WEBVTT 00:00.000 --> 00:09.000 Thanks everybody, can you hear me well? 00:09.000 --> 00:10.000 Fine. 00:10.000 --> 00:16.000 So, my name is André Boscaro. 00:16.000 --> 00:18.000 Can you hear me well? 00:18.000 --> 00:20.000 Okay, I will do this way. 00:20.000 --> 00:22.000 My name is André Boscaro. 00:22.000 --> 00:24.000 It's my first time at Fossdom. 00:24.000 --> 00:26.000 I'm a bit anxious and nervous. 00:26.000 --> 00:28.000 So, please stay with me and to the end. 00:29.000 --> 00:33.000 I am a senior product owner for the identity and access management in REL, 00:33.000 --> 00:38.000 specifically for SSSD, Symba, and IDM insights, 00:38.000 --> 00:44.000 which is the team behind what we did here that I present today. 00:44.000 --> 00:47.000 So, this is the agenda. 00:47.000 --> 00:49.000 We have the problem. 00:49.000 --> 00:53.000 We want to, we have to solve the pain-free 00:53.000 --> 00:56.000 management in hybrid cloud environments. 00:56.000 --> 01:00.000 The solution overview, which is called the Podango project. 01:00.000 --> 01:01.000 We will get there. 01:01.000 --> 01:05.000 Some brief technical details, because I'm just a product owner. 01:05.000 --> 01:08.000 So, we have more people who are skewed than me to explain that, 01:08.000 --> 01:10.000 but I will do my best. 01:10.000 --> 01:13.000 And we have documentation and other stuff. 01:13.000 --> 01:16.000 Demo time and some gaps in future opportunities. 01:16.000 --> 01:19.000 We identified it. 01:20.000 --> 01:24.000 So, just briefly speaking about me. 01:24.000 --> 01:27.000 I work in the identity and access management team at RELHET, 01:27.000 --> 01:30.000 as I previously mentioned. 01:30.000 --> 01:33.000 The Podango project is the hard work of 01:33.000 --> 01:37.000 a small team inside the entire identity and access management department. 01:37.000 --> 01:41.000 So, brilliant minds will get together to solve this, 01:41.000 --> 01:44.000 and it was pretty amazing work with them. 01:44.000 --> 01:47.000 This presentation is also a collaboration. 01:48.000 --> 01:52.000 So, previous week, it was presented at open everything, 01:52.000 --> 01:54.000 open in Australia. 01:54.000 --> 01:56.000 And today we are presenting here at Fauston, 01:56.000 --> 01:59.000 and in the next few weeks, it will be presented in the 01:59.000 --> 02:00.000 confinja. 02:00.000 --> 02:04.000 So, we are making a huge effort to spread the message about this. 02:04.000 --> 02:06.000 And about myself. 02:06.000 --> 02:09.000 I love to listen to other people's stories. 02:09.000 --> 02:14.000 So, if you see me, just come by and let's have a chat. 02:15.000 --> 02:17.000 I also learned to play through those words. 02:17.000 --> 02:19.000 It's a challenge that I put to myself, 02:19.000 --> 02:22.000 and I probably would get there sometime. 02:22.000 --> 02:26.000 And I'm a Brazilian, living in Europe for the past five years. 02:26.000 --> 02:29.000 And it's an incredible experience so far. 02:29.000 --> 02:33.000 So, I'm really loving it how Europeans are welcome foreigners. 02:33.000 --> 02:36.000 So, I really thank you everybody here. 02:36.000 --> 02:38.000 I assume it knowledge. 02:38.000 --> 02:43.000 So, a basic understanding of the computing cloud providers and VMs. 02:44.000 --> 02:49.000 Basic and intimate concepts like holding users, hbacks, etc. 02:49.000 --> 02:52.000 If you don't know those things, don't worry. 02:52.000 --> 02:55.000 We have experts here in the room that they can help you. 02:55.000 --> 02:57.000 Save your questions for a later. 02:57.000 --> 03:00.000 That we would try to address them all. 03:00.000 --> 03:03.000 So, what problem are we trying to solve? 03:03.000 --> 03:06.000 Imagine that you launched a virtual machine. 03:06.000 --> 03:09.000 Some questions just come to your mind. 03:09.000 --> 03:11.000 I'll do a authentication to that machine. 03:11.000 --> 03:17.000 Most often you have SSH key ready configured during the launch. 03:17.000 --> 03:21.000 But other questions may raise in a later future. 03:21.000 --> 03:25.000 How does it authentication to other machines or services? 03:25.000 --> 03:29.000 What if many users need to access the machine or different workloads? 03:29.000 --> 03:32.000 So, are you sharing our SSH keys? 03:32.000 --> 03:34.000 Do you have a single one to everybody? 03:34.000 --> 03:38.000 We know like assistant admins, how we serve her about it. 03:38.000 --> 03:41.000 And if someone leaves the company, are you need to revoke access to something? 03:41.000 --> 03:43.000 Are you changing everything again? 03:43.000 --> 03:46.000 So, not a good practice. 03:46.000 --> 03:49.000 How do you for a sexist policies? 03:49.000 --> 03:54.000 So, we came up with brainstorming some ideas. 03:54.000 --> 03:59.000 We know that SSH keys they work, but they don't scale well. 03:59.000 --> 04:04.000 If you have to scale that, you have to use SSH certificates, 04:04.000 --> 04:08.000 but require some special purpose PKI. 04:08.000 --> 04:11.000 Privilege account management, 30-part solutions. 04:11.000 --> 04:13.000 We are in an open-source conference. 04:13.000 --> 04:15.000 I will not talk about that. 04:15.000 --> 04:18.000 Corporate IDM, which is free IPA behind it. 04:18.000 --> 04:20.000 Need to real client somehow. 04:20.000 --> 04:22.000 So, every time a machine is launched, 04:22.000 --> 04:25.000 we have to somehow enroll it in this server. 04:25.000 --> 04:30.000 And corporate cloud-based IDM, which is in 3D. 04:30.000 --> 04:32.000 Not much here. 04:32.000 --> 04:35.000 So, we didn't touch that area. 04:35.000 --> 04:38.000 We are trying to, but we are not getting there yet. 04:38.000 --> 04:42.000 So, if I'm here, of course, we chose free IPA. 04:42.000 --> 04:48.000 Basically, this is the problem statement in a single image. 04:48.000 --> 04:52.000 So, imagine that we have the existing courses in the organization, 04:52.000 --> 04:54.000 and the domain using the free IPA. 04:54.000 --> 04:55.000 So, we have the servers. 04:55.000 --> 04:57.000 We have all the clients enrolled there. 04:57.000 --> 05:01.000 And you just have a new recent provided host. 05:01.000 --> 05:03.000 So, how do you manage that? 05:03.000 --> 05:07.000 So, this is the entire problem, because we have the SSH keys, 05:07.000 --> 05:11.000 or whatever you are using to this new provided host. 05:11.000 --> 05:13.000 It's that secure during the time delay 05:13.000 --> 05:16.000 until the machine is not enrolled in the server. 05:16.000 --> 05:18.000 You have to have a manual intervention. 05:18.000 --> 05:22.000 Intervention are a 30-part solution to handle that. 05:22.000 --> 05:26.000 And you don't want to share your credentials or leave it as it is. 05:26.000 --> 05:30.000 So, we wanted to come to that area to that solution 05:30.000 --> 05:34.000 in an automated fashion way. 05:34.000 --> 05:37.000 So, in the bottom line, we wanted to reduce the complexity 05:37.000 --> 05:40.000 and the cost using something automated. 05:40.000 --> 05:44.000 We don't want to sacrifice security in the name of the convenience, 05:44.000 --> 05:48.000 because we know how painful it is to do that manually 05:48.000 --> 05:50.000 and every day thing. 05:50.000 --> 05:54.000 And we want to use our already existing IPA service, 05:54.000 --> 05:58.000 whatever you have in the IDM system, to use whatever you 05:58.000 --> 06:01.000 already configured all the users, all the privilates, and everything. 06:01.000 --> 06:04.000 Let's take account of that and use that. 06:04.000 --> 06:07.000 Why do you have to create everything from scratch? 06:07.000 --> 06:10.000 And here it comes the podango. 06:10.000 --> 06:15.000 And we installed the podango inside this hybrid cloud console. 06:15.000 --> 06:17.000 I will not talk about the hybrid cloud console. 06:17.000 --> 06:21.000 We just use it for services and how I would demonstrate it. 06:21.000 --> 06:24.000 But you can use it on your own. 06:24.000 --> 06:26.000 So, this is podango. 06:26.000 --> 06:29.000 And of course, this dog is really cute. 06:29.000 --> 06:31.000 And why we chose this dog name? 06:31.000 --> 06:37.000 Because it's a bridge with three sub-breeds, a lot of cabers. 06:37.000 --> 06:43.000 So, we found it was a voting and of course, it won. 06:43.000 --> 06:48.000 The containers are using pod and it was written in the goal language. 06:48.000 --> 06:51.000 And every project should have t-shirts. 06:51.000 --> 06:54.000 That's we were discussing before and acute mascot. 06:54.000 --> 06:57.000 So, encourage you to find mascots for our projects. 06:57.000 --> 07:01.000 And here's the podango project website in GitHub. 07:01.000 --> 07:06.000 So, it contains, it's splitting to four things. 07:06.000 --> 07:12.000 We have the IDM, CFC backhand, which is the running in the red hat hybrid cloud console, 07:12.000 --> 07:17.000 which is the podango service as we name it later on in the presentation. 07:17.000 --> 07:19.000 It has the open API spec. 07:19.000 --> 07:25.000 If you are interested in it, we have the front end where you can make some configurations 07:25.000 --> 07:27.000 and interact with the podango service backhand. 07:27.000 --> 07:33.000 And we have two RPMs, the IPA, CCC server and the client, which perform the enrollment 07:33.000 --> 07:41.000 and the configuration, the service and the enrollment later on when the machine is launched. 07:41.000 --> 07:45.000 Briefly speaking about this, this is the infrastructure. 07:45.000 --> 07:47.000 We installed the podango service. 07:47.000 --> 07:51.000 So, our customers, they want to have the machines there. 07:51.000 --> 07:53.000 So, there is already pre-configured. 07:53.000 --> 07:57.000 They have this infrastructure, has a subscription manager. 07:57.000 --> 08:01.000 So, it knows about all the machines and the new recently launched ones. 08:01.000 --> 08:06.000 So, when you use the podango service at your own, you have to take that account 08:06.000 --> 08:11.000 to check in your infrastructure. 08:11.000 --> 08:15.000 So, basically, it's this opera has three acts. 08:15.000 --> 08:19.000 First, you register your domain in the podango services. 08:19.000 --> 08:21.000 Hey, this is my IP service. 08:21.000 --> 08:25.000 This is the domain. Please make sure you have it written there. 08:25.000 --> 08:31.000 The second step, I will just mention, but we are not like focusing on it. 08:31.000 --> 08:35.000 This hybrid cloud console has a way to create images. 08:35.000 --> 08:39.000 So, pretty much you just create an image, but in this case, you have to create 08:39.000 --> 08:41.000 with the RPM packages. 08:41.000 --> 08:46.000 So, your VM has this IPCC server in the client. 08:46.000 --> 08:53.000 So, once it's launched, it triggers the ACC client and tries to connect the IP service. 08:53.000 --> 08:58.000 And the last step, launching the machine itself, which we have a demo, 08:58.000 --> 09:01.000 and I would try to show that. 09:01.000 --> 09:06.000 So, this is what we achieved with the domain join. 09:06.000 --> 09:08.000 We leverage the existing IAM. 09:08.000 --> 09:12.000 So, you don't have to worry about creating everything from scratch. 09:12.000 --> 09:14.000 It's automates and emitted. 09:14.000 --> 09:18.000 And by immediately, I say less than two minutes. 09:18.000 --> 09:20.000 We try to record it. 09:20.000 --> 09:27.000 And we figured out some other 30 part things take more time than just immediately. 09:27.000 --> 09:29.000 So, we can discuss that later on. 09:29.000 --> 09:33.000 But briefly speaking, two minutes in your infrastructure. 09:33.000 --> 09:36.000 The machine is launched and the connection happens before it. 09:36.000 --> 09:38.000 It will be faster than here. 09:38.000 --> 09:41.000 And no credentials seen by the service in this case, 09:41.000 --> 09:47.000 HCC or your podango service or whatever you try to use with our own. 09:47.000 --> 09:50.000 How does it work? 09:50.000 --> 09:52.000 Yay, diagrams. 09:52.000 --> 09:56.000 So, we can split into two workflows. 09:56.000 --> 09:58.000 The first one is this registration. 09:58.000 --> 10:01.000 Where you go to podango service and you register the domain. 10:01.000 --> 10:06.000 And it later on can, hey, my machine is trying to connect. 10:06.000 --> 10:09.000 And here at the IP service and the things, 10:09.000 --> 10:11.000 you have to connect or to talk to. 10:11.000 --> 10:15.000 And the second flow is when the machine is actually launched. 10:15.000 --> 10:17.000 So, the machine is launched. 10:17.000 --> 10:18.000 Hey, I'm alive. 10:18.000 --> 10:19.000 I want to connect. 10:19.000 --> 10:21.000 Someone told me to reach out to you. 10:21.000 --> 10:24.000 Let's go ahead and do the transactions. 10:25.000 --> 10:28.000 So, the first one. 10:28.000 --> 10:30.000 One dot one. 10:30.000 --> 10:39.000 When the user goes to the guy and tries to register the domain join, 10:39.000 --> 10:42.000 it creates a token. 10:42.000 --> 10:48.000 And the user later on comes to the IP service and executes the IP. 10:48.000 --> 10:52.000 It's a see register with the token generated from the podango service. 10:52.000 --> 10:56.000 The IP service, we enroll it and generate and give all the details. 10:56.000 --> 10:58.000 This is the domain join. 10:58.000 --> 11:00.000 This is the domain. 11:00.000 --> 11:01.000 We have this of services. 11:01.000 --> 11:03.000 This is the topology. 11:03.000 --> 11:07.000 And one dot three calls the domains. 11:07.000 --> 11:11.000 And the podango service will restore this in its own database. 11:11.000 --> 11:14.000 So, once the machine is launched later on, 11:14.000 --> 11:15.000 I need to connect. 11:15.000 --> 11:17.000 Give me a list of services. 11:17.000 --> 11:21.000 Give me the topology and all the details that I need. 11:21.000 --> 11:24.000 Once everything happens successfully, 11:24.000 --> 11:28.000 once the user launched a client via a machine, 11:28.000 --> 11:30.000 this is what happens. 11:30.000 --> 11:31.000 So, the machine is alive. 11:31.000 --> 11:32.000 Hey, I'm alive. 11:32.000 --> 11:33.000 What should I do? 11:33.000 --> 11:39.000 So, it calls the podango service in the host conf. 11:39.000 --> 11:42.000 With the authorization token, it's sign it. 11:42.000 --> 11:44.000 Oops. 11:44.000 --> 11:50.000 It's a other iterative sign it by the podango service. 11:50.000 --> 11:53.000 And once the podango service recognizes that, 11:53.000 --> 11:54.000 okay, it's fine. 11:54.000 --> 11:55.000 Let's go ahead. 11:55.000 --> 11:58.000 It retrieves the information from the database. 11:58.000 --> 12:00.000 Okay, this is the domain you have to join. 12:00.000 --> 12:02.000 And this is the author. 12:02.000 --> 12:04.000 The sign it authority token. 12:04.000 --> 12:07.000 You have to talk to that IP server. 12:07.000 --> 12:09.000 This is the response to the three. 12:09.000 --> 12:10.000 Two dot four. 12:10.000 --> 12:15.000 The client tries to request, hey, the podango service. 12:15.000 --> 12:17.000 Asked me to talk to you. 12:17.000 --> 12:20.000 I want to roll in this IPA server. 12:20.000 --> 12:23.000 It's just remembered that the sending the token 12:23.000 --> 12:26.000 authorited by the podango service. 12:26.000 --> 12:29.000 The HTCC server recognizes that call. 12:29.000 --> 12:32.000 And okay, you are allowed to proceed. 12:32.000 --> 12:35.000 Let's enroll you in our IP server. 12:35.000 --> 12:38.000 Call in the 2.5 IP host add. 12:38.000 --> 12:41.000 So, all the things happen behind the scenes. 12:41.000 --> 12:46.000 And then 2.6, it performs a different IPA client install. 12:46.000 --> 12:50.000 Which install the IP client in that machine. 12:50.000 --> 12:52.000 And then it performs a key. 12:52.000 --> 12:55.000 Cabrals, PKI in it, and get to the key tab, 12:55.000 --> 12:58.000 and installs everything there. 12:58.000 --> 13:01.000 Hopefully, I did not miss anything. 13:01.000 --> 13:04.000 So, turbo shooting this. 13:04.000 --> 13:06.000 Our team faces a lot of issues. 13:06.000 --> 13:11.000 So, we try to share because it's sharing is caring. 13:11.000 --> 13:15.000 Several things have to be just right for this to work. 13:15.000 --> 13:18.000 So, while we did the presentation at the demo, 13:18.000 --> 13:22.000 you have to make sure the DNS, of course, it's always DNS. 13:22.000 --> 13:24.000 The problem. 13:24.000 --> 13:29.000 You have to make sure that the machines are visible, 13:29.000 --> 13:31.000 which are all during the same VPN in the same zone. 13:31.000 --> 13:34.000 They have like the firewalls and all these stuff. 13:34.000 --> 13:38.000 So, it happens the connections and the calls. 13:38.000 --> 13:42.000 HCC and IP server must be reachable from the cloud environment. 13:42.000 --> 13:44.000 That's pretty much what I said. 13:44.000 --> 13:50.000 DNS routes and firewalls can cause all problems and troubles. 13:50.000 --> 13:52.000 And IP uses a lot of ports. 13:52.000 --> 13:57.000 So, be mindful that a lot of calls with HPs, LDAPs, and the cabrals. 13:57.000 --> 13:59.000 So, it will happen behind the scenes. 13:59.000 --> 14:03.000 So, just investigate the firewalls and all the things 14:03.000 --> 14:07.000 if they are available to each other and they are seen each other. 14:07.000 --> 14:10.000 So, demo time. 14:11.000 --> 14:16.000 I will skip the registration because it's pretty early for what I mentioned. 14:16.000 --> 14:20.000 You pretty much registered the domain here and that's all. 14:20.000 --> 14:23.000 The server, the podango service, we will know, okay. 14:23.000 --> 14:28.000 When a machine is launched, it will connect to this server. 14:28.000 --> 14:33.000 The building on image, I will skip it for sure, 14:33.000 --> 14:37.000 because it talks about the HCC cloud, 14:37.000 --> 14:40.000 which is not the goal for this presentation. 14:40.000 --> 14:41.000 And this is the demo. 14:41.000 --> 14:45.000 Since we don't have a sound, I would do my best to do whatever 14:45.000 --> 14:51.000 for sure, record it here and explain it way better than I did. 14:51.000 --> 14:57.000 So, here we are in the HCC hybrid cloud console. 14:57.000 --> 14:59.000 So, here's the domain. 14:59.000 --> 15:03.000 So, when you create our infrastructure, this is the podango service behind the scenes. 15:03.000 --> 15:10.000 We just created, okay, this is the domain we want to join. 15:10.000 --> 15:12.000 It has five minutes. 15:12.000 --> 15:14.000 I have to synchronize the freezer. 15:14.000 --> 15:19.000 So, those are the tails and we have an image with the IPNs. 15:19.000 --> 15:22.000 So, here's just the most rating that we created the image. 15:22.000 --> 15:29.000 We set up the domain and now we can launch a machine with the proper IPNs. 15:29.000 --> 15:35.000 Probably, if you are using AWS, you have to select whatever the instance you want. 15:35.000 --> 15:42.000 And we have the template using the IPHCC server or client, sorry. 16:00.000 --> 16:05.000 I'm all free here. 16:05.000 --> 16:11.000 Once the machine is launched, now here we have, we will not use SSH keys, 16:11.000 --> 16:14.000 because otherwise, I wouldn't be here presenting that. 16:14.000 --> 16:21.000 It's an automated and fashion way, but this wizard flow requires to have an SSH key. 16:21.000 --> 16:27.000 So, we are just following other things guidance. 16:27.000 --> 16:30.000 But we actually don't need it in the end. 16:30.000 --> 16:31.000 So, here we review it. 16:31.000 --> 16:32.000 We launch it. 16:32.000 --> 16:36.000 We just wait for the IP address. 16:36.000 --> 16:37.000 Yep. 16:37.000 --> 16:38.000 It's there. 16:38.000 --> 16:40.000 So, the machine is launched. 16:40.000 --> 16:44.000 So, here it's where the two minutes that is privileged mentioned happen. 16:44.000 --> 16:46.000 So, the machine is launched. 16:46.000 --> 16:52.000 The RHSEM, which our subscription manager will be aware of the machine. 16:52.000 --> 16:56.000 We have something other things called like insights and other stuff. 16:56.000 --> 16:58.000 They will all orchestrate that. 16:58.000 --> 17:04.000 And it takes more or less two minutes until our server has awareness of the machine, 17:04.000 --> 17:07.000 because of all the transactions happening. 17:07.000 --> 17:12.000 But in your infrastructure, if you make it faster, it will be faster. 17:12.000 --> 17:16.000 I know that Frazier will in this demo. 17:16.000 --> 17:20.000 If you watch it live in the later on in the YouTube, the care code is there, 17:20.000 --> 17:21.000 but it cuts a bit. 17:21.000 --> 17:24.000 So, the presentation is available. 17:24.000 --> 17:29.000 Frazier speaks about all the technical details, which I don't remember so far. 17:29.000 --> 17:35.000 But first, he will wait for the two minutes for all the things we were facing. 17:35.000 --> 17:40.000 And he will go to the host at the IP server to make sure. 17:40.000 --> 17:41.000 Okay. 17:41.000 --> 17:42.000 Yes. 17:42.000 --> 17:45.000 So, the server is there. 17:45.000 --> 17:47.000 It's already rolled. 17:47.000 --> 17:50.000 And we are using our external IDP. 17:50.000 --> 17:57.000 So, we configured the user to go to GitHub and sign it that. 17:57.000 --> 17:59.000 So, the entry is already rolled. 17:59.000 --> 18:00.000 The machine is already there. 18:00.000 --> 18:04.000 As you can see, IP address is there. 18:04.000 --> 18:06.000 And it's available. 18:06.000 --> 18:12.000 And we selected to authorize through the external IDP using GitHub. 18:17.000 --> 18:27.000 So, now we will make the connection. 18:27.000 --> 18:32.000 It will give us a link to GitHub and a ping. 18:32.000 --> 18:37.000 In case you don't know about the external IDP, we have a presentation later today. 18:37.000 --> 18:39.000 We've sum it at no 35. 18:39.000 --> 18:43.000 And he will probably give further details about it. 18:43.000 --> 18:53.000 So, you have access that URL. 18:53.000 --> 19:00.000 Insert the ping. 19:00.000 --> 19:02.000 Authorize. 19:02.000 --> 19:04.000 And yay. 19:04.000 --> 19:13.000 You have a carburetor's ticket. 19:13.000 --> 19:17.000 So, you are logged with the external IDP user. 19:17.000 --> 19:21.000 In the domain, we showed. 19:21.000 --> 19:26.000 What are the status gaps and possible futures? 19:27.000 --> 19:30.000 The futures in production, but in preview mode. 19:30.000 --> 19:36.000 The IP, HTC, server, and clients are both available in the app and Fedora. 19:36.000 --> 19:38.000 The documentation is published. 19:38.000 --> 19:40.000 But needs expansion. 19:40.000 --> 19:44.000 Cloud providers, they have onboarding guides to come. 19:44.000 --> 19:47.000 We are collecting metrics for users and customers. 19:47.000 --> 19:49.000 I am responsible for that. 19:49.000 --> 19:51.000 So, we can understand better. 19:51.000 --> 19:54.000 Why is preventing you to use this feature? 19:54.000 --> 19:59.000 So, not the last one, but the feedback from you is really important. 19:59.000 --> 20:04.000 So, whatever you see, whatever you want to share with me, please reach out to us. 20:04.000 --> 20:07.000 It's more than a pleasure to listen from you. 20:07.000 --> 20:10.000 What we can help and how we can improve this. 20:10.000 --> 20:14.000 So, everybody can take advantage as we do as community. 20:14.000 --> 20:19.000 And we have one limitation is one active domain per organization. 20:19.000 --> 20:21.000 What come next? 20:21.000 --> 20:23.000 Okay. 20:23.000 --> 20:30.000 As Alexander mentioned before yesterday, Microsoft, in the 90s, they were really smart and clever. 20:30.000 --> 20:34.000 They took all the things that they have to work with customers. 20:34.000 --> 20:38.000 An active director is mainly used for our customers. 20:38.000 --> 20:43.000 So, yes, probably we have to add that support to make them happy. 20:43.000 --> 20:47.000 And we can expand the solution to more organizations. 20:47.000 --> 20:51.000 But we started with free APA. 20:51.000 --> 20:54.000 Very fire assist users with cloud environment setups. 20:54.000 --> 20:57.000 So, we know how the hype of the cloud is there. 20:57.000 --> 20:59.000 And people are using that a lot. 20:59.000 --> 21:04.000 So, why can't we help them to achieve the security with that? 21:04.000 --> 21:11.000 Support for multiple domains, domains, and other HTC specific integrations. 21:11.000 --> 21:16.000 So, a great vision is to have a single place where you can enroll your machines 21:16.000 --> 21:20.000 and can have everything under control in a single place. 21:20.000 --> 21:24.000 So, you don't have to go in multiple different directions and do this here. 21:24.000 --> 21:25.000 Do that there. 21:25.000 --> 21:28.000 This is a way to have a single unified it. 21:28.000 --> 21:31.000 It's the main. 21:31.000 --> 21:36.000 So, option one is if I pay with external IDP as we demonstrate it. 21:36.000 --> 21:40.000 And please don't miss some in stock at nine, nine, nine, 35. 21:40.000 --> 21:43.000 And option two, it's using local KTC. 21:43.000 --> 21:45.000 I'll extend it under the rest. 21:45.000 --> 21:48.000 Schneider will present that at 1335. 21:48.000 --> 21:51.000 If you're interested, don't miss it. 21:51.000 --> 21:54.000 If you want to use it, you're on. 21:54.000 --> 21:58.000 I would just leave some sharing is carry. 21:58.000 --> 22:00.000 So, this is what happened. 22:00.000 --> 22:04.000 Our architecture is not tightly bound to hybrid cloud console, 22:04.000 --> 22:09.000 but on the other hand, shameful truth, the code kind of is. 22:09.000 --> 22:17.000 So, if you want to use it, you have to implement some authority authentication calls. 22:17.000 --> 22:23.000 Using X509 or something else using the OTP join. 22:23.000 --> 22:26.000 This is the diagram that I wanted to show you. 22:26.000 --> 22:32.000 So, all those calls here from the Podango service to the IP server and the clients. 22:32.000 --> 22:34.000 They are authenticated. 22:34.000 --> 22:37.000 And now, so, this is 2.4 and the 2.7. 22:37.000 --> 22:41.000 So, if you want to implement in your infrastructure, please be mindful about that, 22:41.000 --> 22:44.000 because it won't work otherwise. 22:44.000 --> 22:48.000 And if you get a use case, again, please share with us. 22:48.000 --> 22:54.000 I'm Martin, gladiator, to listen from you and to help with whatever we can with our team. 22:54.000 --> 22:56.000 Conclusion. 22:56.000 --> 23:01.000 So, there are a bunch of links here and the commentations. 23:01.000 --> 23:06.000 And this is also this slide deck is here, and if you want to reach out to me, 23:06.000 --> 23:12.000 I don't have social media, I just have the link thing, which nowadays it's becoming a social media, 23:12.000 --> 23:16.000 but whatever they name it, please feel free to connect. 23:16.000 --> 23:19.000 And let's have a chat if you find me here. 23:19.000 --> 23:22.000 And questions. 23:28.000 --> 23:31.000 Any question? 23:31.000 --> 23:36.000 Thank you. 23:36.000 --> 23:39.000 Thank you everybody.