The document discusses Hypori, a platform for hosting Android securely in the cloud and accessing it via remote client apps. It provides an overview of Hypori terminology, typical deployments, technologies used such as SEAndroid and KVM, the product roadmap, and architectures for securing the ACE virtual devices, clients, and servers.
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Hypori Performance Webinar
1.
2. Slide 2
Host Android in the cloud, access via remote client apps:
Hypori ACE Servers
similar to VDI servers
Hypori ACE Client from public app
store or distributed by MAM
What is Hypori?
10. Slide 10
Sandbox AppsVMs / Containers
MAM
Don’t work on iOS, require ‘jail breaking’,
limited market traction, not suitable for BYOD.
Proprietary containers, typically just email,
browser + MS office, few apps, no sensors.
MDM
Cannot protect enterprise apps and data on
personal devices, DroidCloud VDM partner.
Miscellaneous
Thin Clients
Various security approaches, typically a
components of a broader solution.
Windows 7 not suited to mobile devices,
Win8 struggling
Less intrusive than MDM for BYOD, but also
less secure – low level of assurance.
Hypori compliments VDI thin clients, and is partnering with companies in every other box.
Enterprise Mobile Ecosystem
11. Slide 11
Mobile Teleworking
Tactical CloudSenior Leader Comms
A virtual smartphone for every soldier, running in
DISA’s DECC (the DoD cloud) – analogous to BYOD.
Forward deployed tactical clouds on land, sea and air
platforms for special operations forces.
Partners
NGOs as part of international aid efforts, logistics
providers, coalition partners.
Classified mobile communications for senior leaders
and other DoD personnel.
What are the DoD use cases?
12. Slide 12
• BYOD or EOD
• Securing MDM for sensitive data
• Email, calendar and web
• Transaction approvals
• Salesforce / CRM
• SAP / ERP
• In-house Android apps
• TripIt / travel management
• Phone calls / VTC
• BYOD published app mode
• Extending MDM to third parties
• Banking communications
• Doc reviews / deal rooms
• Viewing transaction activity
• Transaction approvals
• Treasury services
• Market information services
• Stock trading
CustomerEmployee
What are the banking use cases?
13. Slide 13
Hypori leverages
SEAndroid as the ACE
Virtual Device remote
OS, as well as existing
Android apps.
Hypori leverages Linux
with KVM as the
backend baseline for its
ACE Server.
Hypori leverages the
SPICE (Red Hat) protocol
as a foundation for its
communications / traffic
between the ACE Server
and ACE clients.
Client Apps for Android,
iOS, Windows 8, …
Linux & KVM for vHost,
OpenStack, SEAndroid/AOSP for
vDevice, plus storage, user
directory, AV, app store.
What technologies do we use?
15. Slide 15
Product – Roadmap
Hypori product progress and roadmap:
• Version 3.0: Q3, 14 – MVP for Enterprise Deployments.
Basic camera, server-side OpenGL / 3D, KitKat VD upgrade, SEAndroid,
tuned X.264, status bar bypass, notifications, client certs, S/MIME,
hardware crypto, high availability, geographical roaming, admin UI and
APIs, LDAP/AD integration, SELinux, Splunk auditing integration.
• Version 3.1: Q1, 15 – MVP for Multi-Tenant Private Cloud.
Client for Win8, remote camera / VTC, client-side OpenGL, media bypass,
keyboard bypass, more PKI auth options, app data/sensor access controls,
improved VD management and administration, basic instrumentation data
exposed to security partners.
• Version 3.2: Q2, 15 – MVP for Multi-Tenant Public Cloud.
Additional functionality TBD based on customer feedback, stability
improvements, house keeping.
• Version 4.0: Q3, 15 – MVP for Multi-Tenant Public Cloud.
Support for Google CTS, improved sensor support, Official Play support,
improved client-side OpenGL, more advanced security instrumentation
integration.
16. Slide 16
ACE Virtual Device
• SEAndroid providing:
o Privileged daemon
protection.
o Application isolation.
o Middleware controls.
o Instrumentation & auditing.
o App install protection.
o Limit app access to sensors.
• ‘Untrusted’ app sandboxing.
• Read only core OS partition.
• Centralized patching.
• MDM / MAM controls.
ACE Client
• Remote two factor auth.
• Remote signing and decryption.
• TLS (and VPN) encryption for
data in transit.
• GPS-based access policies.
• Attributes exposed for MDM
integration.
• Screenshot ‘prevention’.
• Integration with client-side
attestation technologies.
• Eventually, integration with
mobile device MTMs.
ACE Server
• Protocol aware firewall.
• KVM hypervisor containment.
• SELinux-based VD separation.
• Server-side TPM attestation.
• VPN service for apps in VDs.
• Network proxy for traffic
monitoring.
• System-wide app management.
• Behavioral and signature-based
malware detection.
• User behavioral biometrics.
• VD instrumentation / auditing.
Architecting for Defense in Depth
17. Slide 17
Hypori ACE Admin Authentication &
Connection
VPN (optional)
ENTERPRISE
INTERNET
ACE Management
Server
Web Server (nginx)
Enterprise
Directory
(LDAP / AD)
mongoDB
OpenStack
System
Present User Certificate (https / TLS v1.2)
1
Validate User Certificate
Signing Chain
2
Proxy http
3
Verify Account Status +
Password
Return valid user data +
LDAP parameters
4
Look up User by DN for Role
5
OpenStack API calls
6
REST API Calls
(https / TLS v1.2)
Splunk /
Nagios /
Monit / etc
HTML + JSON
7
3rd Party
Integration
18. Slide 18
Hypori ACE Client Authentication & Connection
ENTERPRISE
INTERNET
VPN (optional)
ACE Client
ACE Management
Server
Web Server (nginx)
Enterprise
Directory
(LDAP / AD)
mongoDB
OpenStack
System
Present User Certificate (TLS v1.2) +
LDAP Password
1
Validate User Certificate
Signing Chain
2
Proxy http
3
Verify Account Status +
Password
Return valid user data +
LDAP parameters
4
Look up User by DN for Role
5
ACE Virtual Device
Information
6
Deliver signed
Token w/ Compute
Node name + AVD TCP Port
7
Connect with signed token to
ACE Virtual Device using
the ACE Protocol over TLS v1.2
8
Splunk /
Nagios /
Monit / etc
3rd Party
Integration