Starting the Avalanche:

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Starting the Avalanche:"

Transcription

1 Starting the Avalanche: Application DoS In Microservice Architectures Scott Behrens Jeremy Heffner

2 Introductions Scott Behrens Netflix senior application security engineer Breaking and building for 8+ years Contributor to a variety of open source projects (github.com/sbehrens) Jeremy Heffner Senior Security Software Engineer Developing and securing things for 20+ years

3 DoS focused on application layer logic

4 Photo of a battering ram by Flickr user Patrick Denker; License:

5

6 How Novel is Application DoS?

7 Microservice Primer: High Level View Architecture Client Libraries and API Gateway Circuit Breakers / Failover Cache

8 Microservice Primer: Architecture GOOD Scale Service independence Fault isolation Eliminates stack debt BAD Distributed system complexity Deployment complexity Cascading service failures if things aren t set up right

9 Simplified Microservice API Architecture INTERNET ZUUL PROXY EDGE Middle Backend WEBSITE CORE API Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service ZUUL PROXY PROXIES Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service

10 Microservice Primer: API Gateways and Client Libraries Interface for middle tier services Services provide client libraries to API Gateway Diagrams provided by microservices.io

11 Microservice Primer: Circuit Breaker Helps with handling service failures How do you know what timeout to choose? How long should the breaker be triggered? Diagrams provided by microservices.io

12 Microservice Primer: Cache Speeds up response time Reduces load on services fronted by cache Reduces the number of servers needed to handle requests

13 Old school Application DoS CPU Mem Cache Disk Network

14 New School Application DoS CPU Mem Cache Disk Network Queueing Client Library Timeouts Healthchecks Connection Pool Hardware Operations (HSMs)

15 New School Application DoS CPU Mem Cache Disk Network Queueing Client Library Timeouts Healthchecks Connection Pool Hardware Operations (HSMs)

16 Difference Between Old School and New School App DoS Old School Application DoS New School Application DoS Often 1 to 1 Often 1 to Many

17 Simple Web Application Architecture

18 Old School Application DoS Attack HTTP Timeouts 300 requests per second HTTP Timeouts > perl create_many_profiles.pl POST /create_profile HTTP/1.1 profile_name=$counter + hacker

19 New School Microservice API DoS EDGE Middle Backend Backend Tier Service > python grizzly.py ZUUL PROXY ZUUL PROXY WEBSITE PROXIES CORE API Middle Tier Service Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service POST /recommendations HTTP/1.1 { recommendations : { range : [0,10000]}}

20 New School Microservice API DoS > python grizzly.py Fallback or Site Error ZUUL PROXY ZUUL PROXY EDGE Middle Backend WEBSITE PROXIES CORE API Middle Tier Service Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service POST /recommendations HTTP/1.1 { recommendations : { range : [0,10000]}} Core Client API Timeouts, making circuit many client breakers requests triggered, fallback experience triggered Middle tier services making many calls to backend services Backend service queues filling up with expensive requests

21 Workflow for Identifying Application DoS - Part 1 Identify the most latent service calls Investigate if latent calls allow for manipulation Tune payload to fly under WAF/Rate Limiting Test hypothesis Scale your test using Cloudy Kraken (orchestrator) and Repulsive Grizzly (attack framework)

22 Workflow for Identifying Application DoS - Part 1 Identify the most latent service calls Investigate if latent calls allow for manipulation Tune payload to fly under WAF/Rate Limiting Test hypothesis Scale your test using Cloudy Kraken (orchestrator) and Repulsive Grizzly (attack framework)

23 Identifying Latent Service Calls

24 Identifying Latent Service Calls

25 Microservice Application DoS: Attack Patterns Range Object Out per Object in Request Size All of the Above

26 Application DoS Technique: Range

27 Application DoS Technique: Object Out Per Object In

28 Application DoS Technique: Request Size

29 Application DoS Technique: All of the Above <--What about N languages? <--What about more object fields?

30 Rate Limited # Req Service Impact Service Healthy Service Impact Service Auto-Scaling/Healthy Logical Work Per Request

31 New School Application DoS Attack: Case Study

32 Making the call more expensive

33 Workflow for Identifying Application DoS - Part 2 Identify the most latent service calls Investigate if latent calls allow for range, object out/object in, request size, or other manipulation Tune payload to fly under WAF/Rate Limiting while causing the most application instability Test hypothesis on a smaller scale using Repulsive Grizzly Scale your test using Cloudy Kraken

34 Repulsive Grizzly Skunkworks application DoS framework Written in Python3 Eventlet for high concurrency Uses AWS SNS for logging analysis Easily configurable

35 Repulsive Grizzly: Command File

36 Repulsive Grizzly: Payload and Header Files Provide payloads in any format you want Headers are provided as a JSON key/value hash Use $$AUTH$$ placeholder to tell grizzly where to place tokens

37 Repulsive Grizzly: Bypass Rate Limiter with Sessions

38 Repulsive Grizzly: Single Node

39

40 Cloudy Kraken Overview

41 Push the latest configuration file and attack scripts to S3. Launch instances Tear down and reset the environment in each region Reset the DynamoDB state. Update Config Build Environment Start up Attack Nodes Collect data Tear-Down Configure the VPCs in each region Wait for data to come through SNS

42 Cloudy Kraken Configuration S3 Bucket Zip File and Configuration Reset State DynamoDB Table

43 Cloudy Kraken: Key AWS Deployment Building Blocks Region VPC Auto-Scaling Group Node Node NodeNode Node Node Node NodeNode Node AZ/Subnet AZ/Subnet Region => AWS Geographical Region VPC => VLAN ASG => Automatically starts identical nodes AZ/Subnet => Localized nodes / Subnet Launch Config => Initial configuration

44 Cloudy Kraken Deployment phase VPC Region A Security Group Auto Scaling Group VPC Region B Security Group Auto Scaling Group

45 Cloudy Kraken Workers Each worker node is a single EC2 instance Each worker runs many threads EC2 gives you access to Enhanced Networking Driver Minimal overhead with launch config and ASG

46 Cloudy Kraken Execution phase On startup, each worker node runs a cloud-init script Enables ssh access for monitoring and debugging Downloads and runs main config script Downloads ZIP file with attack script Spins up attack worker Waits for coordinated time to start

47 Cloudy Kraken Kill-Switch Script to set the kill switch, and bring it all down

48 Cloudy Kraken Tear-Down Terminates all the instances Removes ASGs and Launch Configs Removes VPC, Security group, and Instance Profiles

49 We scaled up, time to run the test! Tested against prod Multi-region and multi-agent Conducted two 5 minute attacks Monitored for success

50 Results of Test 80% Error Rate

51 $ minute outage for a single AWS region

52 So What Failed? Expensive API calls could be invoked with non-member cookies Expensive traffic resulted in many RPCs per request WAF/Rate Limiter was unable to monitor middle tier RPCs Missing fallback experience when cache missed

53 Demo Test app Launching and scaling attack with Cloudy Kraken

54 Microservice Application DoS: Mitigations Understand which microservices impact customer experience

55 Microservice Application DoS: Mitigations Rate limiter (WAF) should monitor middle tier signals or cost of request*

56 Microservice Application DoS: Mitigations Middle tier services should provide context on abnormal behavior

57 Microservice Application DoS: Mitigations Rate limiter (WAF) should monitor volume of cache misses*

58 Microservice Application DoS: Mitigations Prioritize authenticated traffic over unauthenticated

59 Microservice Application DoS: Mitigations Configure reasonable client library timeouts

60 Microservice Application DoS: Mitigations Trigger fallback experiences when cache or lookups fail

61 Thanks!

Elastic Load Balancing

Elastic Load Balancing Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th,

More information

Microservices without the Servers: AWS Lambda in Action

Microservices without the Servers: AWS Lambda in Action Microservices without the Servers: AWS Lambda in Action Dr. Tim Wagner, General Manager AWS Lambda August 19, 2015 Seattle, WA 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Two

More information

Pragmatic Cloud Security

Pragmatic Cloud Security Pragmatic Cloud Security Rich Mogull, Analyst & CEO, Securosis, LLC @rmogull events.techtarget.com Information Security Decisions TechTarget This Old Process Assess Redesign Secure Inspect Profit! Information

More information

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

How can you implement this through a script that a scheduling daemon runs daily on the application servers? You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups

More information

Develop and test your Mobile App faster on AWS

Develop and test your Mobile App faster on AWS Develop and test your Mobile App faster on AWS Carlos Sanchiz, Solutions Architect @xcarlosx26 #AWSSummit 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The best mobile apps are

More information

SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud

SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud Quick Start Reference Deployment Judah Bernstein, Tod Golding, and Santiago Cardenas Amazon Web Services October 2017 Last updated: December

More information

PREPARING FOR DISASTER

PREPARING FOR DISASTER PREPARING FOR DISASTER INTEGRATING BCDR PRINCIPLES INTO YOUR DEVOPS PRACTICE Jeremy Heffner SANS Secure DevOps Summit & Training October 2017 CODE SPACES Source: https://arstechnica.com/information-technology/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/

More information

Managing your microservices with Kubernetes and Istio. Craig Box

Managing your microservices with Kubernetes and Istio. Craig Box Managing your microservices with Kubernetes and Istio Craig Box Agenda What is a Service Mesh? How we got here: a story Architecture and details Q&A 2 What is a service mesh? A network for services, not

More information

Going Serverless. Building Production Applications Without Managing Infrastructure

Going Serverless. Building Production Applications Without Managing Infrastructure Going Serverless Building Production Applications Without Managing Infrastructure Objectives of this talk Outline what serverless means Discuss AWS Lambda and its considerations Delve into common application

More information

Using AWS to Build a Large Scale Dockerized Microservices Architecture. Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30.

Using AWS to Build a Large Scale Dockerized Microservices Architecture. Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30. Using AWS to Build a Large Scale Dockerized Microservices Architecture Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30. Juni 2016 The moovel Group GmbH Our vision is an ecosystem that simplifies mobility

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud? DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing Slide 1 Slide 3 ➀ What is Cloud Computing? ➁ X as a Service ➂ Key Challenges ➃ Developing for the Cloud Why is it called Cloud? services provided

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

A Cloud Gateway - A Large Scale Company s First Line of Defense. Mikey Cohen Manager - Edge Gateway Netflix

A Cloud Gateway - A Large Scale Company s First Line of Defense. Mikey Cohen Manager - Edge Gateway Netflix A Cloud - A Large Scale Company s First Line of Defense Mikey Cohen Manager - Edge Netflix Today, more than 36% of North America s internet traffic is controlled by systems in the Amazon Cloud Global

More information

AWS London Loft: CloudFormation Workshop

AWS London Loft: CloudFormation Workshop AWS London Loft: CloudFormation Workshop Templated AWS Resources Tom Maddox Solutions Architect tmaddox@amazon.co.uk Who am I? Gardener (Capacity Planning) Motorcyclist (Agility) Mobile App Writer Problem

More information

Istio. A modern service mesh. Louis Ryan Principal

Istio. A modern service mesh. Louis Ryan Principal Istio A modern service mesh Louis Ryan Principal Engineer @ Google @louiscryan My Google Career HTTP Reverse Proxy HTTP HTTP2 GRPC Reverse Proxy Reverse Proxy HTTP API Proxy HTTP Control Plane HTTP2 GRPC

More information

How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018

How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018 How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018 owen@nginx.com All problems in computer science can be solved by another layer of indirection --- David Wheeler, FRS This giant

More information

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI

More information

AWS 101. Patrick Pierson, IonChannel

AWS 101. Patrick Pierson, IonChannel AWS 101 Patrick Pierson, IonChannel What is AWS? Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help

More information

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter AWS Solutions Architect (Associate) Exam Course Manual Enter Linux Academy Keller, Texas United States of America March 31, 2017 To All Linux Academy Students: Welcome to Linux Academy's AWS Certified

More information

Four times Microservices: REST, Kubernetes, UI Integration, Async. Eberhard Fellow

Four times Microservices: REST, Kubernetes, UI Integration, Async. Eberhard  Fellow Four times Microservices: REST, Kubernetes, UI Integration, Async Eberhard Wolff @ewolff http://ewolff.com Fellow http://continuous-delivery-buch.de/ http://continuous-delivery-book.com/ http://microservices-buch.de/

More information

Tetration Cluster Cloud Deployment Guide

Tetration Cluster Cloud Deployment Guide First Published: 2017-11-16 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE

More information

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security

More information

To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin,

To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin, To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry Tony Erwin, aerwin@us.ibm.com Agenda Origins of the Bluemix UI Demons of the Monolith Slaying Demons with

More information

Microservices Implementations not only with Java. Eberhard Wolff Fellow

Microservices Implementations not only with Java. Eberhard Wolff Fellow Microservices Implementations not only with Java Eberhard Wolff http://ewolff.com @ewolff Fellow http://continuous-delivery-buch.de/ http://continuous-delivery-book.com/ http://microservices-buch.de/ http://microservices-book.com/

More information

Cloud Security Best Practices

Cloud Security Best Practices Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal

More information

Designing Services for Resilience Experiments: Lessons from Netflix. Nora Jones, Senior Chaos

Designing Services for Resilience Experiments: Lessons from Netflix. Nora Jones, Senior Chaos Designing Services for Resilience Experiments: Lessons from Netflix Nora Jones, Senior Chaos Engineer @nora_js Designing Services for Resilience Experiments: Lessons from Netflix Nora Jones, Senior

More information

TIBCO Cloud Integration Security Overview

TIBCO Cloud Integration Security Overview TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized

More information

SAMPLE CHAPTER. Event-driven serverless applications. Danilo Poccia. FOREWORD BY James Governor MANNING

SAMPLE CHAPTER. Event-driven serverless applications. Danilo Poccia. FOREWORD BY James Governor MANNING SAMPLE CHAPTER Event-driven serverless applications Danilo Poccia FOREWORD BY James Governor MANNING AWS Lambda in Action by Danilo Poccia Chapter 8 Copyright 2017 Manning Publications brief contents PART

More information

Foundations of Python

Foundations of Python Foundations of Python Network Programming The comprehensive guide to building network applications with Python Second Edition Brandon Rhodes John Goerzen Apress Contents Contents at a Glance About the

More information

LEAN & MEAN - GO MICROSERVICES WITH DOCKER SWARM AND SPRING CLOUD

LEAN & MEAN - GO MICROSERVICES WITH DOCKER SWARM AND SPRING CLOUD LEAN & MEAN - GO MICROSERVICES WITH DOCKER SWARM AND SPRING CLOUD ERIK LUPANDER 2017-01-25 CALLISTAENTERPRISE.SE 2 What Go? 3 ON THE AGENDA Background: The footprint problem. The Go programming language

More information

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Cloud security 2.0: Joko nyt pilveen voi luottaa? Cloud security 2.0: Joko nyt pilveen voi luottaa? www.nordcloud.com 11 04 2017 Helsinki 2 Teemu Lehtonen Senior Cloud architect, Security teemu.lehtonen@nordcloud.com +358 40 6329445 Nordcloud Finland

More information

HashiCorp Vault on the AWS Cloud

HashiCorp Vault on the AWS Cloud HashiCorp Vault on the AWS Cloud Quick Start Reference Deployment November 2016 Last update: April 2017 (revisions) Cameron Stokes, HashiCorp, Inc. Tony Vattathil and Brandon Chavis, Amazon Web Services

More information

Alteryx Technical Overview

Alteryx Technical Overview Alteryx Technical Overview v 1.5, March 2017 2017 Alteryx, Inc. v1.5, March 2017 Page 1 Contents System Overview... 3 Alteryx Designer... 3 Alteryx Engine... 3 Alteryx Service... 5 Alteryx Scheduler...

More information

INTRODUCING CISCO SECURITY FOR AWS

INTRODUCING CISCO SECURITY FOR AWS SESSION ID: SPO1-T08 INTRODUCING CISCO SECURITY FOR AWS Patrick Crowley CTO Cisco, Stealthwatch Cloud @p_crowley Who am I? I work for Cisco Systems, in the Security Business Group Founder, Observable Networks:

More information

ForeScout Extended Module for ServiceNow

ForeScout Extended Module for ServiceNow ForeScout Extended Module for ServiceNow Version 1.2 Table of Contents About ServiceNow Integration... 4 Use Cases... 4 Asset Identification... 4 Asset Inventory True-up... 5 Additional ServiceNow Documentation...

More information

Layer-4 to Layer-7 Services

Layer-4 to Layer-7 Services Overview, page 1 Tenant Edge-Firewall, page 1 LBaaS, page 2 FWaaS, page 4 Firewall Configuration, page 6 Overview Layer-4 through Layer-7 services support(s) end-to-end communication between a source and

More information

ArcGIS Enterprise in the Amazon Cloud

ArcGIS Enterprise in the Amazon Cloud ArcGIS Enterprise in the Amazon Cloud Cherry Lin (clin@esri.com) David Cordes (dcordes@esri.com) This Presentation Available at http://bit.ly/2tz2hpu AWS SIG Date: 07/13/2017 Time: 12:00pm - 1:00pm Location:

More information

AWS plug-in. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

AWS plug-in. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved. AWS plug-in Qlik Sense 3.0 Copyright 1993-2016 QlikTech International AB. All rights reserved. Copyright 1993-2016 QlikTech International AB. All rights reserved. Qlik, QlikTech, Qlik Sense, QlikView,

More information

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

En partenariat avec CA Technologies. Genève, Hôtel Warwick, SIGS Afterwork Event in Geneva API Security as Part of Digital Transformation Projects The role of API security in digital transformation Nagib Aouini, Head of Cyber Security Services Defense & Cyber Security

More information

CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS

CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS APACHE MESOS NYC MEETUP SEPTEMBER 22, 2016 CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS WHO WE ARE ROGER IGNAZIO SUNIL SHAH Tech Lead at Mesosphere @rogerignazio Product Manager at Mesosphere @ssk2

More information

Pontoon An Enterprise grade serverless framework using Kubernetes Kumar Gaurav, Director R&D, VMware Mageshwaran R, Staff Engineer R&D, VMware

Pontoon An Enterprise grade serverless framework using Kubernetes Kumar Gaurav, Director R&D, VMware Mageshwaran R, Staff Engineer R&D, VMware Pontoon An Enterprise grade serverless framework using Kubernetes Kumar Gaurav, Director R&D, VMware Mageshwaran R, Staff Engineer R&D, VMware Serverless: a quick review Enables running back end logic

More information

AWS Mobile Hub. Build, Test, and Monitor Your Mobile Apps. Daniel Geske, Solutions Architect 31 May 2017

AWS Mobile Hub. Build, Test, and Monitor Your Mobile Apps. Daniel Geske, Solutions Architect 31 May 2017 AWS Mobile Hub Build, Test, and Monitor Your Mobile Apps Daniel Geske, Solutions Architect 31 May 2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to Expect from the Session

More information

Using SQL Server on Amazon Web Services

Using SQL Server on Amazon Web Services Using SQL Server on Amazon Web Services High Availability and Reliability in the Cloud Michael Barras, Sr. Database Engineer August 26, 2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights

More information

Container Orchestration on Amazon Web Services. Arun

Container Orchestration on Amazon Web Services. Arun Container Orchestration on Amazon Web Services Arun Gupta, @arungupta Docker Workflow Development using Docker Docker Community Edition Docker for Mac/Windows/Linux Monthly edge and quarterly stable

More information

SCALE AND SECURE MOBILE / IOT MQTT TRAFFIC

SCALE AND SECURE MOBILE / IOT MQTT TRAFFIC APPLICATION NOTE SCALE AND SECURE MOBILE / IOT TRAFFIC Connecting millions of devices requires a simple implementation for fast deployments, adaptive security for protection against hacker attacks, and

More information

Software Architecture Patterns

Software Architecture Patterns Software Architecture Patterns *based on a tutorial of Michael Stal Harald Gall University of Zurich http://seal.ifi.uzh.ch/ase www.infosys.tuwien.ac.at Overview Goal Basic architectural understanding

More information

API Best Practices. Managing APIs holistically across the enterprise

API Best Practices. Managing APIs holistically across the enterprise API Best Practices Managing APIs holistically across the enterprise APIs are critical to evolving application architectures Public clouds Microservices Distributed apps μservice μservice μservice μservice

More information

N different strategies to automate OWASP ZAP

N different strategies to automate OWASP ZAP OWASP BUCHAREST APPSEC CONFERENCE 13 OCTOBER 2017 The OWASP Foundation http://www.owasp.org N different strategies to automate OWASP ZAP The OWASP Zed Attack Proxy Marudhamaran Gunasekaran Zap Contributor

More information

Is Your Project in Trouble on System Performance?

Is Your Project in Trouble on System Performance? Is Your Project in Trouble on System Performance? Charles Chow May 2017 Is SATURN Your Project 2017 in Trouble - Is Your on System Project Performance? in Trouble on System Performance? May 2017 1 4, [Copyright

More information

Microservices with Red Hat. JBoss Fuse

Microservices with Red Hat. JBoss Fuse Microservices with Red Hat Ruud Zwakenberg - ruud@redhat.com Senior Solutions Architect June 2017 JBoss Fuse and 3scale API Management Disclaimer The content set forth herein is Red Hat confidential information

More information

Cloud Computing ECPE 276. AWS Hosted Services

Cloud Computing ECPE 276. AWS Hosted Services Cloud Computing ECPE 276 AWS Hosted Services 2 Compute 3 Compute Options 1. Amazon Elas2c Compute Cloud (EC2) 2. Amazon Lambda (λ) 3. Amazon Elas2c Bean Stalk (EBS) 4. Other services 1. ElasDc Load Balancing

More information

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense Hosting DesktopNow in Amazon Web Services Ivanti DesktopNow powered by AppSense Contents Purpose of this Document... 3 Overview... 3 1 Non load balanced Amazon Web Services Environment... 4 Amazon Web

More information

Technical Brief. A Checklist for Every API Call. Managing the Complete API Lifecycle

Technical Brief. A Checklist for Every API Call. Managing the Complete API Lifecycle Technical Brief A Checklist for Table of Contents Introduction: The API Lifecycle 2 3 Security professionals API developers Operations engineers API product or business owners Apigee Edge 7 A Checklist

More information

Lessons Learned Operating Active/Active Data Centers Ethan Banks, CCIE

Lessons Learned Operating Active/Active Data Centers Ethan Banks, CCIE Lessons Learned Operating Active/Active Data Centers Ethan Banks, CCIE #20655 @ecbanks Senior Network Architect, Carenection Co-founder, Packet Pushers Interactive http://ethancbanks.com http://packetpushers.net

More information

AWS Tools for Microsoft Visual Studio Team Services: User Guide

AWS Tools for Microsoft Visual Studio Team Services: User Guide AWS Tools for Microsoft Visual Studio Team Services User Guide AWS Tools for Microsoft Visual Studio Team Services: User Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights

More information

DMTN-003: Description of v1.0 of the Alert Production Simulator

DMTN-003: Description of v1.0 of the Alert Production Simulator DMTN-003: Description of v1.0 of the Alert Production Simulator Release 1.0 Stephen Pietrowicz 2015-12-07 Contents 1 Systems 3 2 Software packages 5 3 Workflow 7 3.1 Status...................................................

More information

Certificate of Registration

Certificate of Registration Certificate of Registration THIS IS TO CERTIFY THAT 2001 8th Ave, Seattle, WA 98121 USA operates AWS using IaaS model (Amazon CloudFront, Amazon Elastic Block Store (EBS), Amazon Elastic Compute Cloud

More information

Eyes Everywhere: Monitoring Today's Borderless Landscape

Eyes Everywhere: Monitoring Today's Borderless Landscape SESSION ID: CMI1-R09 Eyes Everywhere: Monitoring Today's Borderless Landscape Bill Shinn Principal Security Architect Amazon Web Services @packet791 What we ll cover today Event & Finding Reference Architecture

More information

Backend Development. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Backend Development. SWE 432, Fall 2017 Design and Implementation of Software for the Web Backend Development SWE 432, Fall 2017 Design and Implementation of Software for the Web Real World Example https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/

More information

Qualys Cloud Suite 2.30

Qualys Cloud Suite 2.30 Qualys Cloud Suite 2.30 Here s what s new in Qualys Cloud Suite 2.30! AssetView ThreatPROTECT Dynamic tag support for Amazon EC2 Metadata Search Assets by Amazon EC2 Metadata Cloud Agent Download Search

More information

Scaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect

Scaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect Berlin 2015 Scaling on AWS From 1 to 10 Million Users Matthias Jung, Solutions Architect AWS @jungmats How to Scale? lot of results not the right starting point What is the right starting point? First

More information

Exam Questions AWS-Solution- Architect-Associate

Exam Questions AWS-Solution- Architect-Associate Exam Questions AWS-Solution- Architect-Associate AWS Certified Solutions Architect - Associate https://www.2passeasy.com/dumps/aws-solution- Architect-Associate/ 1. Does DynamoDB support in-place atomic

More information

Pusher Documentation. Release. Top Free Games

Pusher Documentation. Release. Top Free Games Pusher Documentation Release Top Free Games January 18, 2017 Contents 1 Overview 3 1.1 Features.................................................. 3 1.2 The Stack.................................................

More information

Architecting for Greater Security in AWS

Architecting for Greater Security in AWS Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All

More information

The Gearman Cookbook OSCON Eric Day Senior Software Rackspace

The Gearman Cookbook OSCON Eric Day  Senior Software Rackspace The Gearman Cookbook OSCON 2010 Eric Day http://oddments.org/ Senior Software Engineer @ Rackspace Thanks for being here! OSCON 2010 The Gearman Cookbook 2 Ask questions! Grab a mic for long questions.

More information

The Evolution of Microservices. Adrian Technology Fellow - Battery Ventures June 2016

The Evolution of Microservices. Adrian Technology Fellow - Battery Ventures June 2016 The Evolution of Microservices Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures June 2016 What does @adrianco do? Presentations at Conferences Maintain Relationship with Cloud Vendors Technology

More information

Modern Identity Management Patterns for Microservices and Mobile

Modern Identity Management Patterns for Microservices and Mobile SESSION ID: SDS-F04 Modern Identity Management Patterns for Microservices and Mobile Mark Perry APAC CTO Ping Identity @markperryau IT S A NEW WORLD Everything s Mobile 2 IT S A NEW WORLD Agile Backend

More information

Internet Information Server 6.0

Internet Information Server 6.0 Internet Information Server 6.0 Introduction and Overview The IIS 6.0 core components and architecture are redesigned, which makes this version of IIS significantly different from previous versions. IIS

More information

Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation

Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation What s BYOD Device Public Cloud Device Enterprise On-Premise Cloud BYOD Protocols and Test Design

More information

Cloud Security Strategy - Adapt to Changes with Security Automation -

Cloud Security Strategy - Adapt to Changes with Security Automation - SESSION ID: CMI-F03 Cloud Security Strategy - Adapt to Changes with Security Automation - Hayato Kiriyama Security Solutions Architect Amazon Web Services Japan K.K. @hkiriyam1 Agenda New Normal of Security

More information

4) An organization needs a data store to handle the following data types and access patterns:

4) An organization needs a data store to handle the following data types and access patterns: 1) A company needs to deploy a data lake solution for their data scientists in which all company data is accessible and stored in a central S3 bucket. The company segregates the data by business unit,

More information

AWS Remote Access VPC Bundle

AWS Remote Access VPC Bundle AWS Remote Access VPC Bundle Deployment Guide Last updated: April 11, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto CA 94301 USA http://www.aviatrix.com Tel: +1 844.262.3100 Page 1 of 12 TABLE

More information

Large-Scale Web Applications

Large-Scale Web Applications Large-Scale Web Applications Mendel Rosenblum Web Application Architecture Web Browser Web Server / Application server Storage System HTTP Internet CS142 Lecture Notes - Intro LAN 2 Large-Scale: Scale-Out

More information

Exam Name: Troubleshooting and Maintaining Cisco IP Networks (TSHOOT v2.0)

Exam Name: Troubleshooting and Maintaining Cisco IP Networks (TSHOOT v2.0) Vendor: Cisco Exam Code: 300-135 Exam Name: Troubleshooting and Maintaining Cisco IP Networks (TSHOOT v2.0) Version: DEMO QUESTION 1 The following commands are issued on a Cisco Router: Router(configuration)#access-list

More information

AWS Lambda in (a bit of) theory and in action. Adam Smolnik

AWS Lambda in (a bit of) theory and in action. Adam Smolnik AWS Lambda in (a bit of) theory and in action Adam Smolnik A bit of a function theory The term Lambda (λ) originated from Lambda calculus - a theoretical universal model for describing functions and their

More information

Deep Dive into Cloud Native Open Source with NetflixOSS

Deep Dive into Cloud Native Open Source with NetflixOSS Deep Dive into Cloud Native Open Source with NetflixOSS GOTO Copenhagen/Aarhus 2014 Adrian Cockcroft Battery Ventures - @adrianco Thanks to Ruslan Meshenberg Netflix - @rusmeshenberg Congratulations, your

More information

Twitch Plays Pokémon: Twitch s Chat Architecture. John Rizzo Sr Software Engineer

Twitch Plays Pokémon: Twitch s Chat Architecture. John Rizzo Sr Software Engineer Twitch Plays Pokémon: Twitch s Chat Architecture John Rizzo Sr Software Engineer About Me Twitch Introduction Twitch Introduction Twitch Introduction Over 800k concurrent users Tens of BILLIONS of daily

More information

Cloud-Native Applications. Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0

Cloud-Native Applications. Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0 Cloud-Native Applications Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0 Cloud-Native Characteristics Lean Form a hypothesis, build just enough to validate or disprove it. Learn

More information

Which compute option is designed for the above scenario? A. OpenWhisk B. Containers C. Virtual Servers D. Cloud Foundry

Which compute option is designed for the above scenario? A. OpenWhisk B. Containers C. Virtual Servers D. Cloud Foundry 1. A developer needs to create support for a workload that is stateless and short-living. The workload can be any one of the following: - API/microservice /web application implementation - Mobile backend

More information

Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian

Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research & IoT Architect @Neustar @DoYouQA 20+ Home Previously years in IT, QA,

More information

Ruby in the Sky with Diamonds. August, 2014 Sao Paulo, Brazil

Ruby in the Sky with Diamonds. August, 2014 Sao Paulo, Brazil Ruby in the Sky with Diamonds August, 2014 Sao Paulo, Brazil JELASTIC PLATFORM AS INFRASTRUCTURE Jelastic provides enterprise cloud software that redefines the economics of cloud deployment and management.

More information

Containers and the Evolution of Computing

Containers and the Evolution of Computing Containers and the Evolution of Computing Matt Nowina Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling Applications Order UI User UI Shipping UI Order

More information

Scale-out Storage Solution and Challenges Mahadev Gaonkar igate

Scale-out Storage Solution and Challenges Mahadev Gaonkar igate Scale-out Solution and Challenges Mahadev Gaonkar igate 2013 Developer Conference. igate. All Rights Reserved. Table of Content Overview of Scale-out Scale-out NAS Solution Architecture IO Workload Distribution

More information

Overcoming the Challenges of Automating Security in a DevOps Environment

Overcoming the Challenges of Automating Security in a DevOps Environment SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial

More information

Troubleshooting AWS App

Troubleshooting AWS App Troubleshooting AWS App Workshop Splunk Add-on for AWS 4.3+ Kamilo Amir Splunk Cloud Architect Table of Contents TROUBLESHOOTING SPLUNK APP / ADD-ON FOR AWS 4 PERMISSIONS REVIEW 4 SEARCHES 5 VALIDATE HEC

More information

Reference Architecture

Reference Architecture vrealize Automation 7.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

SAMPLE CHAPTER. Event-driven serverless applications. Danilo Poccia. FOREWORD BY James Governor MANNING

SAMPLE CHAPTER. Event-driven serverless applications. Danilo Poccia. FOREWORD BY James Governor MANNING SAMPLE CHAPTER Event-driven serverless applications Danilo Poccia FOREWORD BY James Governor MANNING in Action by Danilo Poccia Chapter 1 Copyright 2017 Manning Publications brief contents PART 1 FIRST

More information

LB Cache Quick Start Guide v1.0

LB Cache Quick Start Guide v1.0 LB Cache Quick Start Guide v1.0 Rev. 1.1.0 Copyright 2002 2017 Loadbalancer.org, Inc Table of Contents Introduction...3 About LBCache...3 Amazon Terminology...3 Getting Started...3 Deployment Concepts...4

More information

Network Security & Access Control in AWS

Network Security & Access Control in AWS Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account

More information

Reference Architecture. vrealize Automation 7.0

Reference Architecture. vrealize Automation 7.0 vrealize Automation 7.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to

More information

Persistence. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Persistence. SWE 432, Fall 2017 Design and Implementation of Software for the Web Persistence SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Demo: Promises and Timers What is state in a web application? How do we store it, and how do we choose where to store

More information

The Wuppertal Tier-2 Center and recent software developments on Job Monitoring for ATLAS

The Wuppertal Tier-2 Center and recent software developments on Job Monitoring for ATLAS The Wuppertal Tier-2 Center and recent software developments on Job Monitoring for ATLAS DESY Computing Seminar Frank Volkmer, M. Sc. Bergische Universität Wuppertal Introduction Hardware Pleiades Cluster

More information

User Manual. Admin Report Kit for IIS 7 (ARKIIS)

User Manual. Admin Report Kit for IIS 7 (ARKIIS) User Manual Admin Report Kit for IIS 7 (ARKIIS) Table of Contents 1 Admin Report Kit for IIS 7... 1 1.1 About ARKIIS... 1 1.2 Who can Use ARKIIS?... 1 1.3 System requirements... 2 1.4 Technical Support...

More information

SAS Viya 3.2 Administration: SAS Infrastructure Data Server

SAS Viya 3.2 Administration: SAS Infrastructure Data Server SAS Viya 3.2 Administration: SAS Infrastructure Data Server SAS Infrastructure Data Server: Overview SAS Infrastructure Data Server is based on PostgreSQL version 9 and is configured specifically to support

More information

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3 ForeScout CounterACT Hybrid Cloud Module: Amazon Web Services (AWS) Plugin Version 1.3 Table of Contents Amazon Web Services Plugin Overview... 4 Use Cases... 5 Providing Consolidated Visibility... 5 Dynamic

More information

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS Quick Reference Guide V1.0.2 ABOUT THIS GUIDE This document provides a quick reference guide on how to load balance Nginx Web Servers and configure

More information

MATLAB. Senior Application Engineer The MathWorks Korea The MathWorks, Inc. 2

MATLAB. Senior Application Engineer The MathWorks Korea The MathWorks, Inc. 2 1 Senior Application Engineer The MathWorks Korea 2017 The MathWorks, Inc. 2 Data Analytics Workflow Business Systems Smart Connected Systems Data Acquisition Engineering, Scientific, and Field Business

More information

Asynchronous SIP Routing

Asynchronous SIP Routing Asynchronous SIP Routing SIP Express Router (SER) and Kamailio (OpenSER) SIP-Router.org Daniel-Constantin Mierla Co-Founder Kamailio asipto.com www.kamailio.org 2 History 2002 Jun 2005 Jul 2008 Aug 2008

More information

Containers & Microservices For Realists. Karthik

Containers & Microservices For Realists. Karthik Containers & Microservices For Realists Karthik Gaekwad @iteration1 Karthik Gaekwad @iteration1 Principal Member of Technical Staff Oracle Container Cloud Team Previous: 10 years building cloud products

More information

Best Practice Deployment of F5 App Services in Private Clouds. Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect

Best Practice Deployment of F5 App Services in Private Clouds. Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect Best Practice Deployment of F5 App Services in Private Clouds Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect Agenda 1 2 3 4 5 The trend of data center, private cloud

More information