Container-Native Applications
|
|
- Andrew Cox
- 5 years ago
- Views:
Transcription
1 Container-Native Applications Security, Logging, Tracing Matthias DOAG 2018 Exa & Middleware Days, 2018/06/19
2 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS Tracing Service Mesh Lessons Learned Agenda 3
3 Microservices Example Flow Implementatition Cloud Access through Loadbalancer Login with OAuth Angular App Logging Tracing Docker Images Logging Service Docker Container Frontend Frontend Angular/nginx Angular/nginx Loadbalancer Services Services Rest/Spring Services Resource Rest/Spring Server Resource Rest/Spring Server Resource Server Login Web Service Call Web Page Call App Authorization Server OAuth Persistence Logging 4 4
4 Integrated Cloud Services Logging Oracle Management Cloud (Agents) Elastic Search Kibana (Cloud Watch, Lamdba, Elastic) Authentication/Authorization Oracle Identity Service Cognito, Keycloak, OAM, Ping Identity Docker Services Infrastructure Container Service - Kubernetes Enterprise Container Services (AWS), Openshift Google Kubernetes Engine Service Rest/Spring Resource Servce Server Rest/Spring Resource Server Service Logging Identity Container 5
5 Parameter More Cloud Services Object Storage, maybe File Storage? Oracle Key Vault (Cloud ready?) Identity and Access Management (IAM) AWS Secrets Manager Hashicorp Vault S3 Buckets, Systems Manager Parameter Store Secrets 6
6 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS Tracing Service Mesh Lessons Learned Agenda 7
7 Container Services Application Container (PaaS) Container Service Classic (IaaS) Oracle Cloud Infrastructure (OCI) Own VMs or Bare Metal Kubernetes (wercker) 8
8 Kubernetes in Oracle Cloud 9
9 Kubernetes Architecture 10
10 11
11 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS Tracing Service Mesh Lessons Learned Agenda 13
12 Logging/Monitoring Cloud Services Self Service Logging Services Services Services Services Agent Infrastructure Data Metric App Data Cloud Service Dashboard Analyze 14
13 Oracle Cloud Agent Cloud agents on hosts where entities are running. Cloud agents collect metrics and logs data that is processed, analyzed and visualized in Oracle Management Cloud. APM agents specifically for monitoring applications end to end. APM agents can be configured for a wide range of application servers and they collect metrics that are processed, analyzed and visualized in Oracle Application Performance Monitoring. 15
14 Logging in Microservices Centralize and Externalize Log Storage Log Structured Data Correlation IDs Dynamic Logging Levels and async Logging For analyses and search, user information, security concept 18
15 Log View Kibana/Lambda/CloudWatch Oracle 19
16 Logging in Microservices User information Security aware Security Concept Security Correlation ID Basic for Tracing Common log structure (JSON, XML,..) Tracing 20
17 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS Tracing Service Mesh Lessons Learned Agenda 22
18 IAAA Framework for Microservices APIs Identification Must support multiple identities and attributes (end users, system components, domains) Authentication Must support multiple authentication methods as well as delegated authentication Authorization Authorization for a single request may be decided at multiple points in the request path Accountability Capture of relevant security data or metadata from API messages 23
19 Current Approches Network Network-Level Controls Localhost, Network isolation SSL SPIFFE SPIFFE Secure Production Identity Framework for Everyone SPIFFE is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments Infra Tookens Application-Level Controls (Tokens) Oauth, OpenID Connect, JWT Infrastructure API Intermediaries API Gateway, Service Proxies Network Overlays Kubernetes, CloudFoundry, AWS IAM, Rules SAML Next Application-Level Controls (Traditional) Cookie-based Sessions, SAML Emerging Approaches Serverless, Service Mesh Istio, nginx DHARMA Foundational Concepts 24
20 Network: TLS, SSL, openssl TLS separate protocol mostly based on HTTP As interceptor between existing protocols e.g. HTTP - TCP Interceptor on other application protocols (SMTP, Kafka,..) Transparent out of the scope of user or client Not possible with all transport protocols e.g. UDP Always use it
21 Network: TLS, SSL, openssl Higher Layer Handshake Change Cipher Spec, depends on handshake Alert Protocol Application Data Protocol TLS Layer Fragment Compression Encrypt to cipher spec Add Header Application Layer e.g. HTTP SSL/TLS Higher Layer Subprotocol TLS Layer Subprotocol Transport Layer TCP Network Layer IP
22 Modern Secret Managements with Vault, HashiCorp 28
23 Tokens: OAuth 2.0/(OpenID Connect) OAuth History Open Authorization ca. 2008: OAuth 1.0 IETF Group 2012: OAuth 2.0 ca OpenID Connect (Extension ofoauth 2.0) Before: SAML - SSO for web applications Security Assertation Markup Language SAML since 2002, SAML
24 Java Script Third Party Implicit Redirect/Callback Call: response_type=access_token& client_id&redirect_uri Response: Access Token Refresh Token Authorization Code OAuth Resource Owner Credentials Backward OAuth 1.0 Call: Response: grant_type=password Username/password + Client credentials Access Token or Refresh Token Redirect/Callback Call: Response_type=code& client_id&redirect_uri Response: Authorization Code 2 Trip: Access Token Client Credential Call: Response: Client: grant_type=client_credentials Client_id/client_secret Access Token Application 30
25 Infra: API or Access Gateway API Gateway Central Midtier Loadbalncer Switches Security Many more Features like throttling or routing Loadbalancer Other Services Tokens Mutual TLS API GAteway e.g. SSL+Header Information Docker Container Services Frontend Services Frontend Rest/Spring Services Angular/nginx Angular/nginx Resource Rest/Spring Server Resource Rest/Spring Server Resource Server 32
26 Infra: Example Access GW Access Mgmt Proxy OpenID Token Identity Federation Mutual TLS CloudFoundry Routing TLS Authentication Header Mutual TLS 3rd Party 33 LDAP Login, Token App -> Auth Service Apps Apps Apps
27 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS Tracing Service Mesh Lessons Learned Agenda 34
28 Tracing Wikipedia: In software engineering, tracing involves a specialized use of logging to record information about a program's execution. This information is typically used by programmers for debugging purposes, and additionally, depending on the type and detail of information contained in a trace log, by experienced system administrators or technical-support personnel and by software monitoring tools to diagnose common problems with software. Tracing is a cross-cutting concern. 35
29 Microservice and Tracing Distributed Tracing Collect all Traces on central position Correlated our tracing Information Extended Logging Create Correlation ID Take existing Correlation ID Collect central for analyze 36
30 Poor Man's Distributed Tracing One solution is at the beginning of the call chain we can create a CORRELATION_ID and add it to all log statements. Along with it, send CORRELATION_ID as a header to all the downstream services as well so that those downstream services also use CORRELATION_ID in logs. This way we can identify all the log statements related to a particular action across services distributed-tracing-with-spri
31 Where to create Correlation ID 1. Client 2. LB API GW 3. Identity 4. First Service Docker Container Frontend Frontend Angular/nginx Angular/nginx 2 1 Loadbalancer/ API Gateway Services Services Rest/Spring Services Resource Rest/Spring Server Resource Rest/Spring Server Resource Server 4 Authorization Server OAuth 3 Persistence Logging 38
32 Enterprise Way: Correlation IDs Identity ECID Execution Context ID Down to DB Header trace and span ids Header X-Amzn- Trace-Id Header X-ORACLE-DMS-ECID X-ORACLE-DMS-RID or build your own library 39
33 Example: ID Tracing shared Library 40
34 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS Tracing Service Mesh Lessons Learned Agenda 43
35 Service Mesh - Istio Standard: Docker Container Frontend Angular/nginx Services Rest/Spring Resource Server Docker Container Istio Sidecar: Proxy Frontend Angular/nginx Proxy Services Rest/Spring Resource Server 44
36 Istio Detail - Sidecar 45
37 Example View 46
38 Service Mesh - Istio Easy To use Quick implementation Easy Monitoring For Correlation ID extra dependency Complex Architecture 47
39 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS Tracing Service Mesh Lessons Learned Agenda 48
40 Lessons Learned Infrastructure and Development, DevOps Prepare your Infrastructure with logging etc. Start setup infrastructure from first development Logging, Tracing isn t easy User authentication/authorization Choose your way to authenticate user Maybe cloud Services are the fastest way, but customization Using open source Frameworks, Cloud Services or enterprise apps? The key for success 49
41 50
Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationQualys Cloud Platform (VM, PC) v8.x Release Notes
Qualys Cloud Platform (VM, PC) v8.x Release Notes Version 8.18.1 April 1, 2019 This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance.
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationNGINX: From North/South to East/West
NGINX: From North/South to East/West Reducing Complexity with API and Microservices Traffic Management and NGINX Plus Speakers: Alan Murphy, Regional Solution Architect, APAC September, 2018 About NGINX,
More informationForgeRock Access Management Core Concepts AM-400 Course Description. Revision B
ForgeRock Access Management Core Concepts AM-400 Course Description Revision B ForgeRock Access Management Core Concepts AM-400 Description This structured course comprises a mix of instructor-led lessons
More informationARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC MAINFLUX
ARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC CEO @ MAINFLUX Outline Internet of Things (IoT) Common IoT Project challenges - Networking - Power Consumption - Computing Power - Scalability
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationHow to use or not use the AWS API Gateway for Microservices
How to use or not use the AWS API Gateway for Microservices Presented by Dr. Martin Merck Wednesday 26 September 2018 What is an API Gateway Traits AWS API Gateway Features of API gateway OAuth2.0 Agenda
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationIdentity Management and Compliance in OpenShift
Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationOPENSHIFT 3.7 and beyond
OPENSHIFT 3.7 and beyond Qu est qu un conteneur? APPLICATIONS INFRASTRUCTURE 2 Processus sur un système d exploitation Applications et toutes ses dépendances Plus simple, léger et dense des VMs Portable
More informationSECURE YOUR INTEGRATIONS. Maarten Smeets
SECURE YOUR INTEGRATIONS Maarten Smeets 07-06-2018 About Maarten Integration consultant at AMIS since 2014 Several certifications SOA, BPM, MCS, Java, SQL, PL/SQL, Mule, AWS, etc Enthusiastic blogger http://javaoraclesoa.blogspot.com
More informationMSB to Support for Carrier Grade ONAP Microservice Architecture. Huabing Zhao, PTL of MSB Project, ZTE
MSB to Support for Carrier Grade ONAP Microservice Architecture Huabing Zhao, PTL of MSB Project, ZTE ONAP Architecture Principle: Microservices ONAP Architecture Principle: ONAP modules should be designed
More informationEasily Secure your Microservices with Keycloak. Sébastien Blanc Red
Easily Secure your Microservices with Keycloak Sébastien Blanc Red Hat @sebi2706 Keycloak? Keycloak is an open source Identity and Access Management solution aimed at modern applications and services.
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Exam Design Target Audience Candidates of this exam are experienced in designing, programming, implementing, automating, and monitoring Microsoft Azure solutions.
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Create and Manage Azure Resource Manager Virtual Machines
More informationUnified Secure Access Beyond VPN
Unified Secure Access Beyond VPN Luboš Klokner F5 Systems Engineer lubos@f5.com +421 908 755152 @lklokner Humans v. Technology F5 Networks, Inc Agenda Introduction General APM Use-Cases APM Use-Cases from
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM
JOINT SOLUTION BRIEF ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM DIAMANTI PLATFORM AT A GLANCE Modern load balancers which deploy as
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationA Comparision of Service Mesh Options
A Comparision of Service Mesh Options Looking at Istio, Linkerd, Consul-connect Syed Ahmed - CloudOps Inc Introduction About Me Cloud Software Architect @ CloudOps PMC for Apache CloudStack Worked on network
More informationCloud I - Introduction
Cloud I - Introduction Chesapeake Node.js User Group (CNUG) https://www.meetup.com/chesapeake-region-nodejs-developers-group START BUILDING: CALLFORCODE.ORG 3 Agenda Cloud Offerings ( Cloud 1.0 ) Infrastructure
More informationMigrating Hundreds of Legacy Applications to Josef Adersberger, CTO,
proud CNCF member } Migrating Hundreds of Legacy Applications to Josef Adersberger, CTO, QAware @adersberger THE GOOD, THE BAD, THE UGLY RESILIENT HYPERSCALE SPEED OPEX SAVINGS Let s bring all our web
More informationManaging your microservices with Kubernetes and Istio. Craig Box
Managing your microservices with Kubernetes and Istio Craig Box Agenda What is a Service Mesh? How we got here: a story Architecture and details Q&A 2 What is a service mesh? A network for services, not
More informationIstio. A modern service mesh. Louis Ryan Principal
Istio A modern service mesh Louis Ryan Principal Engineer @ Google @louiscryan My Google Career HTTP Reverse Proxy HTTP HTTP2 GRPC Reverse Proxy Reverse Proxy HTTP API Proxy HTTP Control Plane HTTP2 GRPC
More informationEn partenariat avec CA Technologies. Genève, Hôtel Warwick,
SIGS Afterwork Event in Geneva API Security as Part of Digital Transformation Projects The role of API security in digital transformation Nagib Aouini, Head of Cyber Security Services Defense & Cyber Security
More informationEnterprise Node.js Support
Enterprise Node.js Support From One Practitioner To The Next As a founding member of the We began our journey with Node.js in 2010, having found a runtime Cloud Native Computing that would allow us to
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationDistributed API Management in a Hybrid Cloud Environment
Distributed API Management in a Hybrid Cloud Environment Thomas Siegrist, Head of Integration, SBB Christian Sanabria, Principal Architect, ipt Chris Eberle, Senior Solution Architect, Red Hat Storyline
More informationService Mesh with Istio on Kubernetes. Dmitry Burlea Software FlixCharter
Service Mesh with Istio on Kubernetes Dmitry Burlea Software Developer @ FlixCharter Road to Microservices Monolith (all-in-one) Road to Microservices Images from http://amazon.com/ Road to Microservices
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationIntegration Patterns for Legacy Applications
Integration Patterns for Legacy Applications Index Why should I integrate my apps with Okta? 3 Scope 5 When to use this ebook 6 How to read this ebook 7 Integration patterns supported by Okta 8 RADIUS
More informationOAuth and OpenID Connect (IN PLAIN ENGLISH)
OAuth and OpenID Connect (IN PLAIN ENGLISH) NATE BARBETTINI @NBARBETTINI @OKTADEV A lot of confusion around OAuth. Terminology and jargon Incorrect advice Identity use cases (circa 2007) Simple login forms
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationAPI MANAGEMENT WITH WEBMETHODS
API MANAGEMENT WITH WEBMETHODS Subhash Ramachandran SVP, Product Management & Marketing DIGITAL TRANSFORMATION #WITHOUTCOMPROMISE 2017 Software AG. All rights reserved. WEBMETHODS API MANAGEMENT PLATFORM
More informationOpenShift on Public & Private Clouds: AWS, Azure, Google, OpenStack
OpenShift on Public & Private Clouds: AWS, Azure, Google, OpenStack Chris Morgan, Technical Director, OpenShift Ecosystem Chuck Svoboda, Cloud Specialist, Federal Solutions June 29, 2016 Agenda What is
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More informationThe Modern Web Access Management Platform from on-premises to the Cloud
The Modern Web Access Management Platform from on-premises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and
More informationSecuring the Elastic Stack
Securing the Elastic Stack Jay Modi, Security Software Engineer Tim Vernum, Security Software Engineer Elastic March 1st, 2018 @jaymode2001 @TimVernum Authentication Who are you? 3 Built-in Users elastic
More informationForgeRock Access Management Customization and APIs
training@forgerock.com ForgeRock Access Management Customization and APIs Description AM-421 Course Description Revision B This course provides a hands-on technical introduction to ForgeRock Access Management
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationGoing Serverless. Building Production Applications Without Managing Infrastructure
Going Serverless Building Production Applications Without Managing Infrastructure Objectives of this talk Outline what serverless means Discuss AWS Lambda and its considerations Delve into common application
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationBig Data Security. Facing the challenge
Big Data Security Facing the challenge Experience the presentation xlic.es/v/e98605 About me Father of a 5 year old child Technical leader in Architecture and Security team at Stratio Sailing skipper 3
More informationzentrale Sicherheitsplattform für WS Web Services Manager in Action: Leitender Systemberater Kersten Mebus
Web Services Manager in Action: zentrale Sicherheitsplattform für WS Kersten Mebus Leitender Systemberater Agenda Web Services Security Oracle Web Service Manager Samples OWSM vs
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationONAP Security using trusted solutions. Intel & Tech Mahindra
ONAP Security using trusted solutions Intel & Tech Mahindra Agenda Threats overview and Mitigations Certificate Management Secret Management Typical Threats in Micro Service Architecture Threats Credential
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationRed Hat Roadmap for Containers and DevOps
Red Hat Roadmap for Containers and DevOps Brian Gracely, Director of Strategy Diogenes Rettori, Principal Product Manager Red Hat September, 2016 Digital Transformation Requires an evolution in... 2 APPLICATIONS
More informationIngress Kubernetes Tutorial
Ingress Kubernetes Tutorial 1 / 6 2 / 6 3 / 6 Ingress Kubernetes Tutorial Edit This Page. Ingress. An API object that manages external access to the services in a cluster, typically HTTP. Ingress can provide
More informationOpenShift Dedicated 3 Release Notes
OpenShift Dedicated 3 Release Notes Last Updated: 2018-05-17 OpenShift Dedicated 3 Release Notes Legal Notice Copyright 2018 Red Hat, Inc. The text of and illustrations in this document are licensed by
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationDevOps CICD PopUp. Software Defined Application Delivery Fabric. Frey Khademi. Systems Engineering DACH. Avi Networks
DevOps CICD PopUp Software Defined Application Delivery Fabric Systems Engineering DACH Frey Khademi Avi Networks Agenda Avi Introduction - Overview - Architecture - Use Cases Demo Integration Building
More informationHow to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018
How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018 owen@nginx.com All problems in computer science can be solved by another layer of indirection --- David Wheeler, FRS This giant
More informationWSO2 Identity Management
WSO2 Identity Management Panagiotis Kranidiotis panagiotiskranidiotis@gmailcom 4 Νοεμβρίου 2017 Few things about me First engagement with open source technologies in 1995 Open source consultant and systems
More informationAll about SAML End-to-end Tableau and OKTA integration
Welcome # T C 1 8 All about SAML End-to-end Tableau and OKTA integration Abhishek Singh Senior Manager, Regional Delivery Tableau Abhishek Singh Senior Manager Regional Delivery asingh@tableau.com Agenda
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationF5 BIG-IP Access Policy Manager: SAML IDP
Agility 2018 Hands-on Lab Guide F5 BIG-IP Access Policy Manager: SAML IDP F5 Networks, Inc. 2 Contents: 1 Welcome 5 2 Class 1: SAML Identity Provider (IdP) Lab 7 2.1 Lab Topology & Environments...................................
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationSingle Sign-On Best Practices
AUGUST 2018 WHITE PAPER Single Sign-On Best Practices Protecting Access in the Cloud Table of Contents Executive Summary... 3 Objectives... 3 Security Challenges... 4 Standards... 5 Conclusion... 6 Additional
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationElastic Load Balancing. User Guide. Date
Date 2018-07-20 Contents Contents 1 Product Description... 4 1.1 What Is Elastic Load Balancing (ELB)?... 4 1.2 Load Balancer Type... 4 1.3 Basic Architecture... 5 1.3.1 Classic Load Balancer... 5 1.3.2
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationEMS Platform Services Installation & Configuration Guides
EMS Platform Services Installation & Configuration Guides V44.1 Last Updated: August 7, 2018 EMS Software emssoftware.com/help 800.440.3994 2018 EMS Software, LLC. All Rights Reserved. Table of Contents
More informationSSO Integration Overview
SSO Integration Overview 2006-2014 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 7.2 June, 2014 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationStreamSets Control Hub Installation Guide
StreamSets Control Hub Installation Guide Version 3.2.1 2018, StreamSets, Inc. All rights reserved. Table of Contents 2 Table of Contents Chapter 1: What's New...1 What's New in 3.2.1... 2 What's New in
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationRed Hat Quay 2.9 Deploy Red Hat Quay on OpenShift
Red Hat Quay 2.9 Deploy Red Hat Quay on OpenShift Deploy Red Hat Quay on OpenShift Last Updated: 2019-03-11 Red Hat Quay 2.9 Deploy Red Hat Quay on OpenShift Deploy Red Hat Quay on OpenShift Legal Notice
More informationAccelerate at DevOps Speed With Openshift v3. Alessandro Vozza & Samuel Terburg Red Hat
Accelerate at DevOps Speed With Openshift v3 Alessandro Vozza & Samuel Terburg Red Hat IT (R)Evolution Red Hat Brings It All Together What is Kubernetes Open source container cluster manager Inspired by
More informationUser Directories. Overview, Pros and Cons
User Directories Overview, Pros and Cons Overview Secure ISMS can operate with one or more of the following user directories. Secure ISMS Users (ISMS) Internal users local to the Secure ISMS application
More informationIMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.
IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS VMware Identity Manager February 2017 V1 1 2 Table of Contents Overview... 5 Benefits of BIG-IP APM and Identity
More informationCA SSO Cloud-Enabled with SSO/Rest
CA SSO Cloud-Enabled with SSO/Rest SSO/Rest Solves Many Challenges Applications in the Cloud AJAX / Mobile / Thick Client Application Integration "Agent-less" Infrastructure Server-side Application Integration
More informationUser Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017
User Management Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017 Agenda Introduction User Management Federation Objectives 1 Introduction NextGEOSS High-Level Architecture DataHub harvest
More informationCisco Container Platform
Cisco Container Platform Pradnesh Patil Suhail Syed Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationKubernetes: Twelve KeyFeatures
Kubernetes: Twelve KeyFeatures Kubernetes is a Greek word which means helmsman, or the pilot of a ship. It is an open source project that was started by Google and derived from Borg, which is used inside
More informationRed Hat Quay 2.9 Deploy Red Hat Quay - Basic
Red Hat Quay 2.9 Deploy Red Hat Quay - Basic Deploy Red Hat Quay Last Updated: 2018-09-14 Red Hat Quay 2.9 Deploy Red Hat Quay - Basic Deploy Red Hat Quay Legal Notice Copyright 2018 Red Hat, Inc. The
More informationAWS IoT Overview. July 2016 Thomas Jones, Partner Solutions Architect
AWS IoT Overview July 2016 Thomas Jones, Partner Solutions Architect AWS customers are connecting physical things to the cloud in every industry imaginable. Healthcare and Life Sciences Municipal Infrastructure
More informationService Mesh and Related Microservice Technologies in ONAP
Service Mesh and Related Microservice Technologies in ONAP Contributors: Ramki Krishnan (VMware), Srini Addepalli (Intel), Manoj Nair (Net Cracker), Tal Liron (Red Hat), Roger Maitland (Amdocs), Huabing
More informationBeyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service
Beyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it Workshop CCR Rimini, June 12th 2018 INDIGO
More informationIBM Watson Content Hub. Architecture Overview
IBM Watson Content Hub Architecture Overview Watson Content Hub supports a new omni-channel approach with a headless CMS Treat content as a system of record Separated content & presentation Access content
More informationGuidelines on non-browser access
Published Date: 13-06-2017 Revision: 1.0 Work Package: Document Code: Document URL: JRA1 AARC-JRA1.4F https://aarc-project.eu/wp-content/uploads/2017/03/aarc-jra1.4f.pdf 1 Table of Contents 1 Introduction
More informationDesign and development of a distributed, secure and resilient vault management system
Design and development of a distributed, secure and resilient vault management system Mathonet G. University of Liège, Belgium June 2017 Mathonet G. (University of Liège, Belgium) Design and development
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationSecDevOps Securing DevOps. Aarno Aukia VSHN AG The DevOps Company
SIGS Technology Conference 16.05.2017 SecDevOps Securing DevOps Aarno Aukia VSHN AG The DevOps Company Agenda About Aarno / VSHN Agile Software Engineering Agile Infrastructure Engineering Agile Security
More informationRSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013
Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate
More informationSetting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager
Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager Setting Up Resources in VMware Identity Manager (SaaS) You can find the most up-to-date technical documentation
More information