Docker and Security. September 28, 2017 VASCAN Michael Irwin

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Docker and Security. September 28, 2017 VASCAN Michael Irwin"

Transcription

1 Docker and Security September 28, 2017 VASCAN Michael Irwin

2 Quick Intro - Michael Irwin Graduated started full-time at VT Sept Started using Docker for QA June Attended first DockerCon August Deployed Summit (research admin app) First production IT project using Docker First IT project deployed on AWS Sept Started Blacksburg Docker Meetup Have met monthly since then March Recognized as Docker Captain

3 Any sufficiently advanced technology is equivalent to magic. - Arthur C. Clarke

4 In order to truly utilize any technology, you must first understand how it works and its motivations. - Someone, somewhere (me, now)

5

6 A container is... NOT a VM, but simply an isolated process Isolation is provided by kernel namespaces Process - PID 1 in container may be PID 3753 on host Network - container can have its own network interfaces/ip address/sockets Mount - container can have its own root filesystem/mountpoints User - root/user ID 1 in container may actually be user ID on host UTS - container gets its own hostname

7 Enough talk! Show me a container! github.com/soulwing/can

8 VMs vs Containers App 1 App 2 App 3 Bins/Libs Bins/Libs Bins/Libs Guest OS Guest OS Guest OS Hypervisor App 1 App 2 App 3 Bins/Libs Bins/Libs Bins/Libs Host Operating System Operating System Infrastructure Infrastructure

9 The container recipe A root filesystem Networking setup... To let the container talk to the world To let one container talk to others To expose ports from container to host Various namespaces Launch the initial command Clean things up afterwards

10 Introducing Docker Docker provides an integrated technology suite that enables development and IT operations teams to build, ship, and run applications anywhere. Build - package an application with its dependencies and environment Ship - share the package with all deployment environments Run - run, scale, and monitor your application

11 Let s run a Docker container!

12 Docker Images Every image contains a manifest and a collection of layers Each layer consists of... Metadata (json) - container config, reference to parent layer, etc A tarball of filesystem diffs

13 Using Layers Layers can be reused by multiple children Provides ability to have common base layers Since each layer is immutable, only one copy is needed Reduces both registry and local storage requirements App 1 App 2 Tomcat App 3 Wildfly OpenJDK 9 App 4 App 5 PHP 7.1 PHP 5.6 Apache httpd 2.4 Alpine Base Image

14 Creating Docker Images Preferred method is to create a Dockerfile Text-based script with commands to configure/create filesystem layers Allows it to be version controlled with a project Each command ends up being another layer in the Dockerfile Multi-stage builds allow final images to contain only runtime dependencies FROM mvn:3.5-jdk8 AS build WORKDIR /app COPY.. RUN mvn package FROM tomcat:7-jre8-alpine COPY --from=build /app/target/*.war /usr/local/tomcat/webapps

15

16

17

18

19 One environment to rule them all

20 Consistency in all Tiers Development CI/CD Server Developer pulls environment images and code Performs development in environment Pushes code Builds code and runs automated test suites Produces image using same environment base, but with build artifact added Push to image registry Staging/Production Images pulled on to various infrastructure (on-prem/cloud/hybrid)

21 Doing development in containers... Forces earlier collaboration with sysadmins Do you actually trust your devs to come up with safe base images? Gives confidence that the app will work the same everywhere Has allowed Summit to be deployed 49 times in the last year Images in registries can then be scanned for vulnerabilities!

22 Simplified Application Patching

23 Updated Patch Model No longer need to go to each individual machine and patch Simply update images to point to patched parent App 1 Tomcat App 2 App 3 Wildfly App 1 Tomcat OpenJDK 9 (VULNERABLE!!) Alpine Base Image App 2 App 3 Wildfly OpenJDK 9 (PATCHED)

24 Patch Demo!

25

26 Cattle, not Pets!

27 Leaner Hosts! Hosts only need to run containers Reduces potential attack vectors Reduces number of things that need to be patched Makes host machines easily replaceable No need to have direct access to the machine to "make tweaks" Lock yourself out of production "Use container-specific host OSs instead of general-purpose ones to reduce attack surfaces. When using a container-specific host OS, attack surfaces are typically much smaller than they would be with a general-purpose host OS, so there are fewer opportunities to attack and compromise a container-specific host OS. Accordingly, whenever possible, organizations should use container-specific host OSs to reduce their risk. However, it is important to note that container-specific host OSs will still have vulnerabilities over time that require remediation." -NIST draft Application Container Security Guide

28 New Hosts with Every Deploy! (why not?) Deployment (and patching) becomes Spin up new hosts Start containers on new hosts Transfer traffic to new containers Burn down old machines

29 Orchestration!

30 Some best practices... Base from official images as much as possible Keep images as minimal as possible Use --privileged very, very sparingly Install only what you need Use multi-stage builds to keep final images focused Treat such a container as any other process running as root Run containers in read-only mode (if possible) Limit user capabilities by using AppArmor, seccomp, SELinux Sign images when pushing to repos using Use Docker Bench benchmark to evaluate container host security

31 Get Started! Start experimenting you re already doing most of the work You don t need to do everything Day One Still deploy on the hosts you re using, but move artifacts using Docker

32 Keep in touch! Twitter - Docker Blacksburg Meetup (or another one near your location) Docker Community Slack

33 Thanks! Any questions?

Docker Security. Mika Vatanen

Docker Security. Mika Vatanen Docker Security Mika Vatanen 13.6.2017 About me Mika Vatanen, Solution Architect @ Digia 18 years at the industry, 6 months at Digia Established ii2 a Finnish MySpace, top-5 most used web service in Finland

More information

A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West

A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES Chris Van Tuin Chief Technologist, West cvantuin@redhat.com Open Source V In short, software is eating the world. - Marc Andreessen, Wall Street Journal,

More information

Who is Docker and how he can help us? Heino Talvik

Who is Docker and how he can help us? Heino Talvik Who is Docker and how he can help us? Heino Talvik heino.talvik@seb.ee heino.talvik@gmail.com What is Docker? Software guy view: Marriage of infrastucture and Source Code Management Hardware guy view:

More information

Docker 101 Workshop. Eric Smalling - Solution Architect, Docker

Docker 101 Workshop. Eric Smalling - Solution Architect, Docker Docker 101 Workshop Eric Smalling - Solution Architect, Docker Inc. @ericsmalling Who Am I? Eric Smalling Solution Architect Docker Customer Success Team ~25 years in software development, architecture,

More information

Deployment Patterns using Docker and Chef

Deployment Patterns using Docker and Chef Deployment Patterns using Docker and Chef Sandeep Chellingi Sandeep.chellingi@prolifics.com Agenda + + Rapid Provisioning + Automated and Managed Deployment IT Challenges - Use-cases What is Docker? What

More information

Con$nuous Deployment with Docker Andrew Aslinger. Oct

Con$nuous Deployment with Docker Andrew Aslinger. Oct Con$nuous Deployment with Docker Andrew Aslinger Oct 9. 2014 Who is Andrew #1 So#ware / Systems Architect for OpenWhere Passion for UX, Big Data, and Cloud/DevOps Previously Designed and Implemented automated

More information

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes

More information

Building A Better Test Platform:

Building A Better Test Platform: Building A Better Test Platform: A Case Study of Improving Apache HBase Testing with Docker Aleks Shulman, Dima Spivak Outline About Cloudera Apache HBase Overview API compatibility API compatibility testing

More information

In-cluster Open Source Testing Framework

In-cluster Open Source Testing Framework In-cluster Open Source Testing Framework For Docker containers Neil Gehani Sr. Product Manager, HPE-SW @GehaniNeil About me Former Software Engineer 10+ Years as a Product Manager Previously at: LinkedIn,

More information

Docker und IBM Digital Experience in Docker Container

Docker und IBM Digital Experience in Docker Container Docker und IBM Digital Experience in Docker Container 20. 21. Juni 2017 IBM Labor Böblingen 1 What is docker Introduction VMs vs. containers Terminology v Docker components 2 6/22/2017 What is docker?

More information

Best Practices for Developing & Deploying Java Applications with Docker

Best Practices for Developing & Deploying Java Applications with Docker JavaOne 2017 CON7957 Best Practices for Developing & Deploying Java Applications with Docker Eric Smalling - Solution Architect, Docker Inc. @ericsmalling Who Am I? Eric Smalling Solution Architect Docker

More information

Docker CaaS. Sandor Klein VP EMEA

Docker CaaS. Sandor Klein VP EMEA Docker CaaS Sandor Klein VP EMEA The Docker mission Build Ship Run Distributed Applica ons Anywhere Docker Driving the Containerization Movement Build, Ship, Run Distributed Applications Anywhere Docker

More information

Orchestrate JBoss Middleware with Ansible Tower Red Hat Summit San Francisco

Orchestrate JBoss Middleware with Ansible Tower Red Hat Summit San Francisco Orchestrate JBoss Middleware with Ansible Tower Red Hat Summit 2016 - San Francisco Marc Zottner Architect, Red Hat mzottner@redhat.com 29/06/2016 Roeland van de Pol Architect, Red Hat rvandepol@redhat.com

More information

CONTAINERS AND MICROSERVICES WITH CONTRAIL

CONTAINERS AND MICROSERVICES WITH CONTRAIL CONTAINERS AND MICROSERVICES WITH CONTRAIL Scott Sneddon Sree Sarva DP Ayyadevara Sr. Director Sr. Director Director Cloud and SDN Contrail Solutions Product Line Management This statement of direction

More information

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat Linux Containers Roadmap Red Hat Enterprise Linux 7 RC Bhavna Sarathy Senior Technology Product Manager, Red Hat Linda Wang Senior Eng. Manager, Red Hat Bob Kozdemba Principal Soln. Architect, Red Hat

More information

Safety and Speed How Tenable Runs Swift and Sure in a DevOps World

Safety and Speed How Tenable Runs Swift and Sure in a DevOps World SESSION ID: GPS-F02B Safety and Speed How Tenable Runs Swift and Sure in a DevOps World Dave Cole Chief Product Officer Tenable @mediafishy Agenda The Problem Hypothesis What We Did Results Key Takeaways

More information

Going Journey to Docker Production. Add picture here. Bret Fisher. DevOps Consultant Docker Captain Author of Udemy's Docker Mastery

Going Journey to Docker Production. Add picture here. Bret Fisher. DevOps Consultant Docker Captain Author of Udemy's Docker Mastery Add picture here Going Journey to Docker Production Bret Fisher DevOps Consultant Docker Captain Author of Udemy's Docker Mastery Why Are We Here? Want Docker in production Want to orchestrate containers

More information

Docker and Oracle Everything You Wanted To Know

Docker and Oracle Everything You Wanted To Know Docker and Oracle Everything You Wanted To Know June, 2017 Umesh Tanna Principal Technology Sales Consultant Oracle Sales Consulting Centers(SCC) Bangalore Safe Harbor Statement The following is intended

More information

InterSystems Cloud Manager & Containers for InterSystems Technologies. Luca Ravazzolo Product Manager

InterSystems Cloud Manager & Containers for InterSystems Technologies. Luca Ravazzolo Product Manager InterSystems Cloud Manager & Containers for InterSystems Technologies Luca Ravazzolo Product Manager InterSystems Cloud Manager 1. What is it? 2. How does it work & How do I use it? 3. Why is it interesting?

More information

Overcoming the Challenges of Automating Security in a DevOps Environment

Overcoming the Challenges of Automating Security in a DevOps Environment SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial

More information

Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2

Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2 Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2 Ian Massingham AWS Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Agenda Containers

More information

Installing and Using Docker Toolbox for Mac OSX and Windows

Installing and Using Docker Toolbox for Mac OSX and Windows Installing and Using Docker Toolbox for Mac OSX and Windows One of the most compelling reasons to run Docker on your local machine is the speed at which you can deploy and build lab environments. As a

More information

Improving the Yocto Project Developer Experience. How New Tools Will Enable a Better Workflow October 2016 Henry Bruce

Improving the Yocto Project Developer Experience. How New Tools Will Enable a Better Workflow October 2016 Henry Bruce Improving the Yocto Project Developer Experience How New Tools Will Enable a Better Workflow October 2016 Henry Bruce (henry.bruce@intel.com) Introduction We ll be talking about developer workflow improvements

More information

CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT

CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote "Using Docker" for O'Reilly 40% Discount with AUTHD code Free Docker Security minibook http://www.oreilly.com/webops-perf/free/dockersecurity.csp

More information

Containers & Microservices For Realists. Karthik

Containers & Microservices For Realists. Karthik Containers & Microservices For Realists Karthik Gaekwad @iteration1 Karthik Gaekwad @iteration1 Principal Member of Technical Staff Oracle Container Cloud Team Previous: 10 years building cloud products

More information

From Containers to Cloud with Linux on IBM Z. Utz Bacher STSM Linux and Containers on IBM Z

From Containers to Cloud with Linux on IBM Z. Utz Bacher STSM Linux and Containers on IBM Z From Containers to Cloud with Linux on IBM Z Utz Bacher STSM Linux and Containers on IBM Z A Message Brought To You By Our Lawyers Trademarks of International Business Machines

More information

W11 Hyper-V security. Jesper Krogh.

W11 Hyper-V security. Jesper Krogh. W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:

More information

Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via

Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers. Michael Cherny @chernymi Sagie Dulce @SagieSec

More information

CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE

CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE JAN WILLIES Global Kubernetes Lead at Accenture Technology jan.willies@accenture.com CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE SVEN MENTL Cloud-native at Accenture Technology ASG sven.mentl@accenture.com

More information

A Security State of Mind: Container Security. Chris Van Tuin Chief Technologist, West

A Security State of Mind: Container Security. Chris Van Tuin Chief Technologist, West A Security State of Mind: Container Security Chris Van Tuin Chief Technologist, West cvantuin@redhat.com AGENDA Why Linux Containers? CONTAINER What are Linux Containers? APP LIBS Container Security HOST

More information

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015 Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services Redhat Summit 2015 Agenda Introduction Why Application Centric Application Deployment Options What is Microservices Infrastructure

More information

I keep hearing about DevOps What is it?

I keep hearing about DevOps What is it? DevOps & OpenShift I keep hearing about DevOps What is it? FOR MANY ORGANIZATIONS, WHAT IS I.T. LIKE TODAY? WATERFALL AND SILOS Application Version X DEVELOPMENT OPERATIONS IT OPS IS UNDER PRESSURE ENVIRONMENT

More information

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016 Introduction to Container Technology Patrick Ladd Technical Account Manager April 13, 2016 Container Technology Containers 3 "Linux Containers" is a Linux kernel feature to contain a group of processes

More information

Utilizing Oracle Solaris Containers with Oracle Database. Björn Rost

Utilizing Oracle Solaris Containers with Oracle Database. Björn Rost Utilizing Oracle Solaris Containers with Oracle Database Björn Rost about us Software Production company founded 2001 mostly J2EE logistics telco media and publishing customers expect full lifecycle support

More information

Docker. Master the execution environment of your applications. Aurélien Dumez. Inria Bordeaux - Sud-Ouest. Tuesday, March 24th 2015

Docker. Master the execution environment of your applications. Aurélien Dumez. Inria Bordeaux - Sud-Ouest. Tuesday, March 24th 2015 Docker Master the execution environment of your applications Aurélien Dumez Inria Bordeaux - Sud-Ouest Tuesday, March 24th 2015 Aurélien Dumez Docker 1 / 34 Content 1 The bad parts 2 Overview 3 Internals

More information

Continuous Integration using Docker & Jenkins

Continuous Integration using Docker & Jenkins Jenkins LinuxCon Europe 2014 October 13-15, 2014 Mattias Giese Solutions Architect giese@b1-systems.de - Linux/Open Source Consulting, Training, Support & Development Introducing B1 Systems founded in

More information

OCI Runtime Tools for Container Standardization

OCI Runtime Tools for Container Standardization OCI Runtime Tools for Container Standardization Ma Shimiao Agenda Background OCI Introduction Runtime Tools Our Contribution Future Plans Q&A 1 Background Container-based

More information

SCALING DRUPAL TO THE CLOUD WITH DOCKER AND AWS

SCALING DRUPAL TO THE CLOUD WITH DOCKER AND AWS SCALING DRUPAL TO THE CLOUD WITH DOCKER AND AWS Dr. Djun Kim Camp Pacific OUTLINE Overview Quick Intro to Docker Intro to AWS Designing a scalable application Connecting Drupal to AWS services Intro to

More information

SBB. Java User Group 27.9 & Tobias Denzler, Philipp Oser

SBB. Java User Group 27.9 & Tobias Denzler, Philipp Oser OpenShift @ SBB Java User Group 27.9 & 25.10.17 Tobias Denzler, Philipp Oser Who we are Tobias Denzler Software Engineer at SBB IT Java & OpenShift enthusiast @tobiasdenzler Philipp Oser Architect at ELCA

More information

RED HAT'S CONTAINER STRATEGY. Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015

RED HAT'S CONTAINER STRATEGY. Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015 RED HAT'S CONTAINER STRATEGY Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015 1 DEVELOPMENT VS I.T. OPERATIONS DEVELOPER IT OPERATIONS 2 DEVELOPERS WANT TO GO FAST DEVELOPER 3 HOW

More information

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION Stephanos D Bacon Product Portfolio Strategy, Application Platforms Stockholm, 13 September 2017 1 THE PATH TO DIGITAL LEADERSHIP IT

More information

A Greybeard's Worst Nightmare

A Greybeard's Worst Nightmare A Greybeard's Worst Nightmare How Kubernetes and Containers are re-defining the Linux OS Daniel Riek, Red Hat April 2017 Greybeard Greybeards fight Balrogs. They hate systemd. They fork distributions.

More information

One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co.

One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co. One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co thomas@endocode.com HI! Thomas Fricke thomas@endocode.com CTO Endocode System Automation DevOps Cloud, Database and Software Architect

More information

Containerization Dockers / Mesospere. Arno Keller HPE

Containerization Dockers / Mesospere. Arno Keller HPE Containerization Dockers / Mesospere Arno Keller HPE What is the Container technology Hypervisor vs. Containers (Huis vs artement) A container doesn't "boot" an OS instead it loads the application and

More information

Docker and Splunk Development

Docker and Splunk Development Docker and Splunk Development Empowering Splunk Development with Docker Ron Cooper & David Kraemer Booz Allen Hamilton 26 September 2017 Washington, DC Forward-Looking Statements During the course of this

More information

CONTAINERIZING JOBS ON THE ACCRE CLUSTER WITH SINGULARITY

CONTAINERIZING JOBS ON THE ACCRE CLUSTER WITH SINGULARITY CONTAINERIZING JOBS ON THE ACCRE CLUSTER WITH SINGULARITY VIRTUAL MACHINE (VM) Uses so&ware to emulate an en/re computer, including both hardware and so&ware. Host Computer Virtual Machine Host Resources:

More information

Add picture here. Bret Fisher. Going Production with Docker and Swarm

Add picture here. Bret Fisher. Going Production with Docker and Swarm Add picture here Going Production with Docker and Swarm Bret Fisher DevOps Consultant Docker Captain, Dell {code} Catalyst Author of Udemy's Docker Mastery Add picture here Slides! bretfisher.com/slides

More information

Red Hat Roadmap for Containers and DevOps

Red Hat Roadmap for Containers and DevOps Red Hat Roadmap for Containers and DevOps Brian Gracely, Director of Strategy Diogenes Rettori, Principal Product Manager Red Hat September, 2016 Digital Transformation Requires an evolution in... 2 APPLICATIONS

More information

There's More to Docker than the Container The Docker Platform

There's More to Docker than the Container The Docker Platform There's More to Docker than the Container The Docker Platform Kendrick Coleman {code} by Dell EMC @KendrickColeman github.com/kacole2 Fabio Chiodini dotnext Team Dell EMC @FabioChiodini github.com/fabiochiodini

More information

Build & Launch Tools (BLT) Automating best practices for enterprise sites

Build & Launch Tools (BLT) Automating best practices for enterprise sites Build & Launch Tools (BLT) Automating best practices for enterprise sites Who are you? Matthew Grasmick @grasmash on Drupal.org, twitter, etc. Acquia Professional Services, 4yrs Drupalist, 9yrs Maintainer

More information

Software containers are likely to become a very important tool over the

Software containers are likely to become a very important tool over the MARK LAMOURINE Mark Lamourine is a senior software developer at Red Hat. He s worked for the last few years on the OpenShift project. He s a coder by training, a sysadmin and toolsmith by trade, and an

More information

WHITE PAPER SEPTEMBER 2017 VSPHERE INTEGRATED CONTAINERS 1.2. Architecture Overview

WHITE PAPER SEPTEMBER 2017 VSPHERE INTEGRATED CONTAINERS 1.2. Architecture Overview WHITE PAPER SEPTEMBER 2017 VSPHERE INTEGRATED CONTAINERS 1.2 Architecture Overview Table of Contents vsphere Integrated Containers Overview...4 vsphere Integrated Containers Design Objectives...4 vsphere

More information

MODERNIZING TRADITIONAL SECURITY:

MODERNIZING TRADITIONAL SECURITY: GUIDE TO MODERNIZING TRADITIONAL SECURITY: The Advantages of Moving a Legacy Application to Containers The Leading Cloud Native Cybersecurity Platform Understanding Lift and Shift As containers become

More information

Application Virtualization and Desktop Security

Application Virtualization and Desktop Security Application Virtualization and Desktop Security Karl MacMillan kmacmillan@tresys.com Tresys Technology 1 Application Virtualization Introduction Encapsulates a single application Bundles application into

More information

XAMPP Web Development Stack

XAMPP Web Development Stack Overview @author R.L. Martinez, Ph.D. The steps below outline the processes for installing the XAMPP stack on a local machine. The XAMPP (pronounced Zamp) stack includes the following: Apache HTTP Server,

More information

Containers Infrastructure for Advanced Management. Federico Simoncelli Associate Manager, Red Hat October 2016

Containers Infrastructure for Advanced Management. Federico Simoncelli Associate Manager, Red Hat October 2016 Containers Infrastructure for Advanced Management Federico Simoncelli Associate Manager, Red Hat October 2016 About Me Kubernetes Decoupling problems to hand out to different teams Layer of abstraction

More information

Containers and the Evolution of Computing

Containers and the Evolution of Computing Containers and the Evolution of Computing Matt Nowina Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling Applications Order UI User UI Shipping UI Order

More information

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,

More information

ROBIN SYSTEMS. Containerizing Oracle: Not Thinking About It Yet? You Should Be!!!

ROBIN SYSTEMS. Containerizing Oracle: Not Thinking About It Yet? You Should Be!!! ROBIN SYSTEMS Containerizing Oracle: Not Thinking About It Yet? You Should Be!!! ABOUT ME Over 19 years of experience across Databases, & big data applications Director of Products, Robin Systems Virtualizing

More information

CONTINUOUS INTEGRATION CONTINUOUS DELIVERY

CONTINUOUS INTEGRATION CONTINUOUS DELIVERY USING KUBERNETES FOR CONTINUOUS INTEGRATION AND CONTINUOUS DELIVERY Carlos Sanchez csanchez.org / @csanchez ABOUT ME Engineer @ CloudBees, Scaling Jenkins Author of Jenkins Kubernetes plugin Contributor

More information

6 Key Use Cases for Securing Your Organization s Cloud Workloads. 6 Key Use Cases for Securing Your Organization s Cloud Workloads

6 Key Use Cases for Securing Your Organization s Cloud Workloads. 6 Key Use Cases for Securing Your Organization s Cloud Workloads 6 Key Use Cases for Securing Your Organization s Cloud Workloads 1 6 Key Use Cases for Securing Your Organization s Cloud Workloads Table of Contents Introduction: The Continuing Rise of Cloud Adoption

More information

Running Splunk Enterprise within Docker

Running Splunk Enterprise within Docker Running Splunk Enterprise within Docker Michael Clayfield Partner Consultant 03/09/2017 1.1 Forward-Looking Statements During the course of this presentation, we may make forward-looking statements regarding

More information

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform.

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform. Taming your heterogeneous cloud with Red Hat OpenShift Container Platform martin@redhat.com Business Problem: Building a Hybrid Cloud solution PartyCo Some Bare Metal machines Mostly Virtualised CosPlayUK

More information

Handel-CodePipeline Documentation

Handel-CodePipeline Documentation Handel-CodePipeline Documentation Release 0.0.6 David Woodruff Dec 11, 2017 Getting Started 1 Introduction 3 2 Installation 5 3 Tutorial 7 4 Using Handel-CodePipeline 11 5 Handel-CodePipeline File 13

More information

Virtualization and Security

Virtualization and Security Virtualization and Security Steve Riley Senior Security Strategist Microsoft Trustworthy Computing steve.riley@microsoft.com http://blogs.technet.com/steriley 1 2 New! Evolution Usage scenarios 1. One

More information

Pragmatic Cloud Security

Pragmatic Cloud Security Pragmatic Cloud Security Rich Mogull, Analyst & CEO, Securosis, LLC @rmogull events.techtarget.com Information Security Decisions TechTarget This Old Process Assess Redesign Secure Inspect Profit! Information

More information

Container Security. Daniel J Walsh Consulting Engineer Blog: danwalsh.livejournal.com

Container Security. Daniel J Walsh Consulting Engineer Blog: danwalsh.livejournal.com Container Security Daniel J Walsh Consulting Engineer Twitter: @rhatdan Blog: danwalsh.livejournal.com Email: dwalsh@redhat.com Container Security Container Security As explained by the three pigs Chapter

More information

Applying Container Technology to the Virtualized Ground System

Applying Container Technology to the Virtualized Ground System Applying Container Technology to the Virtualized Ground System GSAW 2017 Looking Beyond the Horizon Richard Monteleone 2017 by RT LOGIC Inc. Published by The Aerospace Corporation with permission All brands

More information

Azure Day Application Development. Randy Pagels Sr. Developer Technology Specialist US DX Developer Tools - Central Region

Azure Day Application Development. Randy Pagels Sr. Developer Technology Specialist US DX Developer Tools - Central Region Azure Day Application Development Randy Pagels Sr. Developer Technology Specialist US DX Developer Tools - Central Region Azure App Service.NET, Java, Node.js, PHP, Python Auto patching Auto scale Integration

More information

Locking Down ColdFusion Pete Freitag, Foundeo Inc. foundeo

Locking Down ColdFusion Pete Freitag, Foundeo Inc. foundeo Locking Down ColdFusion Pete Freitag, Foundeo Inc. foundeo Who am I? Over 10 years working with ColdFusion Owner of Foundeo Inc a ColdFusion consulting & Products company Author, Blogger, and Twitterer?

More information

TM DevOps Use Case TechMinfy All Rights Reserved

TM DevOps Use Case TechMinfy All Rights Reserved Document Details Use Case Name TMDevOps Use Case01 First Draft 5 th March 2018 Author Reviewed By Prabhakar D Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Use Case Description... 4 Primary

More information

Securing the Modern Data Center with Trend Micro Deep Security

Securing the Modern Data Center with Trend Micro Deep Security Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public

More information

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2 CNA1699BE Running Docker on your Existing Infrastructure with vsphere Integrated Containers VMworld 2017 Content: Not for publication Martijn Baecke, Robbie Jerrom #vmworld #CNA1699BE VMworld 2017 Robbie

More information

Docker Cheat Sheet. Introduction

Docker Cheat Sheet. Introduction Docker Cheat Sheet Introduction Containers allow the packaging of your application (and everything that you need to run it) in a "container image". Inside a container you can include a base operational

More information

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Jeremy Oakey - Sr. Director, Technical Marketing & Integrations BRKCLD-2008 Agenda Introduction Architecture

More information

Deploying applications to Heterogeneous Hardware using Rancher and Docker

Deploying applications to Heterogeneous Hardware using Rancher and Docker Deploying applications to Heterogeneous Hardware using Rancher and Docker Bruno Grazioli Research Assistant, ZHAW 14th Docker Switzerland User Group Meetup 31st May 2017 Outline Brief introduction to Rancher

More information

30 th September 2017 Milan

30 th September 2017 Milan 30 th September 2017 Milan SharePoint Framework tips & tricks Giuseppe Marchi, Dev4Side S.r.l. www.peppedotnet.it www.office365italia.com Hi, my name is Peppe! Co-founder of Dev4Side S.r.l. 8 years Microsoft

More information

FileWave 10 Webinar Q&A

FileWave 10 Webinar Q&A FileWave 10 Webinar Q&A When will 10 be released? October 14 th, but you can sign up today to get into the beta program. Link: www.filewave.com/beta-program How stable is the beta? Should we use it for

More information

VMware Horizon Migration Tool User Guide

VMware Horizon Migration Tool User Guide VMware Horizon Migration Tool User Guide Version 3.0.0 August 2017 VMware End User Computing 1/31 @2017 VMware, Inc. All rights reserved. @2017 VMware, Inc. All rights reserved. This product is protected

More information

FRONT USER GUIDE Getting Started with Front

FRONT USER GUIDE Getting Started with Front USER GUIDE USER GUIDE Getting Started with Front ESSENTIALS Teams That Use Front How To Roll Out Front Quick Start Productivity Tips Downloading Front Adding Your Team Inbox Add Your Own Work Email Update

More information

BoF: Grafeas Using Artifact Metadata to Track and Govern Your Software Supply Chain

BoF: Grafeas Using Artifact Metadata to Track and Govern Your Software Supply Chain BoF: Grafeas Using Artifact Metadata to Track and Govern Your Software Supply Chain Wendy Dembowski, Staff Software Engineer, Google Stephen Elliott, Product Manager, Google Why are these questions so

More information

Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP

Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP Do Containers Enhance Application Level Security? Benjy Portnoy, CISA, CISSP # whoami BlueCoat-> Symantec Director, DevSecOps @AquaSecTeam I know, I ll use Ruby on Rails! * Thanks To Jim Brickman@gruntwork.io

More information

MuleSoft Runtime EE 3.8.x Docker Image

MuleSoft Runtime EE 3.8.x Docker Image ms3-inc.com JAN. 2018 MuleSoft Runtime EE 3.8.x Docker Image Matteo Picciau MOUNTAIN STATE SOFTWARE SOLUTIONS WHO ARE WE? Founded in January 2010, Mountain State Software Solutions, LLC (MS³) is a Global

More information

Kollaborate Server. Installation Guide

Kollaborate Server. Installation Guide 1 Kollaborate Server Installation Guide Kollaborate Server is a local implementation of the Kollaborate cloud workflow system that allows you to run the service in-house on your own server and storage.

More information

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation

More information

THE ROUTE TO ROOTLESS

THE ROUTE TO ROOTLESS THE ROUTE TO ROOTLESS THE ROUTE TO ROOTLESS BILL AND TED'S ROOTLESS ADVENTURE THE ROUTE TO ROOTLESS WHAT SECURITY PROBLEM IS GARDEN SOLVING IN CLOUD FOUNDRY? THE PROBLEM IN CLOUD FOUNDRY Public Multi-Tenant

More information

MesosCon Qian Zhang (IBM China), Jie Yu (Mesosphere) OCI Support in Mesos Mesosphere, Inc. All Rights Reserved. 1

MesosCon Qian Zhang (IBM China), Jie Yu (Mesosphere) OCI Support in Mesos Mesosphere, Inc. All Rights Reserved. 1 MesosCon 2017 - Qian Zhang (IBM China), Jie Yu (Mesosphere) OCI Support in Mesos 2016 Mesosphere, Inc. All Rights Reserved. 1 Qian Zhang Software Engineer Jie Yu Software Engineer zhq527725@gmail.com jie@mesosphere.io

More information

Managing Configuration Drift and Auditing with Salt. Duncan Mac-Vicar P. Director, Data Center Management R&D, SUSE

Managing Configuration Drift and Auditing with Salt. Duncan Mac-Vicar P. Director, Data Center Management R&D, SUSE Managing Configuration Drift and Auditing with Salt Duncan Mac-Vicar P. Director, Data Center Management R&D, SUSE dmacvicar@suse.com How to manage infrastructure? 2 Sysadmin Alexis #!/bin/bash cat

More information

Baremetal with Apache CloudStack

Baremetal with Apache CloudStack Baremetal with Apache CloudStack ApacheCon Europe 2016 Jaydeep Marfatia Cloud, IOT and Analytics Me Director of Product Management Cloud Products Accelerite Background Project lead for open source project

More information

CLOUD WORKLOAD SECURITY

CLOUD WORKLOAD SECURITY SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly

More information

Administering Apache Geronimo With Custom Server Assemblies and Maven. David Jencks

Administering Apache Geronimo With Custom Server Assemblies and Maven. David Jencks Administering Apache Geronimo With Custom Server Assemblies and Maven David Jencks 1 What is Geronimo? JavaEE 5 certified application server from Apache Modular construction Wires together other projects

More information

How to construct a sustainable vulnerability management program

How to construct a sustainable vulnerability management program How to construct a sustainable vulnerability management program 1 #whoami -Howard Tsui -Senior Threat and Vulnerability Management Engineer -Financial industry in the United States -Contact teaupdate12@gmail.com

More information

TM DevOps Use Case. 2017TechMinfy All Rights Reserved

TM DevOps Use Case. 2017TechMinfy All Rights Reserved Document Details Use Case Name TMDevOps Use Case03 First Draft 01 st Dec 2017 Author Reviewed By Prabhakar D Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Use Case Description... 4 Primary

More information

MySQL and Docker Strategies Patrick Galbraith Giuseppe Maxia

MySQL and Docker Strategies Patrick Galbraith Giuseppe Maxia MySQL and Docker Strategies Patrick Galbraith Giuseppe Maxia About the speakers Patrick Galbraith (patg@patg.net) HP Advanced Technology Group Has worked at Blue Gecko, MySQL AB, Classmates, Slashdot,

More information

MANAGING MESOS, DOCKER, AND CHRONOS WITH PUPPET

MANAGING MESOS, DOCKER, AND CHRONOS WITH PUPPET Roger Ignazio PuppetConf 2015 MANAGING MESOS, DOCKER, AND CHRONOS WITH PUPPET 2015 Mesosphere, Inc. All Rights Reserved. 1 $(whoami) ABOUT ME Roger Ignazio Infrastructure Automation Engineer @ Mesosphere

More information

Cloud Foundry Diego: The New Cloud Runtime. Heterogeneous Container Scheduling, Docker & More

Cloud Foundry Diego: The New Cloud Runtime. Heterogeneous Container Scheduling, Docker & More Cloud Foundry Diego: The New Cloud Runtime Heterogeneous Container Scheduling, Docker & More How many people here are already running containers? Cloud Native Application Platform A single API for managing

More information

Secure and Simple Sandboxing in SELinux

Secure and Simple Sandboxing in SELinux Secure and Simple Sandboxing in SELinux James Morris jmorris@namei.org FOSS.my 2009 Kuala Lumpur, Malaysia Overview Sandboxing SELinux Sandbox design and implementation Use examples Status and future directions

More information

Project CIP Modifications

Project CIP Modifications Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization in the CIP Environment April 18, 2017 Administrative Items NERC Antitrust Guidelines It

More information