Big Data Security. Facing the challenge
|
|
- Aubrey Parrish
- 6 years ago
- Views:
Transcription
1 Big Data Security Facing the challenge
2 Experience the presentation xlic.es/v/e98605
3 About me Father of a 5 year old child Technical leader in Architecture and Security team at Stratio Sailing skipper 3
4 In your opinion, how difficult is it to manage security in your projects? Very difficult Difficult Easy Very Easy What is security? 4
5 PROJECTS FOR EVER ONGOING IN BIG COMPANIES HUNDRED OF MILLIONS OF EUROS SPENT DURING THE YEARS IN GLOBAL IT CROSS INITIATIVES CRM Towers Watson In a monolithic application centric it with data silos these initiatives never get accomplished Earnix (Pricing) SAS Oracle Mainframe WebFocus DATA GOVERNANCE LOGS CENTRALIZATION MONITORING Data Warehouse ERP Lab H0 (Plataforma Big Data compartida por el grupo) DATA SECURITY SECURITY AUDIT
6 PROJECTS FOR EVER ONGOING IN BIG COMPANIES 1 4 DATA GOVERNANCE LOGS CENTRALIZATION 5 MONITORING 2 3 DATA SECURITY AUDIT
7 PROJECTS FOR EVER ONGOING IN BIG COMPANIES 1 4 DATA GOVERNANCE LOGS CENTRALIZATION 5 MONITORING 2 3 DATA SECURITY AUDIT
8 PROJECTS FOR EVER ONGOING IN BIG COMPANIES 1 4 DATA GOVERNANCE LOGS CENTRALIZATION 5 MONITORING 2 3 ETL DATA SECURITY AUDIT
9 GALGO CHASING ELECTRONIC RABBIT COMPANIES ALWAYS TRY TO GET THE RABBIT DATA GOVERNANCE LOGS DATA CENTRALIZATION MONITORING SECURITY SECURITY AUDIT In an application centric company with data silos you never will be able to achieve successfully those projects
10 STRUCTURAL INITIATIVES ARE SOLVED COMPLETELY WITH DATA CENTRIC Functionalities Implemented in the product DaaS (data as a service) Data Intelligence DATA GOVERNANCE LOGS CENTRALIZATION MONITORING Data DATA SECURITY SECURITY AUDIT
11 RABBIT IN A JAIL MINIMUM EFFORT AND COST TO GET THE RABBIT
12 Facing the challenge 12
13 SECURITY IN A DATA CENTRIC Protect the data Protect the service Perimeter security to access the cluster. Support identity management and authentication to prove that a user/service is who claims to be. In a multi-data store platform ACLs should be centralized to simplified the correct authorization to different data stores. Audit events must be centralized to control misuse of the cluster in real time. Data integrity and confidentiality in network communications to protect data on the fly. Perimeter security to access the cluster. Support identity management and authentication to prove that a user/service is who claims to be. A user/service should be authorized so more resources than expected are not used. A user/service should not interfere with other users/services when it is not needed. To control the use of resources, it should be audited. 13
14 INFRAS Stratio DataCentric A P P S Standalone Applications Standalone Applications Apps with Microservices Docker Apps with Microservices Apps Apps Docker Docker Docker DaaS Microservices Docker Data Intelligence as a Service Microservices Docker SQL VAULT STRATIO EOS (Enterprise Operating System) Kafka Zookeeper DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION MARATHON CONSUL DOCKER SERVICE DISCOVERY CONTAINERS TERRAFORM NODE PROVISIONING CALICO NETWORK ISOLATION BAREMETAL PRIVATE CLOUD PUBLIC CLOUD
15 INFRAS Stratio DataCentric A P P S Standalone Applications Standalone Applications Apps with Microservices Docker Apps with Microservices Apps Apps Docker Docker Docker DaaS Microservices Docker Data Intelligence as a Service Microservices Docker SQL VAULT STRATIO EOS (Enterprise Operating System) Kafka Zookeeper DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION MARATHON CONSUL DOCKER SERVICE DISCOVERY CONTAINERS TERRAFORM NODE PROVISIONING CALICO NETWORK ISOLATION BAREMETAL PRIVATE CLOUD PUBLIC CLOUD
16 INFRAS Stratio DataCentric A P P S Standalone Applications Standalone Applications Apps with Microservices Docker Apps with Microservices Apps Apps Docker Docker Docker DaaS Microservices Docker Data Intelligence as a Service Microservices Docker SQL VAULT STRATIO EOS (Enterprise Operating System) Kafka Zookeeper DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION MARATHON CONSUL DOCKER SERVICE DISCOVERY CONTAINERS TERRAFORM NODE PROVISIONING CALICO NETWORK ISOLATION BAREMETAL PRIVATE CLOUD PUBLIC CLOUD
17 INFRAS Stratio DataCentric A P P S Standalone Applications Standalone Applications Apps with Microservices Docker Apps with Microservices Apps Apps Docker Docker Docker DaaS Microservices Docker Data Intelligence as a Service Microservices Docker SQL VAULT STRATIO EOS (Enterprise Operating System) Kafka Zookeeper DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION MARATHON CONSUL DOCKER SERVICE DISCOVERY CONTAINERS TERRAFORM NODE PROVISIONING CALICO NETWORK ISOLATION BAREMETAL PRIVATE CLOUD PUBLIC CLOUD
18 INFRAS Stratio DataCentric A P P S Standalone Applications Standalone Applications Apps with Microservices Docker Apps with Microservices Apps Apps Docker Docker Docker DaaS Microservices Docker Data Intelligence as a Service Microservices Docker SQL VAULT STRATIO EOS (Enterprise Operating System) Kafka Zookeeper DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION MARATHON CONSUL DOCKER SERVICE DISCOVERY CONTAINERS TERRAFORM NODE PROVISIONING CALICO NETWORK ISOLATION BAREMETAL PRIVATE CLOUD PUBLIC CLOUD
19 SECURITY OVERVIEW In order to guide the security priorities in the product roadmap, we are focused on helping to comply with LOPD within the platform. Every release of the Stratio platform, the security status is notified through: Results of the OWASP tests for the main components of the platform. Results of additional general purpose security tests defined to assure the quality expected. Security Risk Report that includes the known issues found. When Critical and High issues are found: We explain how can be mitigated. We plan to solve them during the next release. 19
20 PERIMETER SECURITY: NETWORKING Public Network Admin network Admin Router Admin network Admin Router Public Agents The default network configuration allows a zone-based network security design: Public. Admin. Private. Using Mesos roles to identify nodes ensures that only tasks specifically configured with this role will be executed outside the Private zone. Master Nodes Private network Private Agents Using Marathon labels, endpoints can be registered dynamically: Admin Router for the Admin zone. Marathon LB for the Public zone. 20
21 AUTHENTICATION, AUTHORIZATION AND AUDIT The solution is integrated with LDAP and Kerberos owned by the company where Stratio DCS is installed. Authentication: Web: OAuth2. Services & Data Stores: Kerberos or TLS-Mutual. Authorization: OAuth2 gosec Management: API Rest and website used to manage roles, profiles and ACLs. Also it shows users, groups and audit data. Audit: authentication and authorization events are structured and stored in a data bus (Kafka) to be computed and collected. 21
22 AUTHENTICATION, AUTHORIZATION AND AUDIT Plugins are lightweight programs running within processes of each cluster component. They are responsible for: Authorization (using gosec ACLs). Audit of every request sent to the component. Currently plugins have been developed for: Crossdata Sparta Kafka Zookeeper Elasticsearch HDFS 22
23 KEY MANAGEMENT SYSTEM It is a good practice to manage secretes by key management system instead of store them locally. For this purpose Stratio DCS uses HashiCorp Vault 23
24 KEY MANAGEMENT SYSTEM the secret of secrets Can applications obtain authentication tokens in a secure way? Where applications save vault s tokens? How are tokens protected? How will I know if someone steal tokens? First secret management Mesos Application Admin Marathon 24
25 KEY MANAGEMENT SYSTEM the secret of secrets Can applications obtain authentication tokens in a secure way? Where applications save vault s tokens? How are tokens protected? How will I know if someone steal tokens? First secret management one time secret Mesos Application Admin Marathon Run Application Env: one time secret 25
26 KEY MANAGEMENT SYSTEM the secret of secrets Can applications obtain authentication tokens in a secure way? Where applications save vault s tokens? How are tokens protected? How will I know if someone steal tokens? token < - > ACL First secret management one time secret login Mesos Application Admin Marathon Run Application Env: one time secret 26
27 KEY MANAGEMENT SYSTEM the secret of secrets Can applications obtain tokens in a secure way? Where applications save vault s tokens? How are tokens guarded? How will I know if someone steal tokens? First secret management one time secret Mesos Application Admin Marathon Run Application Env: one time secret 27
28 KEY MANAGEMENT SYSTEM the secret of secrets Can applications obtain tokens in a secure way? Where applications save vault s tokens? How are tokens guarded? How will I know if someone steal tokens? First secret management one time secret login Mesos Application Admin Marathon Run Application Env: one time secret 28
29 KEY MANAGEMENT SYSTEM the secret of secrets Can applications obtain tokens in a secure way? Where applications save vault s tokens? How are tokens guarded? How will I know if someone steal tokens? First secret management one time secret login Mesos Application Admin Marathon Run Application Env: one time secret 29
30 KEY MANAGEMENT SYSTEM the secret of secrets Can applications obtain tokens in a secure way? Where applications save vault s tokens? How are tokens guarded? How will I know if someone steal tokens? Logs Alert First secret management one time secret login Mesos Application Admin Marathon Run Application Env: one time secret 30
31 DATA PROCESSING ENGINE: SPARK Spark jobs need access to multiple data stores so that Spark needs to support the security of Stratio DCS. Spark 2.x compilation has been modified by Stratio in order to: Access secrets that are stored in the KMS. Allow access to Kerberized HDFS. Allow access to PostgreSQL with TLS authentication. Allow access to Elasticsearch TLS authentication. Allow access to Kafka with TLS authentication. 31
32 PROTECT THE DATA - use case - Perimeter security Authentication, Authorization, Audit Ciphered communications TABLEAU Admin PUBLIC NETWORK ADMIN NETWORK MARATHON-LB PRIVATE NETWORK ZOOKEEPER KMS ZOOKEEPER GOSEC MANAGEMENT GOSSEC SSO ADMIN ROUTER LDAP KERBEROS AUDIT KAFKA HDFS 32
33 PROTECT THE DATA - use case - Perimeter security Authentication, Authorization, Audit Ciphered communications TABLEAU Admin PUBLIC NETWORK ADMIN NETWORK MARATHON-LB PRIVATE NETWORK ZOOKEEPER KMS ZOOKEEPER GOSEC MANAGEMENT GOSSEC SSO ADMIN ROUTER LDAP KERBEROS AUDIT KAFKA HDFS 33
34 PROTECT THE DATA - use case - Perimeter security Authentication, Authorization, Audit Ciphered communications TABLEAU Admin PUBLIC NETWORK ADMIN NETWORK MARATHON-LB PRIVATE NETWORK ZOOKEEPER KMS ZOOKEEPER GOSEC MANAGEMENT GOSSEC SSO ADMIN ROUTER LDAP KERBEROS AUDIT KAFKA HDFS 34
35 PROTECT THE DATA - use case - Perimeter security Authentication, Authorization, Audit Ciphered communications TABLEAU Admin PUBLIC NETWORK ADMIN NETWORK MARATHON-LB PRIVATE NETWORK ZOOKEEPER KMS ZOOKEEPER GOSEC MANAGEMENT GOSSEC SSO ADMIN ROUTER LDAP KERBEROS AUDIT KAFKA HDFS 35
36 PROTECT THE DATA - use case - Perimeter security Authentication, Authorization, Audit Ciphered communications TABLEAU Admin PUBLIC NETWORK ADMIN NETWORK MARATHON-LB PRIVATE NETWORK ZOOKEEPER KMS ZOOKEEPER GOSEC MANAGEMENT GOSSEC SSO ADMIN ROUTER LDAP KERBEROS AUDIT KAFKA HDFS 36
37 PROTECT THE DATA - use case - Perimeter security Authentication, Authorization, Audit Ciphered communications TABLEAU Admin PUBLIC NETWORK ADMIN NETWORK MARATHON-LB PRIVATE NETWORK ZOOKEEPER KMS ZOOKEEPER GOSEC MANAGEMENT GOSSEC SSO ADMIN ROUTER LDAP KERBEROS AUDIT KAFKA HDFS 37
38 MULTI-TENANCY CAPABILITIES: RESOURCES ISOLATION Stratio DCS cluster resources (memory, disk, cpus and port ranges) are managed by Mesos. Mesos, Marathon and Metronome security can be activated post-installation in order to limit the use of the available resources for each framework. Once it is activated, admins will be able to: Reserve resources for a Mesos role. Grant permissions for each user/framework to do actions such as register frameworks, run tasks, reserve resources, create volumes, etc. Grant a minimum set of resources to a specific mesos role Mesos Cluster MASTER Marathon AGENT 1 role=slave_public AGENT 2 role=* AGENT 3 role=postgresql AGENT 4 role=* AGENT 5 role=* 38
39 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION What about network isolation into containerized world? For this purpose Stratio DCS uses Project Calico 39
40 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION Virtual networks topologies can be created dynamically. Virtual networks topologies can be managed by network policies. Virtual networks can manage all Mesos supported containerized technologies. Virtual networks barely impacts big data performance. Frameworks/apps are authorized into a network. Frameworks/apps can be isolated into a virtual network. Frameworks/apps IP addresses and ports are managed by instance. 40
41 Network Isolation components Stratio Confidential, All Rights Reserved. 41
42 Network Isolation Virtual Networks Stratio Confidential, All Rights Reserved. 42
43 Network Isolation Integration Stratio Confidential, All Rights Reserved. 43
44 PROTECT THE SERVICE - use case - Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) MESOS Admin CALICO & DOCKER ENGINE 44
45 PROTECT THE SERVICE - use case - Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) At least 1 core, 1GB to framework 1 MESOS Admin CALICO & DOCKER ENGINE 45
46 PROTECT THE SERVICE - use case - Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) At least 1 core, 1GB to framework 1 MESOS Admin net_2: Deny from framework 1 CALICO & DOCKER ENGINE 46
47 PROTECT THE SERVICE - use case - Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) User 2. Launches FRAMEWORK 1 User 2. Launches FRAMEWORK 2 At least 1 core, 1GB to framework 1 MESOS Admin net_2: Deny from framework 1 CALICO & DOCKER ENGINE NETWORK A 0.5 CORES 1Gb RAM CONTAINER 1 CONTAINER 2 NETWORK B 2 CORES 5Gb RAM 47
48 PROTECT THE SERVICE - use case - Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) User 2. Launches FRAMEWORK 1 User 2. Launches FRAMEWORK 2 At least 1 core, 1GB to framework 1 MESOS Admin net_2: Deny from framework 1 CALICO & DOCKER ENGINE NETWORK A 0.5 CORES 1Gb RAM CONTAINER 1 CONTAINER 2 NETWORK B 2 CORES 5Gb RAM 48
49 MULTI-DATA CENTER - a use case - 49
50
51
Service Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationArmon HASHICORP
Nomad Armon Dadgar @armon Cluster Manager Scheduler Nomad Cluster Manager Scheduler Nomad Schedulers map a set of work to a set of resources Work (Input) Resources Web Server -Thread 1 Web Server -Thread
More informationNetworking & Security for Mesos
Sponsored by Networking & Security for Mesos AN IP FOR EVERY CONTAINER AND MORE! Christopher Liljenstolpe February 24, 2016 The #1 Challenge for Cloud? Recent data breaches due to hacking or poor security
More informationBuilding a Data-Friendly Platform for a Data- Driven Future
Building a Data-Friendly Platform for a Data- Driven Future Benjamin Hindman - @benh 2016 Mesosphere, Inc. All Rights Reserved. INTRO $ whoami BENJAMIN HINDMAN Co-founder and Chief Architect of Mesosphere,
More informationSECURING A MARATHON INSTALLATION 2016
MesosCon EU 2016 - Gastón Kleiman SECURING A MARATHON INSTALLATION 2016 2016 Mesosphere, Inc. All Rights Reserved. 1 Gastón Kleiman Distributed Systems Engineer Marathon/Mesos contributor gaston@mesosphere.io
More informationIssues Fixed in DC/OS
Release Notes for 1.10.4 These are the release notes for DC/OS 1.10.4. DOWNLOAD DC/OS OPEN SOURCE Issues Fixed in DC/OS 1.10.4 CORE-1375 - Docker executor does not hang due to lost messages. DOCS-2169
More informationStreamSets Control Hub Installation Guide
StreamSets Control Hub Installation Guide Version 3.2.1 2018, StreamSets, Inc. All rights reserved. Table of Contents 2 Table of Contents Chapter 1: What's New...1 What's New in 3.2.1... 2 What's New in
More informationAdvanced Continuous Delivery Strategies for Containerized Applications Using DC/OS
Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS ContainerCon @ Open Source Summit North America 2017 Elizabeth K. Joseph @pleia2 1 Elizabeth K. Joseph, Developer Advocate
More informationUsing DC/OS for Continuous Delivery
Using DC/OS for Continuous Delivery DevPulseCon 2017 Elizabeth K. Joseph, @pleia2 Mesosphere 1 Elizabeth K. Joseph, Developer Advocate, Mesosphere 15+ years working in open source communities 10+ years
More informationContainer-Native Applications
Container-Native Applications Security, Logging, Tracing Matthias Fuchs, @hias222 DOAG 2018 Exa & Middleware Days, 2018/06/19 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS
More informationFROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS
FROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS Carlos Sanchez @csanchez Watch online at carlossg.github.io/presentations ABOUT ME Senior So ware Engineer @ CloudBees Author of Jenkins Kubernetes plugin
More informationBaremetal with Apache CloudStack
Baremetal with Apache CloudStack ApacheCon Europe 2016 Jaydeep Marfatia Cloud, IOT and Analytics Me Director of Product Management Cloud Products Accelerite Background Project lead for open source project
More informationHow to Keep UP Through Digital Transformation with Next-Generation App Development
How to Keep UP Through Digital Transformation with Next-Generation App Development Peter Sjoberg Jon Olby A Look Back, A Look Forward Dedicated, data structure dependent, inefficient, virtualized Infrastructure
More informationIBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture
IBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture Big data analytics involves processing large amounts of data that cannot be handled by conventional systems. The IBM
More informationCisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany
Cisco Cloud Strategy Uwe Müller Leader PreSales Cloud & Datacenter Germany 277X Data created by IoE devices v. end-user 30M New devices connected every week 180B Mobile apps downloaded in 2015 78% Workloads
More informationSCALING LIKE TWITTER WITH APACHE MESOS
Philip Norman & Sunil Shah SCALING LIKE TWITTER WITH APACHE MESOS 1 MODERN INFRASTRUCTURE Dan the Datacenter Operator Alice the Application Developer Doesn t sleep very well Loves automation Wants to control
More information@joerg_schad Nightmares of a Container Orchestration System
@joerg_schad Nightmares of a Container Orchestration System 2017 Mesosphere, Inc. All Rights Reserved. 1 Jörg Schad Distributed Systems Engineer @joerg_schad Jan Repnak Support Engineer/ Solution Architect
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationScale your Docker containers with Mesos
Scale your Docker containers with Mesos Timothy Chen tim@mesosphere.io About me: - Distributed Systems Architect @ Mesosphere - Lead Containerization engineering - Apache Mesos, Drill PMC / Committer
More informationDeploying Applications on DC/OS
Mesosphere Datacenter Operating System Deploying Applications on DC/OS Keith McClellan - Technical Lead, Federal Programs keith.mcclellan@mesosphere.com V6 THE FUTURE IS ALREADY HERE IT S JUST NOT EVENLY
More informationOrchestration Ownage: Exploiting Container-Centric Datacenter Platforms
SESSION ID: CSV-R03 Orchestration Ownage: Exploiting Container-Centric Datacenter Platforms Bryce Kunz Senior Threat Specialist Adobe Mike Mellor Director, Information Security Adobe Intro Mike Mellor
More informationMesosphere and Percona Server for MongoDB. Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere)
Mesosphere and Percona Server for MongoDB Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere) Mesosphere DC/OS MICROSERVICES, CONTAINERS, & DEV TOOLS
More informationMesosphere and Percona Server for MongoDB. Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere)
Mesosphere and Percona Server for MongoDB Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere) Mesosphere DC/OS MICROSERVICES, CONTAINERS, & DEV TOOLS DATA SERVICES,
More information271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA
Contacting Leostream Leostream Corporation http://www.leostream.com 271 Waverley Oaks Rd. Telephone: +1 781 890 2019 Suite 206 Waltham, MA 02452 USA To submit an enhancement request, email features@leostream.com.
More informationJourney to the Private Cloud
1 Journey to the Private Sanjay Mirchandani Senior Vice President and Chief Information Officer, EMC Corporation IT & Global Centers of Excellence 2 EMC Corporation: At a Glance Revenues (2009): Net Income
More informationMarathon & Metronome Mesosphere, Inc. All Rights Reserved. 1
Marathon & Metronome 2016 Mesosphere, Inc. All Rights Reserved. 1 About Marathon & Metronome Marathon Framework for long running services Metronome Framework for scheduled or one-off jobs 2016 Mesosphere,
More informationLenses 2.1 Enterprise Features PRODUCT DATA SHEET
Lenses 2.1 Enterprise Features PRODUCT DATA SHEET 1 OVERVIEW DataOps is the art of progressing from data to value in seconds. For us, its all about making data operations as easy and fast as using the
More informationDatabase Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.
Database Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationWhat s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect
What s New in Red Hat OpenShift Container Platform 3.4 Torben Jäger Red Hat Solution Architect OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9 Red Hat
More informationDeveloping Microsoft Azure Solutions
1 Developing Microsoft Azure Solutions Course Prerequisites A general understanding of ASP.NET and C# concepts Upon Completion of this Course, you will accomplish following: Compare the services available
More informationApplication Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015
Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services Redhat Summit 2015 Agenda Introduction Why Application Centric Application Deployment Options What is Microservices Infrastructure
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationNews and Updates June 1, 2017
Microsoft Azure News and Updates June 1, 2017 Azure Backup for Windows Server System State Modern Backup Storage with Azure Backup Server v2 vcenter/esxi 6.5 support for Azure Backup Server Larger Disk
More informationDistributed Data on Distributed Infrastructure. Claudius Weinberger & Kunal Kusoorkar, ArangoDB Jörg Schad, Mesosphere
Distributed Data on Distributed Infrastructure Claudius Weinberger & Kunal Kusoorkar, ArangoDB Jörg Schad, Mesosphere Kunal Kusoorkar Director Solutions Engineering, ArangoDB @neunhoef Jörg Schad Claudius
More informationEnabling Cloud Adoption. Addressing the challenges of multi-cloud
Enabling Cloud Adoption Addressing the challenges of multi-cloud Introduction Organizations of all sizes are adopting cloud for application workloads. These organizations are looking to avoid the costs
More informationSecuring Microservice Interactions in Openstack and Kubernetes
Securing Microservice Interactions in Openstack and Kubernetes Yoshio Turner & Jayanth Gummaraju Co- Founders @ Banyan https://www.banyanops.com Banyan Founded in the middle of 2015 In San Francisco, CA
More informationZero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks
Zero to Microservices in 5 minutes using Docker Containers Mathew Lodge (@mathewlodge) Weaveworks (@weaveworks) https://www.weave.works/ 2 Going faster with software delivery is now a business issue Software
More informationCentrify Identity Services for AWS
F R E Q U E N T L Y A S K E D Q U E S T I O N S Centrify Identity Services for AWS Service Description and Capabilities What is included with Centrify Identity Services for AWS? Centrify Identity Services
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationCONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS
APACHE MESOS NYC MEETUP SEPTEMBER 22, 2016 CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS WHO WE ARE ROGER IGNAZIO SUNIL SHAH Tech Lead at Mesosphere @rogerignazio Product Manager at Mesosphere @ssk2
More informationCONTINUOUS DELIVERY WITH DC/OS AND JENKINS
SOFTWARE ARCHITECTURE NOVEMBER 15, 2016 CONTINUOUS DELIVERY WITH DC/OS AND JENKINS AGENDA Presentation Introduction to Apache Mesos and DC/OS Components that make up modern infrastructure Running Jenkins
More informationBuilding Kubernetes cloud: real world deployment examples, challenges and approaches. Alena Prokharchyk, Rancher Labs
Building Kubernetes cloud: real world deployment examples, challenges and approaches Alena Prokharchyk, Rancher Labs Making a right choice is not easy The illustrated children guide to Kubernetes https://www.youtube.com/watch?v=4ht22rebjno
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
CNA2080BU Deep Dive: How to Deploy and Operationalize Kubernetes Cornelia Davis, Pivotal Nathan Ness Technical Product Manager, CNABU @nvpnathan #VMworld #CNA2080BU Disclaimer This presentation may contain
More informationImportant DevOps Technologies (3+2+3days) for Deployment
Important DevOps Technologies (3+2+3days) for Deployment DevOps is the blending of tasks performed by a company's application development and systems operations teams. The term DevOps is being used in
More informationTEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist
TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationREFERENCE ARCHITECTURE DEPLOYING PORTWORX PX-ENTERPRISE ON MESOSPHERE DC/OS
Reference Architecture REFERENCE ARCHITECTURE DEPLOYING PORTWORX PX-ENTERPRISE ON MESOSPHERE DC/OS 1 Mesosphere, Inc. Executive Summary 3 Introduction: The benefits and challenges of modern containerized
More informationAzure Active Directory from Zero to Hero
Azure Active Directory from Zero to Hero Azure &.NET Meetup Freiburg, 2018 Esmaeil Sarabadani What we cover today Overview on Azure AD Differences between on-prem AD and Azure AD Azure AD usage scenarios
More informationCustomer s journey into the private cloud with Cisco Enterprise Cloud Suite
Customer s journey into the private cloud with Cisco Enterprise Cloud Suite Peter Charpentier, Senior Solution Architect, Cisco AS Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker
More informationUpcoming Services in OpenStack Rohit Agarwalla, Technical DEVNET-1102
Upcoming Services in OpenStack Rohit Agarwalla, Technical Leader roagarwa@cisco.com, @rohitagarwalla DEVNET-1102 Agenda OpenStack Overview Upcoming Services Trove Sahara Ironic Magnum Kolla OpenStack Overview
More informationNetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.
Privileged Account Manager 3.5 Release Notes July 2018 NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues. Many of these improvements were
More informationJohn Heimann Director, Security Product Management Oracle Corporation
John Heimann Director, Security Product Management Oracle Corporation Oracle9i Application Server v2 Security What s an Application Server? Development and deployment environment Web(HTML,XML,SOAP) J2EE
More informationMESOS A State-Of-The-Art Container Orchestrator Mesosphere, Inc. All Rights Reserved. 1
MESOS A State-Of-The-Art Container Orchestrator 2016 Mesosphere, Inc. All Rights Reserved. 1 About me Jie Yu (@jie_yu) Tech Lead at Mesosphere Mesos PMC member and committer Formerly worked at Twitter
More informationHashiCorp Vault on the AWS Cloud
HashiCorp Vault on the AWS Cloud Quick Start Reference Deployment November 2016 Last update: April 2017 (revisions) Cameron Stokes, HashiCorp, Inc. Tony Vattathil and Brandon Chavis, Amazon Web Services
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More information利用 Mesos 打造高延展性 Container 環境. Frank, Microsoft MTC
利用 Mesos 打造高延展性 Container 環境 Frank, Microsoft MTC About Me Developer @ Yahoo! DevOps @ HTC Technical Architect @ MSFT Agenda About Docker Manage containers Apache Mesos Mesosphere DC/OS application = application
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationDefendX Software Control-Audit
DefendX Software Control-Audit Installation Overview This guide details the components of DefendX Software Control-Audit along with their related documentation from an administrator s perspective. 1 Table
More informationContrail Networking: Evolve your cloud with Containers
Contrail Networking: Evolve your cloud with Containers INSIDE Containers and Microservices Transformation of the Cloud Building a Network for Containers Juniper Networks Contrail Solution BUILD MORE THAN
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationEASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER
EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER 2 WHY KUBERNETES? Kubernetes is an open-source container orchestrator for deploying and managing containerized applications. Building on 15 years of experience
More informationBuilding and Running a Solr-as-a-Service SHAI ERERA IBM
Building and Running a Solr-as-a-Service SHAI ERERA IBM Who Am I? Working at IBM Social Analytics & Technologies Lucene/Solr committer and PMC member http://shaierera.blogspot.com shaie@apache.org Background
More informationFlip the Switch to Container-based Clouds
Flip the Switch to Container-based Clouds B I L L B O R S A R I D I R E C T O R, S Y S T E M S E N G I N E E R I N G 1 November 2017 1 2017 Datera Datera at a Glance Founded 2013 Smart storage for clouds
More informationhttps://bit.do/pgsessions-postgresqlkubernetes PostgreSQL and Kubernetes Database as a Service without a Vendor Lock-in Oleksii Kliukin PostgreSQL Sessions 10 Paris, France About me PostgreSQL Engineer
More information8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop
Bishop Encryption and Decryption centralized Single point of contact First line of defense If working with VPC Creation and management of security groups Provides additional networking and security options
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationMesosphere and the Enterprise: Run Your Applications on Apache Mesos. Steve Wong Open Source Engineer {code} by Dell
Mesosphere and the Enterprise: Run Your Applications on Apache Mesos Steve Wong Open Source Engineer {code} by Dell EMC @cantbewong Open source at Dell EMC {code} by Dell EMC is a group of passionate open
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY A Deeper Dive 2 WHAT ARE CONTAINERS? It depends on who you ask... INFRASTRUCTURE APPLICATIONS Sandboxed application processes on a shared Linux OS kernel Simpler, lighter,
More informationData encryption & security. An overview
Data encryption & security An overview Agenda Make sure the data cannot be accessed without permission Physical security Network security Data security Give (some) people (some) access for some time Authentication
More informationSeagull: A distributed, fault tolerant, concurrent task runner. Sagar Patwardhan
Seagull: A distributed, fault tolerant, concurrent task runner Sagar Patwardhan sagarp@yelp.com Yelp s Mission Connecting people with great local businesses. Yelp scale Outline What is Seagull? Why did
More informationSAP VORA 1.4 on AWS - MARKETPLACE EDITION FREQUENTLY ASKED QUESTIONS
SAP VORA 1.4 on AWS - MARKETPLACE EDITION FREQUENTLY ASKED QUESTIONS 1. What is SAP Vora? SAP Vora is an in-memory, distributed computing solution that helps organizations uncover actionable business insights
More informationMcAfee Network Security Platform 9.2
McAfee Network Security Platform 9.2 (9.2.7.22-9.2.7.20 Manager-Virtual IPS Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationTECHED USER CONFERENCE MAY 3-4, 2016
TECHED USER CONFERENCE MAY 3-4, 2016 Bruce Beaman, Senior Director Adabas and Natural Product Marketing Software AG Software AG s Future Directions for Adabas and Natural WHAT CUSTOMERS ARE TELLING US
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationContainer 2.0. Container: check! But what about persistent data, big data or fast data?!
@unterstein @joerg_schad @dcos @jaxdevops Container 2.0 Container: check! But what about persistent data, big data or fast data?! 1 Jörg Schad Distributed Systems Engineer @joerg_schad Johannes Unterstein
More informationEnabling Secure Hadoop Environments
Enabling Secure Hadoop Environments Fred Koopmans Sr. Director of Product Management 1 The future of government is data management What s your strategy? 2 Cloudera s Enterprise Data Hub makes it possible
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More informationAdvantages of using DC/OS Azure infrastructure and the implementation architecture Bill of materials used to construct DC/OS and the ACS clusters
Reference implementation: The Azure Container Service DC/OS is a distributed operating system powered by Apache Mesos that treats collections of CPUs, RAM, networking and so on as a distributed kernel
More informationContainer Orchestration on Amazon Web Services. Arun
Container Orchestration on Amazon Web Services Arun Gupta, @arungupta Docker Workflow Development using Docker Docker Community Edition Docker for Mac/Windows/Linux Monthly edge and quarterly stable
More informationCONTAINERIZED SPARK ON KUBERNETES. William Benton Red Hat,
CONTAINERIZED SPARK ON KUBERNETES William Benton Red Hat, Inc. @willb willb@redhat.com BACKGROUND BACKGROUND BACKGROUND BACKGROUND BACKGROUND BACKGROUND BACKGROUND BACKGROUND WHAT OUR SPARK CLUSTER LOOKED
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationNET1821BU THE FUTURE OF NETWORKING AND SECURITY WITH NSX-T Bruce Davie CTO, APJ 2
NET1821BU The Future of Network Virtualization with NSX-T #VMworld #NET1821BU NET1821BU THE FUTURE OF NETWORKING AND SECURITY WITH NSX-T Bruce Davie CTO, APJ 2 DISCLAIMER This presentation may contain
More informationCONTAINERS AND MICROSERVICES WITH CONTRAIL
CONTAINERS AND MICROSERVICES WITH CONTRAIL Scott Sneddon Sree Sarva DP Ayyadevara Sr. Director Sr. Director Director Cloud and SDN Contrail Solutions Product Line Management This statement of direction
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationMANAGING MESOS, DOCKER, AND CHRONOS WITH PUPPET
Roger Ignazio PuppetConf 2015 MANAGING MESOS, DOCKER, AND CHRONOS WITH PUPPET 2015 Mesosphere, Inc. All Rights Reserved. 1 $(whoami) ABOUT ME Roger Ignazio Infrastructure Automation Engineer @ Mesosphere
More informationZabbix on a Clouds. Another approach to a building a fault-resilient, scalable monitoring platform
Zabbix on a Clouds Another approach to a building a fault-resilient, scalable monitoring platform Preface 00:20:00 We will be discussing a few topics on how you will deploy or migrate Zabbix monitoring
More informationCircleCI Server v2.16 Installation Guide. Final Documentation
CircleCI Server v2.16 Installation Guide Final Documentation February 7th, 2019 2 Contents 1 Overview 5 Build Environments................................. 5 Architecture.....................................
More informationRSA Authentication Manager 8.2
RSA Authentication Manager 8.2 Over 25,000 customers 50 60 million active tokens in circulation 10 million units shipped per year More than 50% market share RSA Ready Partner Program: 400 Partners with
More informationTable of Contents DevOps Administrators
DevOps Administrators Table of Contents DevOps Administrators Overview for DevOps Admins Managing Images, Projects, Users Configure a Registry Create Users Assign the Administrator Role Create a Project
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationDocker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications
Technical Brief Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications As application teams deploy their Dockerized applications into production environments,
More informationImproving efficiency of Twitter Infrastructure using Chargeback
Improving efficiency of Twitter Infrastructure using Chargeback @vinucharanya @micheal AGENDA Brief History Problem Chargeback Engineering Challenges The product Impact Future Getty Images from http://www.fifa.com/worldcup/news/y=2010/m=7/news=pride-for-africa-spain-strike-gold-2247372.html
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More information@unterstein #bedcon. Operating microservices with Apache Mesos and DC/OS
@unterstein @dcos @bedcon #bedcon Operating microservices with Apache Mesos and DC/OS 1 Johannes Unterstein Software Engineer @Mesosphere @unterstein @unterstein.mesosphere 2017 Mesosphere, Inc. All Rights
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationArchitecting Microsoft Azure Solutions (proposed exam 535)
Architecting Microsoft Azure Solutions (proposed exam 535) IMPORTANT: Significant changes are in progress for exam 534 and its content. As a result, we are retiring this exam on December 31, 2017, and
More informationThe SMACK Stack: Spark*, Mesos*, Akka, Cassandra*, Kafka* Elizabeth K. Dublin Apache Kafka Meetup, 30 August 2017.
Dublin Apache Kafka Meetup, 30 August 2017 The SMACK Stack: Spark*, Mesos*, Akka, Cassandra*, Kafka* Elizabeth K. Joseph @pleia2 * ASF projects 1 Elizabeth K. Joseph, Developer Advocate Developer Advocate
More information