TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist"

Transcription

1 TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist

2 WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes on a shared Linux OS kernel Simpler, lighter, and denser than virtual machines Portable across different environments 2 APPLICATIONS Package my application and all of its dependencies Deploy to any environment in seconds and enable CI/CD Easily access and share containerized components

3 SECURING CONTAINERS: LAYERS & LIFECYCLE 1. Container Host & Multi-tenancy 2. Container Content 3. Container Registries 4. Building Containers 5. Deploying Containers Container Platform Network Isolation Storage API Management Federated Clusters

4 1 CONTAINER HOST & MULTI-TENANCY THE OS MATTERS RED HAT ENTERPRISE LINUX RED HAT ENTERPRISE LINUX ATOMIC HOST THE FOUNDATION FOR SECURE, SCALABLE CONTAINERS A stable, reliable host environment with built-in security features that allow you to isolate containers from other containers and from the kernel. SELinux 4 Kernel namespaces Minimized host environment tuned for running Linux containers while maintaining the built-in security features of Red Hat Enterprise Linux.. Cgroups Seccomp

5 2 CONTENT: USE TRUSTED SOURCES Are there known vulnerabilities in the application layer? Are the runtime and OS layers up to date? How frequently will the container be updated and how will I know when it s updated? Red Hat rebuilds container images when security fixes are released 5

6 PRIVATE REGISTRIES: 3 SECURE ACCESS TO IMAGES Image governance and private registries 6 What security meta-data is available for your images? Are the images in the registry updated regularly? Are there access controls on the registry? How strong are they? CONTAINER APP RUNTIME OS HOST OS Red Hat Container Registry Policies to control who can deploy which containers Certification Catalog Trusted content with security updates CONTAINER APP RUNTIME OS HOST OS

7 4 MANAGING CONTAINER BUILDS Security & continuous integration 7 Layered packaging model supports separation of concerns Integrate security testing into your build / CI process Use automated policies to flag builds with issues Trigger automated rebuilds Operations Architects Application developers

8 5 MANAGING CONTAINER DEPLOYMENT Security & continuous deployment 8 Monitor image registry to automatically replace affected images Use policies to gate what can be deployed: e.g. if a container requires root access, prevent deployment

9 6 SECURING THE CONTAINER PLATFORM Use a container orchestration platform with integrated security features including 9 Role-based Access Controls with LDAP and OAuth integration Platform multitenant security Image signing Secrets management Enable integration with the security ecosystem

10 7 NETWORK DEFENSE Use network namespaces to 10 Isolate applications from other applications within a cluster Isolate environments (Dev / Test / Prod) from other environments within a cluster

11 8 ATTACHED STORAGE Secure storage by using 11 SELinux access controls Secure mounts Supplemental group IDs for shared storage

12 9 API MANAGEMENT Container platform & application APIs 12 Authentication and authorization LDAP integration End-point access controls Rate limiting

13 10 FEDERATED CLUSTERS ROLES & ACCESS MANAGEMENT Securing federated clusters across data centers or environments 13 Authentication and authorization API endpoints Secrets Namespaces Source: Building Globally Distributed Services using Kubernetes Cluster Federation. October 14, 2016

14 THE SECURITY ECOSYSTEM For enhanced security, or to meet existing policies, integrate with enterprise security tools, such as 14 Identity and Access management / Privileged Access Management External Certificate Authorities External Vaults / Key Management solutions Container content scanners & vulnerability management tools Container runtime analysis tools Security Information and Event Monitoring (SIEM)

15 BRINGING IT ALL TOGETHER Self-Service Service Catalog Web & Mobile (Language Runtimes, Middleware, Databases) Contaner Build Automation Deployment Automation OpenShift Application Lifecycle Management (CI/CD) Container Orchestration & Cluster Management (kubernetes) Networking Storage Registry Logs & Metrics Security Infrastructure Automation & Cockpit Enterprise Container Host Container Runtime & Packaging (Docker) Atomic Host 15 Physical Red Hat Enterprise Linux Data & Storage Container Virtual Integration Container Business Automation Container Private cloud Public cloud

16 MORE INFORMATION Red Hat OpenShift Why Choose Red Hat Containers? Ten Layers of Container Security whitepaper Security Practices in OpenShift at Amadeus KeyBank Goes Cloud-Native 16

17 THANK YOU & QUESTIONS Contacting me: 17

18 SECURITY ECOSYSTEM: OPENSHIFT PRIMED nuagenetworks Sysdig NGINX f5 Tremolo big switch Contiv NeuVector Cisco Contiv Signal Sciences JFrog, Inc. 18 Sonatype Black Duck AquaSecurity dynatrace Aporeto Treasure Data

Red Hat Roadmap for Containers and DevOps

Red Hat Roadmap for Containers and DevOps Red Hat Roadmap for Containers and DevOps Brian Gracely, Director of Strategy Diogenes Rettori, Principal Product Manager Red Hat September, 2016 Digital Transformation Requires an evolution in... 2 APPLICATIONS

More information

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform.

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform. Taming your heterogeneous cloud with Red Hat OpenShift Container Platform martin@redhat.com Business Problem: Building a Hybrid Cloud solution PartyCo Some Bare Metal machines Mostly Virtualised CosPlayUK

More information

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION Stephanos D Bacon Product Portfolio Strategy, Application Platforms Stockholm, 13 September 2017 1 THE PATH TO DIGITAL LEADERSHIP IT

More information

RED HAT'S CONTAINER STRATEGY. Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015

RED HAT'S CONTAINER STRATEGY. Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015 RED HAT'S CONTAINER STRATEGY Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015 1 DEVELOPMENT VS I.T. OPERATIONS DEVELOPER IT OPERATIONS 2 DEVELOPERS WANT TO GO FAST DEVELOPER 3 HOW

More information

Identity Management and Compliance in OpenShift

Identity Management and Compliance in OpenShift Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business

More information

CONTAINERS AND MICROSERVICES WITH CONTRAIL

CONTAINERS AND MICROSERVICES WITH CONTRAIL CONTAINERS AND MICROSERVICES WITH CONTRAIL Scott Sneddon Sree Sarva DP Ayyadevara Sr. Director Sr. Director Director Cloud and SDN Contrail Solutions Product Line Management This statement of direction

More information

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat Linux Containers Roadmap Red Hat Enterprise Linux 7 RC Bhavna Sarathy Senior Technology Product Manager, Red Hat Linda Wang Senior Eng. Manager, Red Hat Bob Kozdemba Principal Soln. Architect, Red Hat

More information

Multi-Arch Layered Image Build System

Multi-Arch Layered Image Build System Multi-Arch Layered Image Build System PRESENTED BY: Adam Miller Fedora Engineering, Red Hat CC BY-SA 2.0 Today's Topics Define containers in the context of Linux systems Brief History/Background Container

More information

Cisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany

Cisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany Cisco Cloud Strategy Uwe Müller Leader PreSales Cloud & Datacenter Germany 277X Data created by IoE devices v. end-user 30M New devices connected every week 180B Mobile apps downloaded in 2015 78% Workloads

More information

TRAINING AND CERTIFICATION UPDATE

TRAINING AND CERTIFICATION UPDATE TRAINING AND CERTIFICATION UPDATE Red Hat Enterprise User Group Twin Cities Steve Bonneville Manager, Curriculum Development / Red Hat November 11, 2015 RED HAT LEARNING SUBSCRIPTION One year access to

More information

A Greybeard's Worst Nightmare

A Greybeard's Worst Nightmare A Greybeard's Worst Nightmare How Kubernetes and Containers are re-defining the Linux OS Daniel Riek, Red Hat April 2017 Greybeard Greybeards fight Balrogs. They hate systemd. They fork distributions.

More information

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect What s New in Red Hat OpenShift Container Platform 3.4 Torben Jäger Red Hat Solution Architect OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9 Red Hat

More information

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2 CNA1699BE Running Docker on your Existing Infrastructure with vsphere Integrated Containers VMworld 2017 Content: Not for publication Martijn Baecke, Robbie Jerrom #vmworld #CNA1699BE VMworld 2017 Robbie

More information

Containers Infrastructure for Advanced Management. Federico Simoncelli Associate Manager, Red Hat October 2016

Containers Infrastructure for Advanced Management. Federico Simoncelli Associate Manager, Red Hat October 2016 Containers Infrastructure for Advanced Management Federico Simoncelli Associate Manager, Red Hat October 2016 About Me Kubernetes Decoupling problems to hand out to different teams Layer of abstraction

More information

A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West

A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES Chris Van Tuin Chief Technologist, West cvantuin@redhat.com Open Source V In short, software is eating the world. - Marc Andreessen, Wall Street Journal,

More information

LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER

LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Flexible and connected platforms are core components in leading computing fields, including

More information

Docker CaaS. Sandor Klein VP EMEA

Docker CaaS. Sandor Klein VP EMEA Docker CaaS Sandor Klein VP EMEA The Docker mission Build Ship Run Distributed Applica ons Anywhere Docker Driving the Containerization Movement Build, Ship, Run Distributed Applications Anywhere Docker

More information

Microservices with Red Hat. JBoss Fuse

Microservices with Red Hat. JBoss Fuse Microservices with Red Hat Ruud Zwakenberg - ruud@redhat.com Senior Solutions Architect June 2017 JBoss Fuse and 3scale API Management Disclaimer The content set forth herein is Red Hat confidential information

More information

Creating a Reproducible Build System for Docker Images

Creating a Reproducible Build System for Docker Images Creating a Reproducible Build System for Docker Images PRESENTED BY: Adam Miller Fedora Engineering, Red Hat CC BY-SA 2.0 Today's Topics Define containers in the context of Linux systems Brief History/Background

More information

Red Hat Containers Roadmap. Red Hat A panel of product directors

Red Hat Containers Roadmap. Red Hat A panel of product directors Red Hat Containers Roadmap Red Hat A panel of product directors Joe Fernandes Sr. Director Product Mgmt, Red Hat Rich Sharples Sr. Director of Product Mgmt, Red Hat Sayan Saha Sr. Manager of Product Mgmt,

More information

CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE

CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE JAN WILLIES Global Kubernetes Lead at Accenture Technology jan.willies@accenture.com CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE SVEN MENTL Cloud-native at Accenture Technology ASG sven.mentl@accenture.com

More information

RED HAT GLUSTER TECHSESSION CONTAINER NATIVE STORAGE OPENSHIFT + RHGS. MARCEL HERGAARDEN SR. SOLUTION ARCHITECT, RED HAT BENELUX April 2017

RED HAT GLUSTER TECHSESSION CONTAINER NATIVE STORAGE OPENSHIFT + RHGS. MARCEL HERGAARDEN SR. SOLUTION ARCHITECT, RED HAT BENELUX April 2017 RED HAT GLUSTER TECHSESSION CONTAINER NATIVE STORAGE OPENSHIFT + RHGS MARCEL HERGAARDEN SR. SOLUTION ARCHITECT, RED HAT BENELUX April 2017 AGENDA Why OpenShift? The Journey So Far for OpenShift Storage

More information

EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER

EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER 2 WHY KUBERNETES? Kubernetes is an open-source container orchestrator for deploying and managing containerized applications. Building on 15 years of experience

More information

Containerization Dockers / Mesospere. Arno Keller HPE

Containerization Dockers / Mesospere. Arno Keller HPE Containerization Dockers / Mesospere Arno Keller HPE What is the Container technology Hypervisor vs. Containers (Huis vs artement) A container doesn't "boot" an OS instead it loads the application and

More information

Flip the Switch to Container-based Clouds

Flip the Switch to Container-based Clouds Flip the Switch to Container-based Clouds B I L L B O R S A R I D I R E C T O R, S Y S T E M S E N G I N E E R I N G 1 November 2017 1 2017 Datera Datera at a Glance Founded 2013 Smart storage for clouds

More information

I keep hearing about DevOps What is it?

I keep hearing about DevOps What is it? DevOps & OpenShift I keep hearing about DevOps What is it? FOR MANY ORGANIZATIONS, WHAT IS I.T. LIKE TODAY? WATERFALL AND SILOS Application Version X DEVELOPMENT OPERATIONS IT OPS IS UNDER PRESSURE ENVIRONMENT

More information

Docker and Oracle Everything You Wanted To Know

Docker and Oracle Everything You Wanted To Know Docker and Oracle Everything You Wanted To Know June, 2017 Umesh Tanna Principal Technology Sales Consultant Oracle Sales Consulting Centers(SCC) Bangalore Safe Harbor Statement The following is intended

More information

One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co.

One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co. One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co thomas@endocode.com HI! Thomas Fricke thomas@endocode.com CTO Endocode System Automation DevOps Cloud, Database and Software Architect

More information

A10 HARMONY CONTROLLER

A10 HARMONY CONTROLLER DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for

More information

Table of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine

Table of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine Table of Contents Overview Containers, Docker, Registries vsphere Integrated Containers Engine Management Portal Registry Roles and Personas 1.1 1.1.1 1.1.2 1.1.2.1 1.1.2.2 1.1.2.3 1.1.2.4 2 Overview of

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015 Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services Redhat Summit 2015 Agenda Introduction Why Application Centric Application Deployment Options What is Microservices Infrastructure

More information

Containers & Microservices For Realists. Karthik

Containers & Microservices For Realists. Karthik Containers & Microservices For Realists Karthik Gaekwad @iteration1 Karthik Gaekwad @iteration1 Principal Member of Technical Staff Oracle Container Cloud Team Previous: 10 years building cloud products

More information

Cloud Foundry Diego: The New Cloud Runtime. Heterogeneous Container Scheduling, Docker & More

Cloud Foundry Diego: The New Cloud Runtime. Heterogeneous Container Scheduling, Docker & More Cloud Foundry Diego: The New Cloud Runtime Heterogeneous Container Scheduling, Docker & More How many people here are already running containers? Cloud Native Application Platform A single API for managing

More information

70-532: Developing Microsoft Azure Solutions

70-532: Developing Microsoft Azure Solutions 70-532: Developing Microsoft Azure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Create and Manage Azure Resource Manager Virtual Machines

More information

OPENSHIFT 3.7 and beyond

OPENSHIFT 3.7 and beyond OPENSHIFT 3.7 and beyond Qu est qu un conteneur? APPLICATIONS INFRASTRUCTURE 2 Processus sur un système d exploitation Applications et toutes ses dépendances Plus simple, léger et dense des VMs Portable

More information

Security Practices in OpenShift

Security Practices in OpenShift Security Practices in OpenShift as experienced @ Amadeus Nenad Bogojević Amadeus S.A.S. Diogenes Rettori Red Hat 2017 Amadeus In one slide _Provides IT services for travel industry _Operates e-commerce

More information

Cloud Native Security. OpenShift Commons Briefing

Cloud Native Security. OpenShift Commons Briefing Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud

More information

Ruby in the Sky with Diamonds. August, 2014 Sao Paulo, Brazil

Ruby in the Sky with Diamonds. August, 2014 Sao Paulo, Brazil Ruby in the Sky with Diamonds August, 2014 Sao Paulo, Brazil JELASTIC PLATFORM AS INFRASTRUCTURE Jelastic provides enterprise cloud software that redefines the economics of cloud deployment and management.

More information

IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion.

IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Please note Copyright 2018 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM IBM s statements

More information

Docker Security. Mika Vatanen

Docker Security. Mika Vatanen Docker Security Mika Vatanen 13.6.2017 About me Mika Vatanen, Solution Architect @ Digia 18 years at the industry, 6 months at Digia Established ii2 a Finnish MySpace, top-5 most used web service in Finland

More information

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016 Introduction to Container Technology Patrick Ladd Technical Account Manager April 13, 2016 Container Technology Containers 3 "Linux Containers" is a Linux kernel feature to contain a group of processes

More information

SUSE s vision for agile software development and deployment in the Software Defined Datacenter

SUSE s vision for agile software development and deployment in the Software Defined Datacenter From Git to Cloud SUSE s vision for agile software development and deployment in the Software Defined Datacenter Joachim Werner Senior Product Manager joe@suse.com Peter Chadwick Director Product Management

More information

SharePoint Online and Azure Integration

SharePoint Online and Azure Integration SharePoint Online and Azure Integration Justin Jackson Managing Partner Valorem Consulting Group You manage You manage You manage Types of Cloud Services (On- Premises) Infrastructure (as a Service) Platform

More information

SBB. Java User Group 27.9 & Tobias Denzler, Philipp Oser

SBB. Java User Group 27.9 & Tobias Denzler, Philipp Oser OpenShift @ SBB Java User Group 27.9 & 25.10.17 Tobias Denzler, Philipp Oser Who we are Tobias Denzler Software Engineer at SBB IT Java & OpenShift enthusiast @tobiasdenzler Philipp Oser Architect at ELCA

More information

Lessons Learned: Deploying Microservices Software Product in Customer Environments Mark Galpin, Solution Architect, JFrog, Inc.

Lessons Learned: Deploying Microservices Software Product in Customer Environments Mark Galpin, Solution Architect, JFrog, Inc. Lessons Learned: Deploying Microservices Software Product in Customer Environments Mark Galpin, Solution Architect, JFrog, Inc. Who s speaking? Mark Galpin Solution Architect @jfrog magalpin Microservices

More information

Docker and Security. September 28, 2017 VASCAN Michael Irwin

Docker and Security. September 28, 2017 VASCAN Michael Irwin Docker and Security September 28, 2017 VASCAN Michael Irwin Quick Intro - Michael Irwin 2011 - Graduated (CS@VT); started full-time at VT Sept 2015 - Started using Docker for QA June 2016 - Attended first

More information

Table of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates

Table of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates Table of Contents Configure and Manage Logging in to the Management Portal Verify and Trust Certificates Configure System Settings Add Cloud Administrators Add Viewers, Developers, or DevOps Administrators

More information

Growth of Docker hub pulls

Growth of Docker hub pulls millions 6000 Growth of Docker hub pulls 5000 5000 4000 3000 2000 2000 1000 300 800 1200 0 May-15 Jun-15 Jul-15 Aug-15 Sep-15 2016 A Highly Complex Ecosystem Security challenges of container opera3ons

More information

MODERNIZING TRADITIONAL SECURITY:

MODERNIZING TRADITIONAL SECURITY: GUIDE TO MODERNIZING TRADITIONAL SECURITY: The Advantages of Moving a Legacy Application to Containers The Leading Cloud Native Cybersecurity Platform Understanding Lift and Shift As containers become

More information

Multitenancy Deep Dive

Multitenancy Deep Dive Multitenancy Deep Dive Thursday, December 7 2:00pm - 3:20pm David Oppenheimer (Google) davidopp@google.com Quinton Hoole (Huawei) quinton.hoole@huawei.com Agenda Presentations Discussion of topics of interest

More information

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS Jane R. Circle Manager, Red Hat Global Cloud Provider Program and Cloud Access Program June 28, 2016 WHAT WE'LL DISCUSS TODAY Hybrid clouds and multi-cloud

More information

TITANIUM CLOUD VIRTUALIZATION PLATFORM

TITANIUM CLOUD VIRTUALIZATION PLATFORM TITANIUM CLOUD VIRTUALIZATION PLATFORM Glenn Seiler Software Defined Infrastructure BU 30 Minutes 12 Content Slides 2017 WIND RIVER. ALL RIGHTS RESERVED. Wind River Titanium Cloud Titanium Cloud is a cloud

More information

Open Service Broker API: Creating a Cross-Platform Standard Doug Davis IBM Shannon Coen Pivotal

Open Service Broker API: Creating a Cross-Platform Standard Doug Davis IBM Shannon Coen Pivotal Open Service Broker API: Creating a Cross-Platform Standard Doug Davis IBM Shannon Coen Pivotal Motivations Application development teams require services From app dependencies to team enablement Managed

More information

Container Orchestration on Amazon Web Services. Arun

Container Orchestration on Amazon Web Services. Arun Container Orchestration on Amazon Web Services Arun Gupta, @arungupta Docker Workflow Development using Docker Docker Community Edition Docker for Mac/Windows/Linux Monthly edge and quarterly stable

More information

Title DC Automation: It s a MARVEL!

Title DC Automation: It s a MARVEL! Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights

More information

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center Container Adoption for NFV Challenges & Opportunities Sriram Natarajan, T-Labs Silicon Valley Innovation Center Virtual Machine vs. Container Stack KVM Container-stack Libraries Guest-OS Hypervisor Libraries

More information

In-cluster Open Source Testing Framework

In-cluster Open Source Testing Framework In-cluster Open Source Testing Framework For Docker containers Neil Gehani Sr. Product Manager, HPE-SW @GehaniNeil About me Former Software Engineer 10+ Years as a Product Manager Previously at: LinkedIn,

More information

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:

More information

Continuous Delivery for Cloud Native Applications

Continuous Delivery for Cloud Native Applications Continuous Delivery for Cloud Native Applications Cyrille Le Clerc, Director, Product Management at CloudBees Bjorn Boe, Senior Field Engineer at Pivotal Software Speakers /Cyrille Le Clerc Product Manager

More information

CLOUD SECURITY CRASH COURSE

CLOUD SECURITY CRASH COURSE CLOUD SECURITY CRASH COURSE ADDRESSING REAL WORLD CONCERNS Joel Friedman, CTSO ABOUT ME Name: Joel Friedman Title: Chief Technology & Security Officer of Datapipe Certifications: CISSP, CISA, CISM, CRISC,

More information

Creating a Reproducible Build System for Docker Images

Creating a Reproducible Build System for Docker Images Creating a Reproducible Build System for Docker Images (Or any OCI Compatible Runtime) PRESENTED BY: Adam Miller Fedora Engineering, Red Hat CC BY-SA 2.0 Today's Topics Define containers in the context

More information

From Containers to Cloud with Linux on IBM Z. Utz Bacher STSM Linux and Containers on IBM Z

From Containers to Cloud with Linux on IBM Z. Utz Bacher STSM Linux and Containers on IBM Z From Containers to Cloud with Linux on IBM Z Utz Bacher STSM Linux and Containers on IBM Z A Message Brought To You By Our Lawyers Trademarks of International Business Machines

More information

Leveraging the Serverless Architecture for Securing Linux Containers

Leveraging the Serverless Architecture for Securing Linux Containers Leveraging the Serverless Architecture for Securing Linux Containers Nilton Bila, Paolo Dettori, Ali Kanso, Yuji Watanabe*, Alaa Youssef IBM T.J. Watson Research Center New York *IBM Research - Tokyo,

More information

Data Center and Cloud Automation

Data Center and Cloud Automation Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve

More information

Fast and Easy Persistent Storage for Docker* Containers with Storidge and Intel

Fast and Easy Persistent Storage for Docker* Containers with Storidge and Intel Solution brief Intel Storage Builders Storidge ContainerIO TM Intel Xeon Processor Scalable Family Intel SSD DC Family for PCIe*/NVMe Fast and Easy Persistent Storage for Docker* Containers with Storidge

More information

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud PRESENTED BY How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud BIG-IP enables the enterprise to efficiently address security and performance when migrating to

More information

Security Readiness Assessment

Security Readiness Assessment Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS

More information

You Have Stateful Apps - What if Kubernetes Would Also Run Your Storage?

You Have Stateful Apps - What if Kubernetes Would Also Run Your Storage? You Have Stateful Apps - What if Kubernetes Would Also Run Your Storage? Annette Clewett, Senior Architect, Red Hat Sudhir Prasad, Product Management Director, Red Hat Agenda Persistent Storage needs in

More information

Contrail Networking: Evolve your cloud with Containers

Contrail Networking: Evolve your cloud with Containers Contrail Networking: Evolve your cloud with Containers INSIDE Containers and Microservices Transformation of the Cloud Building a Network for Containers Juniper Networks Contrail Solution BUILD MORE THAN

More information

#techsummitch

#techsummitch www.thomasmaurer.ch #techsummitch Justin Incarnato Justin Incarnato Microsoft Principal PM - Azure Stack Hyper-scale Hybrid Power of Azure in your datacenter Azure Stack Enterprise-proven On-premises

More information

Kubernetes The Path to Cloud Native

Kubernetes The Path to Cloud Native Kubernetes The Path to Cloud Native Eric Brewer VP, Infrastructure @eric_brewer August 28, 2015 ACM SOCC Cloud Na*ve Applica*ons Middle of a great transition unlimited ethereal resources in the Cloud an

More information

IEEE Sec Dev Conference

IEEE Sec Dev Conference IEEE Sec Dev Conference #23, Improving Attention to Security in Software Design with Analytics and Cognitive Techniques Jim Whitmore (former) IBM Distinguished Engineer Carlisle, PA jjwhitmore@ieee.org

More information

Transform Your Business with Hybrid Cloud

Transform Your Business with Hybrid Cloud Transform Your Business with Hybrid Cloud Cisco gives you greater choice and cost savings, so you can transform IT operations in a way that works best for your organization. We offer an open framework

More information

Introduction to Software Defined Infrastructure SUSE OpenStack Cloud SUSE CaaS Platform

Introduction to Software Defined Infrastructure SUSE OpenStack Cloud SUSE CaaS Platform Introduction to Software Defined Infrastructure SUSE OpenStack Cloud SUSE CaaS Platform Matthias G. Eckermann Director Product Management SUSE Linux Enterprise Helsinki, 2018-03-08 SUSE Software-defined

More information

Deployment Patterns using Docker and Chef

Deployment Patterns using Docker and Chef Deployment Patterns using Docker and Chef Sandeep Chellingi Sandeep.chellingi@prolifics.com Agenda + + Rapid Provisioning + Automated and Managed Deployment IT Challenges - Use-cases What is Docker? What

More information

Deploying and Operating Cloud Native.NET apps

Deploying and Operating Cloud Native.NET apps Deploying and Operating Cloud Native.NET apps Jenny McLaughlin, Sr. Platform Architect Cornelius Mendoza, Sr. Platform Architect Pivotal Cloud Native Practices Continuous Delivery DevOps Microservices

More information

DOCKER 101 FOR JS AFFICIONADOS. Christian Ulbrich, Zalari UG

DOCKER 101 FOR JS AFFICIONADOS. Christian Ulbrich, Zalari UG DOCKER 101 FOR JS AFFICIONADOS Christian Ulbrich, Zalari UG AGENDA Docker what is all the craze about? Docker is hard One-Liners Orchestration Outlook Links DOCKER WTF? DOCKER WTF? Docker is light-weight

More information

Red Hat OpenShift Application Runtimes 1

Red Hat OpenShift Application Runtimes 1 Red Hat OpenShift Application Runtimes 1 Install and Configure the Fabric8 Launcher Tool For Use with Red Hat OpenShift Application Runtimes Last Updated: 2018-03-09 Red Hat OpenShift Application Runtimes

More information

OCI Runtime Tools for Container Standardization

OCI Runtime Tools for Container Standardization OCI Runtime Tools for Container Standardization Ma Shimiao Agenda Background OCI Introduction Runtime Tools Our Contribution Future Plans Q&A 1 Background Container-based

More information

Cisco Prime Service Catalog Virtual Appliance Quick Start Guide 2

Cisco Prime Service Catalog Virtual Appliance Quick Start Guide 2 Cisco Prime Service Catalog 11.1.1 Virtual Appliance Quick Start Guide Cisco Prime Service Catalog 11.1.1 Virtual Appliance Quick Start Guide 2 Introduction 2 Before You Begin 2 Preparing the Virtual Appliance

More information

WHITE PAPER SEPTEMBER 2017 VSPHERE INTEGRATED CONTAINERS 1.2. Architecture Overview

WHITE PAPER SEPTEMBER 2017 VSPHERE INTEGRATED CONTAINERS 1.2. Architecture Overview WHITE PAPER SEPTEMBER 2017 VSPHERE INTEGRATED CONTAINERS 1.2 Architecture Overview Table of Contents vsphere Integrated Containers Overview...4 vsphere Integrated Containers Design Objectives...4 vsphere

More information

What I ll be talking about. About me & bol.com The CI/CD bol.com Current setup. The future in the cloud

What I ll be talking about. About me & bol.com The CI/CD bol.com Current setup. The future in the cloud CI/CD @ bol.com What I ll be talking about 1. 2. 3. 4. 5. About me & bol.com The CI/CD story @ bol.com Current setup Mayfly The future in the cloud About me Maarten Dirkse @mdirkse on Twitter In IT since

More information

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Jeremy Oakey - Sr. Director, Technical Marketing & Integrations BRKCLD-2008 Agenda Introduction Architecture

More information

Using the SDACK Architecture to Build a Big Data Product. Yu-hsin Yeh (Evans Ye) Apache Big Data NA 2016 Vancouver

Using the SDACK Architecture to Build a Big Data Product. Yu-hsin Yeh (Evans Ye) Apache Big Data NA 2016 Vancouver Using the SDACK Architecture to Build a Big Data Product Yu-hsin Yeh (Evans Ye) Apache Big Data NA 2016 Vancouver Outline A Threat Analytic Big Data product The SDACK Architecture Akka Streams and data

More information

Wolfram Richter Red Hat. OpenShift Container Netzwerk aus Sicht der Workload

Wolfram Richter Red Hat. OpenShift Container Netzwerk aus Sicht der Workload Wolfram Richter Red Hat OpenShift Container Netzwerk aus Sicht der Workload Why this session? OpenShift is great for web applications, but we want to do X will this work? X { Analytics, Non-HTTP, High-

More information

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES SESSION ID: STR-R14 THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES Doug Cahill Group Director and Senior Analyst Enterprise Strategy Group @dougcahill WHO IS THIS GUY? Topics The Composition

More information

Red Hat JBoss Middleware for OpenShift 3

Red Hat JBoss Middleware for OpenShift 3 Red Hat JBoss Middleware for OpenShift 3 OpenShift Primer Get started with OpenShift Last Updated: 2018-01-09 Red Hat JBoss Middleware for OpenShift 3 OpenShift Primer Get started with OpenShift Legal

More information

OS Virtualization. Linux Containers (LXC)

OS Virtualization. Linux Containers (LXC) OS Virtualization Emulate OS-level interface with native interface Lightweight virtual machines No hypervisor, OS provides necessary support Referred to as containers Solaris containers, BSD jails, Linux

More information

Introduction to the Open Service Broker API. Doug Davis

Introduction to the Open Service Broker API. Doug Davis Introduction to the Open Service Broker API Doug Davis IBM dug@us.ibm.com @duginabox A Brief History... u PaaS with a mission to make managing Cloud apps simple $ cf push myapp $ cf scale myapp -i 5 u

More information

Docker und IBM Digital Experience in Docker Container

Docker und IBM Digital Experience in Docker Container Docker und IBM Digital Experience in Docker Container 20. 21. Juni 2017 IBM Labor Böblingen 1 What is docker Introduction VMs vs. containers Terminology v Docker components 2 6/22/2017 What is docker?

More information

Security Compliance and Data Governance: Dual problems, single solution CON8015

Security Compliance and Data Governance: Dual problems, single solution CON8015 Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology

More information

Issues Fixed in DC/OS

Issues Fixed in DC/OS Release Notes for 1.10.4 These are the release notes for DC/OS 1.10.4. DOWNLOAD DC/OS OPEN SOURCE Issues Fixed in DC/OS 1.10.4 CORE-1375 - Docker executor does not hang due to lost messages. DOCS-2169

More information

Liferay Security Features Overview. How Liferay Approaches Security

Liferay Security Features Overview. How Liferay Approaches Security Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................

More information

Foundations and Concepts. 04 December 2017 vrealize Automation 7.3

Foundations and Concepts. 04 December 2017 vrealize Automation 7.3 Foundations and Concepts 04 December 2017 vrealize Automation 7.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about

More information

Continuous Integration using Docker & Jenkins

Continuous Integration using Docker & Jenkins Jenkins LinuxCon Europe 2014 October 13-15, 2014 Mattias Giese Solutions Architect giese@b1-systems.de - Linux/Open Source Consulting, Training, Support & Development Introducing B1 Systems founded in

More information

Dan Williams Networking Services, Red Hat

Dan Williams Networking Services, Red Hat Networking Containers with Kubernetes and OpenShift Dan Williams Networking Services, Red Hat Kubernetes Components Web UI Pod apiserver etcd Container 1 Container 2 scheduler controller Command-line interface

More information

Course Overview This five-day course will provide participants with the key knowledge required to deploy and configure Microsoft Azure Stack.

Course Overview This five-day course will provide participants with the key knowledge required to deploy and configure Microsoft Azure Stack. [MS20537]: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Length : 5 Days Audience(s) : IT Professionals Level : 300 Technology : Azure Delivery Method : Instructor-led (Classroom)

More information