 Hi colleagues, my name is Stanislav Ihnatenko and today I will tell you about the Pristine Machine project. It's a security solution that adds an additional security layer to the ecosystem that helps to protect the entire networking and the system operability on all layers. We protect all communications and even more. We are happy to be a part of OpenStack for a third year and I am glad to meet you again. The solution provides security for servers, desktops, laptops, networks, internet of things and of course cloud nodes. It's fully integrated to the OpenStack and the process can be controlled via OpenStack dashboard in the horizon. Pristine Networking provides encrypted peer-to-peer communications that are including leakage control and data flow management. It is completely and controlled in a central part of OpenStack so it is clear for the cloud administrator. Pristine Machine provides barometer instance security which means that each instance automatically gains a security layer after deployment which includes all pristine features. The security layer between the target operating system and hardware allows us to control, monitor, protect and sanitize all network communications. And it's not just networking, we can control any disk activity or memory usage. So what are our main targets? Sorry, looks like yep. Sorry, yeah it's working again. Thanks. So what are our main targets? Our main targets are private clouds, enterprises of different sites who consider, who needs an advanced security and requires a high level of security like finance or backing. However in this time more and more organizations needs additional protection like automotive informatics or healthcare industry. For example lately a lot of attacks were made on hospitals as it can be seen even from latest news and a lot of data, a lot of personal sensitive data was leaked to the attackers. Once again what we are trying to achieve is securing the user workstations like desktops or laptops encrypt all network traffic regardless of the application layer protocol. Interconnect different networks and different companies with a protected communication method. And secure internet of sync devices from external attacks. And of course secure self-instacked nodes with enhanced management console. So why to choose a pristine machine? A pristine machine is more than just some asset or set of assets it is an architecture that allows organization to use and to segregate any assets that are considered as necessary. And to make these assets unavailable for malicious actors. Pristine machine keeps the systems in a recoverable state all the time, nothing can corrupt it or destroy it completely. Additional security layer allows us to monitor disk or memory activities and perform specific actions if any suspicious activity has been detected. At the network communications all the network communications are isolated and can be controlled via one management interface. Each pristine machine includes a special sandbox which can be used to work with some sensitive data that must be prevented from leakage at any cost. In addition this sandbox can be used to verify some malicious or some suspicious software prior to execute it on the main operating system. Also pristine machine has integrated Swift framework which is really useful when an organization needs protected centralized storage. Now I forget to tell that pristine machine uses microbialization instead of microbialization and it creates an isolation of the whole hardware from the user operating system. It means that even if the user operating system is corrupted or even if it is infected it cannot affect our security layer and it cannot disable our protection. This layer works seamlessly and transparently for users so any user can continue work just as users do it usually. Microbialization allows us to protect the entire ecosystem as one so we create some standard for all ecosystem nodes. Generally we support Windows and Linux operating system as end user systems. We protect and keep them pristine in a pristine state and provide all features that I have mentioned before. The installation is very easy and all features starts working just out of the box. We have a roadmap to support macOS and we are looking forward to work with mobile operating system like Android and iOS. So let's see some examples of the infrastructure. On this picture you can see an organization which needs to establish some secured perimeter that must include some remote devices. These remote devices may be outside the safe place, safe area or even in different city, different country. In our case pristine machines can communicate only via encrypted channels. So even if different pristine machines are located on different continents they will use only protected networking. This networking does not require a single server, it needs server only for authentication but all communications are peer to peer. On the second picture we see how two network infrastructures are combined with our pristine gateways. All communication between these pristine gateways are also protected and administrator can create a policy which will restrict which communications are allowed, which are denied and which traffic must be recorded. If we are talking about enterprises we need to consider all available components. Pristine endpoints, pristine gateways and pristine cloud nodes. Unified encrypted networking allows us to support almost any existing infrastructure without seriously affecting it. So we can support existing open sec infrastructure even if it's completely old. Resources can be shared exactly how it's required by an organization if the policy is probably configured on the pristine gateways. So some resources can be available only for specific parts of the infrastructure. Gateway as a service allows secure internet of things, healthcare devices, networks and mobile and other remote devices which cannot be supported by the pristine machine but all their network communications can be protected. The last thing I want to show is our integration to the open stack dashboard. We have instanded the dashboard and added some additional tools to configure remote nodes and to create a policy which is required and which will be used by all cloud nodes. All communications between controller and nodes are encrypted so the controller can affect our protection. Here we have some sets of rule packs. Each rule packs may contain different rules, different restrictions for network communications, different directions for network traffic capturing and so on. The whole set of these rule packs creates the cloud policy. Let's check the rule creation. The rule creation is very easy. We need just some rule ID to identify it. We need to configure an external firewall, a built-in firewall for open stack cloud node which this node will not be able to violate. We can create a rule for capturing all network traffic to create some dump of the network traffic and configure a dual control feature to intercept specific traffic and perform necessary actions with this traffic. In this example we configure it to intercept SMTP SSL traffic. The last thing is to assign the pack to agent and perhaps it may be not an agent and even the whole department. Let's check the results. As a result we have a complete dump of network activities which allows us to analyze and find any incidents, any intentional or unintentional violations from the policy. Also we have a control over the network traffic. In our example it's SMTP traffic. We can allow or deny specific mail messages. If it's not allowed by the policy we can just drop it and keep the information unlinked. So let's do some summary. Pristine Machine is totally integrated with OpenStack APIs, especially storage and virtual networking. Pristine Machine provides total protocol encryption with very low overhead because we use kernel implementation of encryption. PM provides additional security with transport dual control workflow. And as a result Pristine Machine provides total cloud protection through the deployment of security on the foundation of virtual bare metal layer. The Pristine Machine architecture, technology, services and features offers users a full complement of high level assets, high level security assurance for mobility, secure bring your own device support and secure data for management with a built-in firewall. For OpenStack in particular Pristine Machine integrated integration provides a means to apply centralized security policies for legacy infrastructure even if this infrastructure is cloud native. In researching other partner options it's apparent that Pristine Machine is the only solution that supports that infrastructure and the only way to secure that infrastructure in a secured way. So thank you for your attention. I am ready for answering all your questions. Thanks. If you have any questions in future you just can stop by and see a demo at A14 booth. It's around here to the left. So thanks again for your attention and have a great day.