Istio. A modern service mesh. Louis Ryan Principal
|
|
- Dylan Harvey
- 6 years ago
- Views:
Transcription
1 Istio A modern service mesh Louis Ryan Principal
2 My Google Career HTTP Reverse Proxy HTTP HTTP2 GRPC Reverse Proxy Reverse Proxy HTTP API Proxy HTTP Control Plane HTTP2 GRPC Stubby API Proxy v2 GData Library Server Stubby GRPC (local) Server Server Centralization Performance & Isolation
3 Cloud Internal & External Convergence HTTP2 GRPC Network distance & bandwidth Protocols Isolation & Reliability Security Concerns Reverse Proxy Control Plane HTTP2 GRPC API Proxy v2 Stubby GRPC (local) Sidecar! Server
4 Decoupling Velocity Operators & Developers Code & Networking Network Topology & Security Modernization & Architecture
5 What is a Service Mesh? A network for services, not bytes Observability Resiliency Traffic Control Security Policy Enforcement Zero code change FREE!
6 What is a Service Mesh? A network for services, not bytes Observability Resiliency Traffic Control Security Policy Enforcement
7 Weaving the mesh - Sidecars HTTP/1.1, HTTP/2, grpc, TCP with or without TLS HTTP/1.1, HTTP/2, grpc, TCP with or without TLS Internet proxy sidecar sidecar svca svcb Service A Outbound features: Service authentication Load balancing Retry and circuit breaker Fine-grained routing Telemetry Request Tracing Fault Injection Service B Inbound features: Service authentication Authorization Rate limits Load shedding Telemetry Request Tracing Fault Injection External Services
8 Istio - Putting it all together Control Plane API Pilot Control flow during request processing Mixer Istio-Auth Discovery & Config data to Envoys TLS certs to Envoy Policy checks, telemetry Pod Traffic is transparently intercepted and proxied. App is unaware of Envoy s presence Envoy Envoy svca svcb Service A Service B
9 Our sidecar of choice - Envoy A C++ based L4/L7 proxy Low memory footprint Lyft 100+ services 10,000+ VMs 2M req/s Plus an awesome team willing to work with the community! Goodies: API driven config updates no reloads Zone-aware load balancing w/ failover Traffic routing and splitting Health checks, circuit breakers, timeouts, retry budgets, fault injection, HTTP/2 & grpc Transparent proxying Designed for observability
10 Custom Eureka Consul Environment-specific topology extraction Topology is mapped to a platform-agnostic model. Additional rules are layered onto the model. E.g. retries, traffic splits etc. Configuration is pushed to Envoy and applied without restarts Rules API 1. Kubernetes Modeling the Service Mesh Platform Adapter Abstract Model Pilot Envoy API Service discovery & traffic rules Envoy Envoy Envoy Envoy
11 What is a Service Mesh? A network for services, not bytes Observability Resiliency Traffic Control Security Policy Enforcement
12 Visibility Monitoring & tracing should not be an afterthought in the infrastructure Goals Istio - Grafana dashboard w/ Prometheus backend Metrics without instrumenting apps Consistent metrics across fleet Trace flow of requests across services Portable across metric backend providers Istio Zipkin tracing dashboard
13 Visibility: Metrics Requests Requests Responses Envoy Responses Service Traces Mixer collects metrics emitted by Envoys Adapters in the Mixer normalize and forward to monitoring backends Metrics backend can be swapped at runtime Zipkin Report([ ]attributes) Check(attributes) Mixer Operator Supplied Config Adapters Backends Prometheus Stackdriver GUIs ServiceGraph Example Grafana Statsd Weave Scope
14 Visibility: Tracing Requests Requests Responses Envoy Responses Service Traces Applications do not have to deal with generating spans or correlating causality Mixer Applications need to forward context headers on outbound calls Envoy sends traces to Mixer Adapters at Mixer send traces to respective backends Report([ ]attributes) Check(attributes) Envoys generate spans Zipkin Operator Supplied Config Adapters Backends Prometheus Stackdriver GUIs ServiceGraph Example Grafana Statsd Weave Scope
15 What is a Service Mesh? A network for services, not bytes Observability Resiliency Traffic Control Security Control
16 Resiliency Istio adds fault tolerance to your application without any changes to code // Circuit breakers destination: serviceb.example.cluster.local policy: - tags: version: v1 circuitbreaker: simplecb: maxconnections: 100 httpmaxrequests: 1000 httpmaxrequestsperconnection: 10 httpconsecutiveerrors: 7 sleepwindow: 15m httpdetectioninterval: 5m Resilience features Timeouts Retries with timeout budget Circuit breakers Health checks AZ-aware load balancing w/ automatic failover Control connection pool size and request load Systematic fault injection
17 What is a Service Mesh? A network for services, not bytes Observability Resiliency & Efficiency Traffic Control Security Policy Enforcement
18 Traffic Splitting serviceb.example.cluster.local Rules API // A simple traffic splitting rule Pilot Traffic routing rules 99% Envoy Pod Envoy svcb 1% svca Envoy Service A svcb Traffic control is decoupled from infrastructure scaling Pod Labels: version: v2.0-alpha, env:us-staging Service B destination: serviceb.example.cluster.local match: source: servicea.example.cluster.local route: - tags: version: v1.5 env: us-prod weight: 99 - tags: version: v2.0-alpha env: us-staging weight: 1 Pod Labels: version: v1.5 env: us-prod
19 Traffic Steering // Content-based traffic steering rule destination: serviceb.example.cluster.local match: httpheaders: user-agent: regex: ^(.*?;)?(iphone)(;.*)?$ precedence: 2 route: - tags: version: canary Service B version: v1 Pod 1 svca svcb Service A Service B version: v1 Pod 1 oid* ndr t: *A gen r-a Use Use Pod 2 Pod 3 svcb svca Service A Content-based traffic steering Pod 2 Pod 3 r-ag ent: *iph one * Pod 4 svcb version: canary
20 What is a Service Mesh? A network for services, not bytes Observability Resiliency & Efficiency Traffic Control Security Policy Enforcement
21 Securing Services Encryption by default Verifiable identity Secure naming / addressing Revocation
22 Problem: Strong Service Security at Scale Concerns Insiders Hijacked services Microservice attack surface Workload mobility Brittle fine-grained models Securing resources not just endpoints Audit & Compliance Wants Workload mobility Remote admin & development Shared & 3rd party services User & Service identity Lower costs Traditional perimeter security models are insufficient
23 Istio - Security at Scale spiffe.io
24 What is a Service Mesh? A network for services, not bytes Observability Resiliency & Efficiency Traffic Control Security Policy Enforcement
25 Putting it all together Control Plane API Control flow during request processing Pilot Mixer Istio-Auth Discovery & Config data to Envoys TLS certs to Envoy Policy checks, telemetry Pod Envoy Envoy svca svcb Service A Service B
26 What s Mixer For? Nexus for policy evaluation and telemetry reporting Precondition checking Quotas & Rate Limiting Primary point of extensibility Enabler for platform mobility Operator-focused configuration model
27 Attributes - The behavioral vocabulary target.service request.size request.time source.ip source.name source.user api.operation = = = = = = = playlist.svc.cluster.local T12:34:56Z music-fe.serving.cluster.local admin@musicstore.cluster.local GetPlaylist
28 Roadmap Production Readiness Multi-Cloud & Multi-Environment Networking - Extension models, UDP, QUIC, performance,... Moar integrations - ACLs, Telemetry, Audit, Policy,... Security - HSM, Cert & Key stores, federation,... API Management
29 Thanks! Phew
Managing your microservices with Kubernetes and Istio. Craig Box
Managing your microservices with Kubernetes and Istio Craig Box Agenda What is a Service Mesh? How we got here: a story Architecture and details Q&A 2 What is a service mesh? A network for services, not
More informationA Comparision of Service Mesh Options
A Comparision of Service Mesh Options Looking at Istio, Linkerd, Consul-connect Syed Ahmed - CloudOps Inc Introduction About Me Cloud Software Architect @ CloudOps PMC for Apache CloudStack Worked on network
More informationIstio s Mixer: Policy Enforcement with Custom Adapters Limin Wang, Software Engineer, Google Torin Sandall, Software Engineer, Styra
Istio s Mixer: Policy Enforcement with Custom Adapters Limin Wang, Software Engineer, Google Torin Sandall, Software Engineer, Styra Outline Istio and policy (how to enforce your custom policy in Istio)
More informationService Mesh with Istio on Kubernetes. Dmitry Burlea Software FlixCharter
Service Mesh with Istio on Kubernetes Dmitry Burlea Software Developer @ FlixCharter Road to Microservices Monolith (all-in-one) Road to Microservices Images from http://amazon.com/ Road to Microservices
More informationMSB to Support for Carrier Grade ONAP Microservice Architecture. Huabing Zhao, PTL of MSB Project, ZTE
MSB to Support for Carrier Grade ONAP Microservice Architecture Huabing Zhao, PTL of MSB Project, ZTE ONAP Architecture Principle: Microservices ONAP Architecture Principle: ONAP modules should be designed
More informationService Mesh and Related Microservice Technologies in ONAP
Service Mesh and Related Microservice Technologies in ONAP Contributors: Ramki Krishnan (VMware), Srini Addepalli (Intel), Manoj Nair (Net Cracker), Tal Liron (Red Hat), Roger Maitland (Amdocs), Huabing
More informationThe Road to Istio: How IBM, Google and Lyft Joined Forces to Simplify Microservices
The Road to Istio: How IBM, Google and Lyft Joined Forces to Simplify Microservices Dr. Tamar Eilam IBM Fellow @ Watson Research Center, NY eilamt@us.ibm.com @tamareilam The Evolution of Principles (2004-2018)
More informationISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio
ISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio 2018-08-07 PARTY TIME 2018-07-31 Istio hits 1.0!!! ONE STEP CLOSER TO BORING* * http://mcfunley.com/choose-boring-technology
More information& the architecture along the way!
QCon London March 2019 & the architecture along the way! mt165.co.uk Objectives Learn how a packet traverses an Istio//Kubernetes system See what control plane calls are made in that process Build a useful
More informationSQUASH. Debugger for microservices. Idit Levine solo.io
SQUASH Debugger for microservices Idit Levine solo.io About me Idit Levine Founder and CEO of solo.io @Idit_Levine @ilevine The problem: Debugging microservices applications is hard The problem A monolithic
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationEnabling Multi-Cloud with Istio Stretching an Istio service mesh between Public & Private Clouds. John Joyce Robert Li
Enabling Multi-Cloud with Istio Stretching an Istio service mesh between Public & Private Clouds John Joyce Robert Li Introduction Extending an Application across Multiple Clouds Public Cloud microservice
More informationOPENSHIFT 3.7 and beyond
OPENSHIFT 3.7 and beyond Qu est qu un conteneur? APPLICATIONS INFRASTRUCTURE 2 Processus sur un système d exploitation Applications et toutes ses dépendances Plus simple, léger et dense des VMs Portable
More informationClover Overview: Gambia release. April 16, 2018
Clover Overview: Gambia release April 16, 2018 Motivation 1. Future Telecom Services, e.g. 5G s top use cases 50 billion IoT devices by 2020 Exceptional user experience AR/VR Ultra low latency services
More informationSERVERLESS APL. For now this is just research in Cloud technologies in SimCorp A/S.
SERVERLESS APL RESEARCH ON USING SERVERLESS APL IN KUBERNETES APL KUBELESS RUNTIME MARKO VRANIĆ SIMCORP A/S BELFAST, NORTHERN IRELAND, UK 31-10-2018 For now this is just research in Cloud technologies
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationHandling Microservices with Kubernetes - Basic Info
Handling Microservices with Kubernetes - Basic Info This course is for organizations who: you are considering expanding your DevOps skills with a future-proof platform, you want to understand Kubernetes
More informationContainer-Native Applications
Container-Native Applications Security, Logging, Tracing Matthias Fuchs, @hias222 DOAG 2018 Exa & Middleware Days, 2018/06/19 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS
More informationNGINX: From North/South to East/West
NGINX: From North/South to East/West Reducing Complexity with API and Microservices Traffic Management and NGINX Plus Speakers: Alan Murphy, Regional Solution Architect, APAC September, 2018 About NGINX,
More informationOpenShift Container Platform 3.11
OpenShift Container Platform 3.11 Service Mesh Install OpenShift Container Platform 3.11 Service Mesh Installation Guide Last Updated: 2019-01-15 OpenShift Container Platform 3.11 Service Mesh Install
More informationSingapore. Service Proxy, Container Networking & K8s. Acknowledgement: Pierre Pfister, Jerome John DiGiglio, Ray
Singapore Service Proxy, Container Networking & K8s Hongjun Ni Intel Email: hongjun.ni@intel.com Acknowledgement: Pierre Pfister, Jerome Tollet @Cisco John DiGiglio, Ray Kinsella @Intel Agenda What is
More informationENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM
JOINT SOLUTION BRIEF ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM DIAMANTI PLATFORM AT A GLANCE Modern load balancers which deploy as
More informationACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)
This chapter contains the following sections:, on page 1 Alias API Inspector App Center Alias A changeable name for a given object. While the name of an object, once created, cannot be changed, the Alias
More informationCHALLENGES IN A MICROSERVICES AGE: MONITORING, LOGGING AND TRACING ON OPENSHIFT. Martin Etmajer Technology May 4, 2017
CHALLENGES IN A MICROSERVICES AGE: MONITORING, LOGGING AND TRACING ON OPENSHIFT Martin Etmajer Technology Lead @Dynatrace May 4, 2017 WHY A CHALLENGE? Microservice A Microservice B Microservice C Microservice
More informationOpen Java EE and Eclipse MicroProfile - A New Java Landscape for Cloud Native Apps
EclipseCon Europe 2017 Open Java EE and Eclipse MicroProfile - A New Java Landscape for Cloud Native Apps Kevin Sutter MicroProfile and Java EE Architect @kwsutter Emily Jiang MicroProfile Development
More informationCisco ACI Terminology ACI Terminology 2
inology ACI Terminology 2 Revised: May 24, 2018, ACI Terminology Cisco ACI Term Alias API Inspector App Center Application Policy Infrastructure Controller (APIC) Application Profile Atomic Counters Alias
More informationCloud Native Architecture 300. Copyright 2014 Pivotal. All rights reserved.
Cloud Native Architecture 300 Copyright 2014 Pivotal. All rights reserved. Cloud Native Architecture Why What How Cloud Native Architecture Why What How Cloud Computing New Demands Being Reactive Cloud
More informationKubernetes Integration Guide
Kubernetes Integration Guide Cloud-Native Security www.aporeto.com Aporeto Kubernetes Integration Guide The purpose of this document is to describe the features of Aporeto that secure application services
More informationKubernetes 1.8 and Beyond
Kubernetes 1.8 and Beyond Aparna Sinha, Group Product Manager, Google OpenShift Commons Gathering - Austin, Texas Why do users choose Kubernetes? Open Source Community Frequent releases Resource efficiency
More informationMicroservices Implementations not only with Java. Eberhard Wolff Fellow
Microservices Implementations not only with Java Eberhard Wolff http://ewolff.com @ewolff Fellow http://continuous-delivery-buch.de/ http://continuous-delivery-book.com/ http://microservices-buch.de/ http://microservices-book.com/
More informationElastic Load Balancing. User Guide. Date
Date 2018-07-20 Contents Contents 1 Product Description... 4 1.1 What Is Elastic Load Balancing (ELB)?... 4 1.2 Load Balancer Type... 4 1.3 Basic Architecture... 5 1.3.1 Classic Load Balancer... 5 1.3.2
More informationArchitectural Code Analysis. Using it in building Microservices NYC Cloud Expo 2017 (June 6-8)
Architectural Code Analysis Using it in building Microservices NYC Cloud Expo 2017 (June 6-8) Agenda Intro to Structural Analysis Challenges addressed during traditional software development The new world
More informationEclipse MicroProfile: Accelerating the adoption of Java Microservices
Eclipse MicroProfile: Accelerating the adoption of Java Microservices Emily Jiang twitter @emilyfhjiang 10 th October 2017 What is Eclipse MicroProfile? Eclipse MicroProfile is an open-source community
More informationFour times Microservices: REST, Kubernetes, UI Integration, Async. Eberhard Fellow
Four times Microservices: REST, Kubernetes, UI Integration, Async Eberhard Wolff @ewolff http://ewolff.com Fellow http://continuous-delivery-buch.de/ http://continuous-delivery-book.com/ http://microservices-buch.de/
More informationDefining Security for an AWS EKS deployment
Defining Security for an AWS EKS deployment Cloud-Native Security www.aporeto.com Defining Security for a Kubernetes Deployment Kubernetes is an open-source orchestrator for automating deployment, scaling,
More informationDeploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework
White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
More informationZero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks
Zero to Microservices in 5 minutes using Docker Containers Mathew Lodge (@mathewlodge) Weaveworks (@weaveworks) https://www.weave.works/ 2 Going faster with software delivery is now a business issue Software
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationUnified Load Balance. User Guide. Issue 04 Date
Issue 04 Date 2017-09-06 Contents Contents 1 Overview... 1 1.1 Basic Concepts... 1 1.1.1 Unified Load Balance...1 1.1.2 Listener... 1 1.1.3 Health Check... 2 1.1.4 Region...2 1.1.5 Project...2 1.2 Functions...
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationKuberiter White Paper. Kubernetes. Cloud Provider Comparison Chart. Lawrence Manickam Kuberiter Inc
Kuberiter White Paper Kubernetes Cloud Provider Comparison Chart Lawrence Manickam Kuberiter Inc Oct 2018 Executive Summary Kubernetes (K8S) has become the de facto standard for Cloud Application Deployments.
More informationOpenShift 3 Technical Architecture. Clayton Coleman, Dan McPherson Lead Engineers
OpenShift 3 Technical Architecture Clayton Coleman, Dan McPherson Lead Engineers Principles The future of *aas Redefine the Application Networked components wired together Not just a web frontend anymore
More informationCloud I - Introduction
Cloud I - Introduction Chesapeake Node.js User Group (CNUG) https://www.meetup.com/chesapeake-region-nodejs-developers-group START BUILDING: CALLFORCODE.ORG 3 Agenda Cloud Offerings ( Cloud 1.0 ) Infrastructure
More informationTable of Contents DevOps Administrators
DevOps Administrators Table of Contents DevOps Administrators Overview for DevOps Admins Managing Images, Projects, Users Configure a Registry Create Users Assign the Administrator Role Create a Project
More informationHow to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018
How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018 owen@nginx.com All problems in computer science can be solved by another layer of indirection --- David Wheeler, FRS This giant
More informationElastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 01 Date 2018-04-30 HUAWEI TECHNOLOGIES CO., LTD. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
More informationLink Security Considerations in the. Enterprise
Link Security Considerations in the Mahalingam Mani 1 Security in Brief Point Security System Protection: beyond standards Servers upto application level Layer 2 & 3 Network Devices Perimeter Protection
More informationElastic Load Balance. User Guide. Issue 14 Date
Issue 14 Date 2018-02-28 Contents Contents 1 Overview... 1 1.1 Basic Concepts... 1 1.1.1 Elastic Load Balance... 1 1.1.2 Public Network Load Balancer...1 1.1.3 Private Network Load Balancer... 2 1.1.4
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationTechnologies for the future of Network Insight and Automation
Technologies for the future of Network Insight and Automation Richard Wade (ricwade@cisco.com) Technical Leader, Asia-Pacific Infrastructure Programmability This Session s Context Service Creation Service
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
CNA2080BU Deep Dive: How to Deploy and Operationalize Kubernetes Cornelia Davis, Pivotal Nathan Ness Technical Product Manager, CNABU @nvpnathan #VMworld #CNA2080BU Disclaimer This presentation may contain
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationDelivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift. November, 2017
Delivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift November, 2017 Klaus Oxdal Channel Director klaus@nginx.com The Big Shift Architectural Changes: Monolith import myapp.driver
More informationElastic Load Balancing
Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th,
More informationWHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.
WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud www.cloudcheckr.com TABLE OF CONTENTS Overview 3 What Is ELB? 3 How ELB Works 4 Classic Load Balancer 5 Application
More informationMicroservices. GCPUG Tokyo Kubernetes Engine
Microservices On GKE At Mercari GCPUG Tokyo Kubernetes Engine Day @deeeet @deeeet Background Start with Monolith Small Overhead for cross domains Reusable code across domains Effective operation by SRE
More informationDynamic App Services in Containerized Environments
Dynamic App Services in Containerized Environments F5 Government Technology Symposium Mark Dittmer Sr Product Management Engineer Understanding the Container Market and Customer Challenges 1 Organization
More informationSpring Cloud, Spring Boot and Netflix OSS
Spring Cloud, Spring Boot and Netflix OSS Spencer Gibb twitter: @spencerbgibb email: sgibb@pivotal.io Dave Syer twitter: @david_syer email: dsyer@pivotal.io (Spring Boot and Netflix OSS or Spring Cloud
More informationEasily Secure your Microservices with Keycloak. Sébastien Blanc Red
Easily Secure your Microservices with Keycloak Sébastien Blanc Red Hat @sebi2706 Keycloak? Keycloak is an open source Identity and Access Management solution aimed at modern applications and services.
More informationSecurely Access Services Over AWS PrivateLink. January 2019
Securely Access Services Over AWS PrivateLink January 2019 Notices This document is provided for informational purposes only. It represents AWS s current product offerings and practices as of the date
More informationCONTRAIL SECURITY. Contrail Cloud Networking & Security
CONTRAIL SECURITY Aniket Daptari Sr. Product Manager Contrail Cloud Networking & Security Scott Sneddon Senior Director Cloud and SDN This statement of direction sets forth Juniper Networks current intention
More informationTitle DC Automation: It s a MARVEL!
Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationTechnical Brief. A Checklist for Every API Call. Managing the Complete API Lifecycle
Technical Brief A Checklist for Table of Contents Introduction: The API Lifecycle 2 3 Security professionals API developers Operations engineers API product or business owners Apigee Edge 7 A Checklist
More informationMicroservices mit Java, Spring Boot & Spring Cloud. Eberhard Wolff
Microservices mit Java, Spring Boot & Spring Cloud Eberhard Wolff Fellow @ewolff What are Microservices? Micro Service: Definition > Small > Independent deployment units > i.e. processes or VMs > Any technology
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationIntent Driven Network Operations with AppFormix Advanced Analytics Platform. Joseph Li
Intent Driven Network Operations with AppFormix Advanced Analytics Platform Joseph Li This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationCloud Service Engine. Product Description. Issue 01 Date
Issue 01 Date 2018-04-09 Contents Contents 1 Overview... 1 2 Functions... 2 3 Advantages...3 4 Application Scenarios...6 5 Terms...7... 12 6.1 LocalServiceCenter... 12 6.2 Java SDK... 13 6.3 Go SDK...
More informationEASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER
EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER 2 WHY KUBERNETES? Kubernetes is an open-source container orchestrator for deploying and managing containerized applications. Building on 15 years of experience
More informationCatalyst. Uber s Serverless Platform. Shawn Burke - Staff Engineer Uber Seattle
Catalyst Uber s Serverless Platform Shawn Burke - Staff Engineer Uber Seattle Why Serverless? Complexity! Microservices, Languages, Client Libs, Tools Product teams have basic infrastructure needs Stable,
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
CNA1142BE Developer-Ready Infrastructure from VMware and Pivotal Merlin Glynn (Vmware) Ramiro Salas (Pivotal) #VMworld #CNA1142BE Disclaimer This presentation may contain product features that are currently
More informationSelf-driving Datacenter: Analytics
Self-driving Datacenter: Analytics George Boulescu Consulting Systems Engineer 19/10/2016 Alvin Toffler is a former associate editor of Fortune magazine, known for his works discussing the digital revolution,
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
CNA1509BU Developer-Ready Infrastructure from VMware and Pivotal Merlin Glynn, VMware Ramiro Salas, Pivotal #VMworld #CNA1509BU Disclaimer This presentation may contain product features that are currently
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationProject Calico v3.2. Overview. Architecture and Key Components. Project Calico provides network security for containers and virtual machine workloads.
Project Calico v3.2 Overview Benefits Simplicity. Traditional Software Defined Networks (SDNs) are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationOverview SENTINET 3.1
Overview SENTINET 3.1 Overview 1 Contents Introduction... 2 Customer Benefits... 3 Development and Test... 3 Production and Operations... 4 Architecture... 5 Technology Stack... 7 Features Summary... 7
More informationKubernetes 1.9 Features and Future
OpenShift Commons Briefing: Kubernetes 1.9 Features and Future Derek Carr - Lead Engineer, Kubernetes What s new this time around? RELEASE STATS Shorter release (end of year) 6000+ pull requests merged
More informationMobile Cloud Computing Challenges and Solutions
Mobile Cloud Computing Challenges and Solutions Rohit Bhardwaj Principal Cloud Engineer, Kronos Inc. Twitter: rbhardwaj1 Roadmap Mobile cloud challenges Case studies: Uber, Twitter Availability, scalability,
More informationLet s say that hosting a cloudbased application is like car ownership
Let s say that hosting a cloudbased application is like car ownership Azure App Service App Service Features & Capabilities All features and capabilities are shared across all of App Service application
More informationEclipse MicroProfile with Thorntail (formerly WildFly Swarm)
Eclipse MicroProfile with Thorntail (formerly WildFly Swarm) John Clingan Senior Principal Product Manager Ken Finnigan Senior Principal Software Engineer EVOLUTION OF MICROSERVICES (2014 -?) Application
More informationThe Path to GPU as a Service in Kubernetes Renaud Gaubert Lead Kubernetes Engineer
The Path to GPU as a Service in Kubernetes Renaud Gaubert , Lead Kubernetes Engineer May 03, 2018 RUNNING A GPU APPLICATION Customers using DL DL Application RHEL 7.3 CUDA 8.0 Driver 375
More informationACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU
ACI Multi-Site Architecture and Deployment Max Ardica Principal Engineer - INSBU Agenda ACI Network and Policy Domain Evolution ACI Multi-Site Deep Dive Overview and Use Cases Introducing ACI Multi-Site
More informationOverview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP
Networking in AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationMore Containers, More Problems
More Containers, More Problems Ed Rooth @sym3tri ed.rooth@coreos.com coreos.com Agenda 1. 2. 3. 4. Define problems Define vision of the solution How CoreOS is building solutions How you can get started
More informationVirtual Private Cloud. User Guide. Issue 03 Date
Issue 03 Date 2016-10-19 Change History Change History Release Date What's New 2016-10-19 This issue is the third official release. Modified the following content: Help Center URL 2016-07-15 This issue
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationKubernetes. Introduction
Kubernetes Introduction WOJCIECH BARCZYŃSKI (hiring) Senior Software Engineer Lead of Warsaw Team - SMACC System Engineer background Interests: working software Hobby: teaching software engineering BACKGROUND
More informationSecuring Microservice Interactions in Openstack and Kubernetes
Securing Microservice Interactions in Openstack and Kubernetes Yoshio Turner & Jayanth Gummaraju Co- Founders @ Banyan https://www.banyanops.com Banyan Founded in the middle of 2015 In San Francisco, CA
More informationRecent Enhancements to Cloud Foundry Routing. Route Services and TCP Routing
Recent Enhancements to Cloud Foundry Routing Route Services and TCP Routing Shannon Coen Pivotal @shalako The CF Routing Team Chris Pivotal Leo GE Mark IBM Shash Pivotal Edwin Pivotal Alumni: Atul GE Fermin
More informationStarting the Avalanche:
Starting the Avalanche: Application DoS In Microservice Architectures Scott Behrens Jeremy Heffner Introductions Scott Behrens Netflix senior application security engineer Breaking and building for 8+
More informationCisco ACI vcenter Plugin
This chapter contains the following sections: About Cisco ACI with VMware vsphere Web Client, page 1 Getting Started with, page 2 Features and Limitations, page 7 GUI, page 12 Performing ACI Object Configurations,
More informationCisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH
Cisco Tetration Analytics Demo Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH Agenda Introduction Theory Demonstration Innovation Through Engineering
More informationBuilding a Kubernetes on Bare-Metal Cluster to Serve Wikipedia. Alexandros Kosiaris Giuseppe Lavagetto
Building a Kubernetes on Bare-Metal Cluster to Serve Wikipedia Alexandros Kosiaris Giuseppe Lavagetto Introduction The Wikimedia Foundation is the organization running the infrastructure supporting Wikipedia
More informationVitess on Kubernetes. followed by a demo of VReplication. Jiten Vaidya
Vitess on Kubernetes followed by a demo of VReplication Jiten Vaidya jiten@planetscale.com A word about me... Jiten Vaidya - Managed teams that operationalized Vitess at Youtube CEO at PlanetScale Founded
More informationIntroduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike
Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations
More information