including, you know, Kubernetes. 08:25.000 --> 08:27.000 And this was day born for this. 08:27.000 --> 08:30.000 And they were doing a lot of good work. 08:31.000 --> 08:35.000 Because at the end, you can combine or you can run pro-layer 08:35.000 --> 08:39.000 from, you know, from your cloud, from your home, and now from the edge. 08:39.000 --> 08:43.000 But if you can see here, maybe you are represented here from projects 08:43.000 --> 08:50.000 in the virtualization market that you are doing, I don't know, 08:50.000 --> 08:54.000 or you are trying to solve this with some scripting. 08:54.000 --> 08:59.000 You are trying to check if the orchestrator is okay with some enterprise tools. 08:59.000 --> 09:05.000 But when we are focusing the edge, the idea is that we have to enlarge this list, 09:05.000 --> 09:08.000 and not only to cover the hyperscalers. 09:08.000 --> 09:11.000 Because we have to include this private clouds. 09:11.000 --> 09:14.000 And this is more or less the motivation that now, 09:14.000 --> 09:19.000 pro-layer, with open nebula and with some databases that can be installed, you know, 09:19.000 --> 09:23.000 out of a hyperscaler, we can combine. 09:23.000 --> 09:27.000 And this is something that please, if you are in an open source project, 09:27.000 --> 09:32.000 check in this case pro-layer and extensions that you can follow that we, 09:32.000 --> 09:36.000 you know, in this case, we are illustrating with open nebula. 09:36.000 --> 09:39.000 For what, and what you can do. 09:39.000 --> 09:42.000 At the end pro-layer, we can have a definition. 09:42.000 --> 09:48.000 This is this leading force, open source cloud security tool. 09:48.000 --> 09:51.000 With some checks, we have a CLI, 09:51.000 --> 09:56.000 the LCP, we have a specific front end to our grid, all this data to all this, 09:56.000 --> 10:02.000 all this, all this data, and with a pro-layer, you know, you can, 10:02.000 --> 10:05.000 you have a modular extension that you cannot, some new providers. 10:05.000 --> 10:08.000 And this is the thing that we did. 10:08.000 --> 10:12.000 In this case, I have to give some thanks to Danielle Rontome, 10:12.000 --> 10:15.000 and in case Tonya Fuente, this is a city of pro-layer, 10:15.000 --> 10:20.000 to go with this, and with this initial integration. 10:20.000 --> 10:23.000 This contribution at the end that you can see in GitHub, 10:23.000 --> 10:29.000 basically it is modular, and you will interact with pro-layer. 10:29.000 --> 10:30.000 Okay. 10:30.000 --> 10:34.000 In, you know, in a very interactive way, 10:34.000 --> 10:38.000 flow there, in this case, the API of open nebula. 10:38.000 --> 10:41.000 If you see the typical design and implementation, 10:41.000 --> 10:45.000 it's something that can run in the edge or in the cloud. 10:45.000 --> 10:48.000 And this checking is doing some audit with some tests. 10:49.000 --> 10:55.000 We will see a type of test, that I see interesting, you know, with the orchestrator. 10:55.000 --> 11:01.000 At the end, we have the specific connection that now is implemented 11:01.000 --> 11:07.000 through XML, RPC API, that you know is checking the different condition 11:07.000 --> 11:12.000 of the orchestrator to see if you fail or pass the test. 11:12.000 --> 11:13.000 Okay. 11:13.000 --> 11:14.000 Is the typical? 11:14.000 --> 11:22.000 That the wheel is blue straight here, that this auditor will be in the edge near the control plane. 11:22.000 --> 11:27.000 With this, what is the idea to have this zero-trust auditing? 11:27.000 --> 11:33.000 You know, because at the end, your security posture can change for, I don't know, 11:33.000 --> 11:40.000 because there are some un-ministration impact to your configuration, 11:40.000 --> 11:47.000 your VMs, your templates, this is more or less as an example. 11:47.000 --> 11:52.000 What is the security services and controls that we implemented now initially? 11:52.000 --> 11:59.000 The first, and this is more or less gradually, implemented by risk, is identity. 11:59.000 --> 12:04.000 You know, you have to ensure that you are from tent, in this case, your orchestrator, 12:04.000 --> 12:08.000 are in the best conditions about the access. 12:08.000 --> 12:15.000 You know, if you are passing ISO, something like that is something that they are insisting. 12:15.000 --> 12:20.000 You have to, your control plane has to be, you know, not safe. 12:20.000 --> 12:22.000 You have to be ensured. 12:22.000 --> 12:28.000 The second thing is that about networking, are you exposing some services to internet 12:28.000 --> 12:32.000 and you are not controlling this workflow? 12:32.000 --> 12:38.000 You are exposing some APIs, maybe the orchestrator APIs. 12:38.000 --> 12:43.000 What is the status of the firewalls of your workload in the H? 12:43.000 --> 12:48.000 The third family that we implemented is around all the VMs in first sector. 12:48.000 --> 12:53.000 It's at the end, are you using in the H and encrypted storage images? 12:53.000 --> 13:00.000 At the end, we are trying to avoid tampering, someone can grab your device, your rack, 13:00.000 --> 13:06.000 that can be in a farm, that can be in the forecast, that can be in a plant, industrial plant. 13:06.000 --> 13:08.000 And the last is about the compliance. 13:08.000 --> 13:12.000 That is important if you are trying to follow some of the derivatives that the commission, 13:12.000 --> 13:16.000 you know, around this, or you are in the bank sector, 13:16.000 --> 13:18.000 that you have to follow this. 13:18.000 --> 13:26.000 With this premises, let's see the environment that we are okay in time. 13:26.000 --> 13:30.000 Okay, nice. That we prepared the first. 13:30.000 --> 13:36.000 This is, you know, lab conditions, but we will use Raspberry Pi. 13:36.000 --> 13:41.000 In this case, this model 5, that is what you know presented previously, is capable, 13:41.000 --> 13:43.000 you know, to have our front end. 13:43.000 --> 13:54.000 In this case, open the control plane and a KBM hypervisor here and some workload. 13:54.000 --> 13:58.000 In this case, we will see two virtual machines. 13:58.000 --> 14:07.000 One that was emulating some services and the problem extension. 14:07.000 --> 14:13.000 The second, as you can see here, is Ubuntu Sember, server with KBM, 14:13.000 --> 14:20.000 with the last 7-0 version of Open Nebula, with a web interface that you can reach 14:20.000 --> 14:24.000 and access to a marketplace with some different appliance. 14:24.000 --> 14:30.000 This is very important that if now you want to test Open Nebula and see this in your laptop, 14:30.000 --> 14:36.000 your Raspberry Pi, in your server, in your supercomputer, please use mini-1. 14:36.000 --> 14:43.000 In two minutes, with all you know Ubuntu, if we can say, as operating system install, 14:43.000 --> 14:46.000 you can go with Open Nebula running. 14:46.000 --> 14:51.000 This is designed for testing, but please, if you're interested, you can use, 14:51.000 --> 15:00.000 you have here the QR to reach the GitHub to go with the mini-1 way. 15:00.000 --> 15:05.000 We have another option for today is not the scope of this presentation. 15:05.000 --> 15:10.000 The second thing is important is when you have the front end installed, 15:10.000 --> 15:12.000 you can reach our marketplace. 15:13.000 --> 15:16.000 It's where in our marketplace, that you can, you know, 15:16.000 --> 15:23.000 at the end, access appliances that are officially supported from the community. 15:23.000 --> 15:28.000 For instance, next cloud, mini-1, Phoenix, et cetera. 15:28.000 --> 15:33.000 And let's go to see this more or less in action. 15:33.000 --> 15:41.000 Yes, let's go with this. 15:41.000 --> 15:46.000 All you know about the GitHub, you know, this is the architecture, 15:46.000 --> 15:49.000 or the overall architecture of Open Nebula. 15:49.000 --> 15:56.000 Now, you can see that we can install and deploy in the DH. 15:56.000 --> 16:00.000 And what we are, what we prepare this, if you go to our front end, 16:00.000 --> 16:07.000 in this stage two sunstone, you will see that we have this installation in our Raspberry Pi, 16:07.000 --> 16:09.000 and in our armed device. 16:09.000 --> 16:14.000 You can see here that we put this name, et gateway to illustrate 16:14.000 --> 16:18.000 that the et gateway can be represented in the, in the et, 16:18.000 --> 16:24.000 who is providing networking, you know, and network services to the world, 16:24.000 --> 16:29.000 or the different VMs, containers, Kubernetes that can be here, 16:29.000 --> 16:33.000 and we will state this lab with two machines. 16:33.000 --> 16:36.000 When we can see the network, in this case, 16:36.000 --> 16:39.000 are the applications for the marketplace, and at the end, 16:39.000 --> 16:44.000 that you can bring to the installation and don't lot to provide the service, 16:44.000 --> 16:50.000 or everything can be done by API, a Terraform, Open Tofu, you know. 16:50.000 --> 16:54.000 And we have a specific built-in network that can be extended, 16:54.000 --> 16:57.000 you know, to the edge devices, so different glitches, 16:57.000 --> 17:01.000 can be extended in different sites with different overlays networks. 17:01.000 --> 17:05.000 And here we have the two VMs that are representing the lab. 17:05.000 --> 17:10.000 The first is the agent that is auditing, in this case, the front end, 17:10.000 --> 17:13.000 and the second, based, you know, in a little appliance, 17:13.000 --> 17:20.000 is who is offering a function as a service, you know, inside the, the ets lab. 17:20.000 --> 17:26.000 With this, we can conform, and with, what is the idea here with, 17:26.000 --> 17:28.000 with, with, with Proller? 17:28.000 --> 17:34.000 The idea with Proller is to check automatically and periodically, 17:34.000 --> 17:36.000 the state of this front end. 17:36.000 --> 17:40.000 Okay? We will see this in the next. 17:40.000 --> 17:45.000 Uh, yes? We can access the video. 17:45.000 --> 17:53.000 We can access two, throw message to the proller machine. 17:53.000 --> 17:55.000 Only you know, for Proller. 17:55.000 --> 17:59.200 you can visit their GitHub, was initially born 17:59.200 --> 18:01.520 to cover hyperscalers, and now we 18:01.520 --> 18:04.640 end the transition to cover this private approach 18:04.640 --> 18:06.480 like Open Nebula. 18:06.480 --> 18:09.760 At the end, we will see a report of Open Nebula 18:09.760 --> 18:13.840 from 10th after the first installation. 18:13.840 --> 18:17.640 You can see a lot of tests by including LLMs. 18:18.840 --> 18:24.360 Only it was here to illustrate that you can see the project. 18:24.360 --> 18:25.920 Only you know for the installation. 18:25.920 --> 18:29.120 At the end, you can use poetry to have 18:29.120 --> 18:32.360 a fresh installation for the CLI, and the idea 18:32.360 --> 18:35.280 is to illustrate this now. 18:39.560 --> 18:41.560 Let's go. 18:41.560 --> 18:44.280 We are now in the pro-eller machine. 18:44.280 --> 18:46.360 We will install the pro-eller. 18:46.360 --> 18:51.280 At the end, there is a pre-configure credentials 18:51.280 --> 18:54.240 to access the front end, in this case, the Open Nebula. 18:54.240 --> 18:58.280 You know, and to have the different checks. 18:58.280 --> 19:00.480 With this, you have an installation. 19:00.480 --> 19:02.760 We can install it, you can execute the test, 19:02.760 --> 19:05.240 and at the end, you can reach the results. 19:05.240 --> 19:07.640 By default, about the families of tests 19:07.640 --> 19:12.760 that we previously test, as you can see, we have two fails. 19:12.760 --> 19:14.840 The first is authentication and access control. 19:14.840 --> 19:18.280 By default, in Open Nebula, we will see what 19:18.280 --> 19:22.240 is doing at the end, you can provide credentials in the VM 19:22.240 --> 19:27.320 at template level, or you know, through the front end. 19:27.320 --> 19:29.920 And if you check pro-eller, we can see the report. 19:29.920 --> 19:36.520 You have JSON, CSV, or an HTML report with all the tests, 19:36.520 --> 19:39.520 and you can focus on you can introduce to your CM, 19:39.520 --> 19:41.920 or your certificate in system for security, 19:41.920 --> 19:47.560 to reach and to remedy the results of the audit. 19:47.560 --> 19:51.440 You can see that can be critical, it's medium. 19:51.440 --> 19:57.320 OK, with this, and only considering the time that we have. 19:57.320 --> 20:02.520 If we go that I have here the report for this check, 20:02.520 --> 20:07.160 we can go through this specific test. 20:07.160 --> 20:11.760 The first was that he detects, in some of the templates, 20:11.760 --> 20:15.480 we can see some credentials exposed. 20:15.480 --> 20:16.240 Well, exposed. 20:16.240 --> 20:22.400 Inside, you know, this front end that is out of your data center. 20:22.400 --> 20:26.240 And this is the one and the second, 20:26.240 --> 20:28.120 with a fresh installation of Open Nebula, 20:28.120 --> 20:31.960 is that they recommend, you know, to access the front end, 20:31.960 --> 20:35.960 or you know the API, please use an authentication method 20:35.960 --> 20:38.320 more, you know, secure. 20:38.320 --> 20:44.240 With this, if we continue with the presentation, 20:44.240 --> 20:51.640 this way, let's go with the last results. 20:51.640 --> 20:57.800 The first is for everyone, best practices for this sovereign, 20:57.800 --> 21:01.080 hybrid cloud, we are extending the cloud until the edge. 21:01.080 --> 21:04.280 The first is very important, if you are not doing this, 21:04.280 --> 21:08.680 you know, to have this hardened configuration for every PM, 21:08.680 --> 21:13.640 you know, un-recheck with these kind of tools, where they are online. 21:13.640 --> 21:16.640 And the second, this is how to make compliance, you know, 21:16.640 --> 21:19.080 is that you have to replace this manual outage 21:19.080 --> 21:22.000 that somehow it was at doing with something continuing, 21:22.000 --> 21:26.000 maybe in the cloud is easy, but what about if you are in the edge. 21:26.000 --> 21:30.520 And the second, you know, always, this minimum Bible permissions. 21:30.520 --> 21:32.440 About the experimental things that we are, 21:32.440 --> 21:35.720 and then probably is doing, and we are supporting, 21:35.720 --> 21:40.720 is this auto remediation plus AI plus MCP, 21:40.720 --> 21:43.720 that you know that's your own fashion? 21:43.720 --> 21:45.720 You can see here that we have, in GitHub, 21:45.720 --> 21:49.720 some of N6 security MCP servers list, with this inclusion, 21:49.720 --> 21:51.720 it's included, open-nevilize, 21:51.720 --> 21:55.720 it's included, a pro-layer, and our vision is that, 21:55.720 --> 21:58.720 and for all this system, cloud administrator, 21:58.720 --> 22:00.720 is that this, they are out, it probably is something, 22:00.720 --> 22:03.720 please, remediate, okay? 22:03.720 --> 22:05.720 And tell me, it is remediated. 22:05.720 --> 22:09.720 And with this, my last sentence for this, for them, 22:09.720 --> 22:14.720 people for security, people at the end, 22:14.720 --> 22:19.720 this visibility is our first line of defense in the cloud, 22:19.720 --> 22:22.720 and in the current competing continuum. 22:22.720 --> 22:26.720 And only some reminders from open-nevilize, 22:26.720 --> 22:29.720 when we have some talks this year, and we have a booth, 22:29.720 --> 22:34.720 if you want some stickers, or we want to have some extra discussion, 22:34.720 --> 22:38.720 extra questions, please, in level one of the building, 22:38.720 --> 22:45.720 K, near open-tofu, if we have, I think, I don't know, 22:45.720 --> 22:51.720 but we are there, and thank you for your time, please. 22:51.720 --> 22:59.720 And now, questions, 22:59.720 --> 23:06.720 questions? 23:06.720 --> 23:08.720 Okay. 23:08.720 --> 23:10.720 Any questions? 23:10.720 --> 23:11.720 Yes, please. 23:11.720 --> 23:14.720 I just have a question, because I didn't know the service 23:14.720 --> 23:17.720 pro-layer, and can you sell for, is it pro-layer, 23:17.720 --> 23:20.720 or not, so you could have our gap and stance of open-nevilize, 23:20.720 --> 23:24.720 you can sell for pro-layer, or how does it exactly work? 23:24.720 --> 23:26.720 Okay. 23:26.720 --> 23:30.720 Yes, the audience, I don't know your name, but the audience, 23:30.720 --> 23:35.720 is asking, at the end, you can have pro-layer in a stand-alone installation. 23:35.720 --> 23:40.720 Yes, see, at the end, out of the cloud service that they are offering, 23:40.720 --> 23:44.720 you can install, you know, and could you maintain, 23:44.720 --> 23:48.720 with the siliah and all the capabilities by your own, 23:48.720 --> 23:53.720 in your cloud that can be in the edge, without internet connection. 23:53.720 --> 23:54.720 Okay. 23:55.720 --> 24:04.720 Okay, please. 24:04.720 --> 24:07.720 Thanks. 24:07.720 --> 24:12.720 Okay, perfect.