Starting the Avalanche:

Size: px
Start display at page:

Download "Starting the Avalanche:"

Transcription

1 Starting the Avalanche: Application DoS In Microservice Architectures Scott Behrens Jeremy Heffner

2 Introductions Scott Behrens Netflix senior application security engineer Breaking and building for 8+ years Contributor to a variety of open source projects (github.com/sbehrens) Jeremy Heffner Senior Security Software Engineer Developing and securing things for 20+ years

3 DoS focused on application layer logic

4 Photo of a battering ram by Flickr user Patrick Denker; License:

5

6 How Novel is Application DoS?

7 Microservice Primer: High Level View Architecture Client Libraries and API Gateway Circuit Breakers / Failover Cache

8 Microservice Primer: Architecture GOOD Scale Service independence Fault isolation Eliminates stack debt BAD Distributed system complexity Deployment complexity Cascading service failures if things aren t set up right

9 Simplified Microservice API Architecture INTERNET ZUUL PROXY EDGE Middle Backend WEBSITE CORE API Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service ZUUL PROXY PROXIES Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service

10 Microservice Primer: API Gateways and Client Libraries Interface for middle tier services Services provide client libraries to API Gateway Diagrams provided by microservices.io

11 Microservice Primer: Circuit Breaker Helps with handling service failures How do you know what timeout to choose? How long should the breaker be triggered? Diagrams provided by microservices.io

12 Microservice Primer: Cache Speeds up response time Reduces load on services fronted by cache Reduces the number of servers needed to handle requests

13 Old school Application DoS CPU Mem Cache Disk Network

14 New School Application DoS CPU Mem Cache Disk Network Queueing Client Library Timeouts Healthchecks Connection Pool Hardware Operations (HSMs)

15 New School Application DoS CPU Mem Cache Disk Network Queueing Client Library Timeouts Healthchecks Connection Pool Hardware Operations (HSMs)

16 Difference Between Old School and New School App DoS Old School Application DoS New School Application DoS Often 1 to 1 Often 1 to Many

17 Simple Web Application Architecture

18 Old School Application DoS Attack HTTP Timeouts 300 requests per second HTTP Timeouts > perl create_many_profiles.pl POST /create_profile HTTP/1.1 profile_name=$counter + hacker

19 New School Microservice API DoS EDGE Middle Backend Backend Tier Service > python grizzly.py ZUUL PROXY ZUUL PROXY WEBSITE PROXIES CORE API Middle Tier Service Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service POST /recommendations HTTP/1.1 { recommendations : { range : [0,10000]}}

20 New School Microservice API DoS > python grizzly.py Fallback or Site Error ZUUL PROXY ZUUL PROXY EDGE Middle Backend WEBSITE PROXIES CORE API Middle Tier Service Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service POST /recommendations HTTP/1.1 { recommendations : { range : [0,10000]}} Core Client API Timeouts, making circuit many client breakers requests triggered, fallback experience triggered Middle tier services making many calls to backend services Backend service queues filling up with expensive requests

21 Workflow for Identifying Application DoS - Part 1 Identify the most latent service calls Investigate if latent calls allow for manipulation Tune payload to fly under WAF/Rate Limiting Test hypothesis Scale your test using Cloudy Kraken (orchestrator) and Repulsive Grizzly (attack framework)

22 Workflow for Identifying Application DoS - Part 1 Identify the most latent service calls Investigate if latent calls allow for manipulation Tune payload to fly under WAF/Rate Limiting Test hypothesis Scale your test using Cloudy Kraken (orchestrator) and Repulsive Grizzly (attack framework)

23 Identifying Latent Service Calls

24 Identifying Latent Service Calls

25 Microservice Application DoS: Attack Patterns Range Object Out per Object in Request Size All of the Above

26 Application DoS Technique: Range

27 Application DoS Technique: Object Out Per Object In

28 Application DoS Technique: Request Size

29 Application DoS Technique: All of the Above <--What about N languages? <--What about more object fields?

30 Rate Limited # Req Service Impact Service Healthy Service Impact Service Auto-Scaling/Healthy Logical Work Per Request

31 New School Application DoS Attack: Case Study

32 Making the call more expensive

33 Workflow for Identifying Application DoS - Part 2 Identify the most latent service calls Investigate if latent calls allow for range, object out/object in, request size, or other manipulation Tune payload to fly under WAF/Rate Limiting while causing the most application instability Test hypothesis on a smaller scale using Repulsive Grizzly Scale your test using Cloudy Kraken

34 Repulsive Grizzly Skunkworks application DoS framework Written in Python3 Eventlet for high concurrency Uses AWS SNS for logging analysis Easily configurable

35 Repulsive Grizzly: Command File

36 Repulsive Grizzly: Payload and Header Files Provide payloads in any format you want Headers are provided as a JSON key/value hash Use $$AUTH$$ placeholder to tell grizzly where to place tokens

37 Repulsive Grizzly: Bypass Rate Limiter with Sessions

38 Repulsive Grizzly: Single Node

39

40 Cloudy Kraken Overview

41 Push the latest configuration file and attack scripts to S3. Launch instances Tear down and reset the environment in each region Reset the DynamoDB state. Update Config Build Environment Start up Attack Nodes Collect data Tear-Down Configure the VPCs in each region Wait for data to come through SNS

42 Cloudy Kraken Configuration S3 Bucket Zip File and Configuration Reset State DynamoDB Table

43 Cloudy Kraken: Key AWS Deployment Building Blocks Region VPC Auto-Scaling Group Node Node NodeNode Node Node Node NodeNode Node AZ/Subnet AZ/Subnet Region => AWS Geographical Region VPC => VLAN ASG => Automatically starts identical nodes AZ/Subnet => Localized nodes / Subnet Launch Config => Initial configuration

44 Cloudy Kraken Deployment phase VPC Region A Security Group Auto Scaling Group VPC Region B Security Group Auto Scaling Group

45 Cloudy Kraken Workers Each worker node is a single EC2 instance Each worker runs many threads EC2 gives you access to Enhanced Networking Driver Minimal overhead with launch config and ASG

46 Cloudy Kraken Execution phase On startup, each worker node runs a cloud-init script Enables ssh access for monitoring and debugging Downloads and runs main config script Downloads ZIP file with attack script Spins up attack worker Waits for coordinated time to start

47 Cloudy Kraken Kill-Switch Script to set the kill switch, and bring it all down

48 Cloudy Kraken Tear-Down Terminates all the instances Removes ASGs and Launch Configs Removes VPC, Security group, and Instance Profiles

49 We scaled up, time to run the test! Tested against prod Multi-region and multi-agent Conducted two 5 minute attacks Monitored for success

50 Results of Test 80% Error Rate

51 $ minute outage for a single AWS region

52 So What Failed? Expensive API calls could be invoked with non-member cookies Expensive traffic resulted in many RPCs per request WAF/Rate Limiter was unable to monitor middle tier RPCs Missing fallback experience when cache missed

53 Demo Test app Launching and scaling attack with Cloudy Kraken

54 Microservice Application DoS: Mitigations Understand which microservices impact customer experience

55 Microservice Application DoS: Mitigations Rate limiter (WAF) should monitor middle tier signals or cost of request*

56 Microservice Application DoS: Mitigations Middle tier services should provide context on abnormal behavior

57 Microservice Application DoS: Mitigations Rate limiter (WAF) should monitor volume of cache misses*

58 Microservice Application DoS: Mitigations Prioritize authenticated traffic over unauthenticated

59 Microservice Application DoS: Mitigations Configure reasonable client library timeouts

60 Microservice Application DoS: Mitigations Trigger fallback experiences when cache or lookups fail

61 Thanks!

Serverless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect

Serverless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect Serverless Architecture Hochskalierbare Anwendungen ohne Server Sascha Möllering, Solutions Architect Agenda Serverless Architecture AWS Lambda Amazon API Gateway Amazon DynamoDB Amazon S3 Serverless Framework

More information

Microservices without the Servers: AWS Lambda in Action

Microservices without the Servers: AWS Lambda in Action Microservices without the Servers: AWS Lambda in Action Dr. Tim Wagner, General Manager AWS Lambda August 19, 2015 Seattle, WA 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Two

More information

How to go serverless with AWS Lambda

How to go serverless with AWS Lambda How to go serverless with AWS Lambda Roman Plessl, nine (AWS Partner) Zürich, AWSomeDay 12. September 2018 About myself and nine Roman Plessl Working for nine as a Solution Architect, Consultant and Leader.

More information

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

At Course Completion Prepares you as per certification requirements for AWS Developer Associate. [AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

More information

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster Protecting highly dynamic AWS resources with a static firewall setup is neither efficient nor economical. A CloudGen Firewall Auto Scaling

More information

AWS Lambda: Event-driven Code in the Cloud

AWS Lambda: Event-driven Code in the Cloud AWS Lambda: Event-driven Code in the Cloud Dean Bryen, Solutions Architect AWS Andrew Wheat, Senior Software Engineer - BBC April 15, 2015 London, UK 2015, Amazon Web Services, Inc. or its affiliates.

More information

Elastic Load Balancing

Elastic Load Balancing Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th,

More information

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PrepAwayExam.   High-efficient Exam Materials are the best high pass-rate Exam Dumps PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)

More information

IoT Device Simulator

IoT Device Simulator IoT Device Simulator AWS Implementation Guide Sean Senior May 2018 Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. IoT Device Simulator is licensed under the terms of the Amazon Software License

More information

Zombie Apocalypse Workshop

Zombie Apocalypse Workshop Zombie Apocalypse Workshop Building Serverless Microservices Danilo Poccia @danilop Paolo Latella @LatellaPaolo September 22 nd, 2016 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

More information

Amazon Web Services (AWS) Training Course Content

Amazon Web Services (AWS) Training Course Content Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is

More information

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

How can you implement this through a script that a scheduling daemon runs daily on the application servers? You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups

More information

PARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM

PARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM PARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM This project is focused on building and implementing a single course exploration and enrollment solution that is intuitive, interactive, and

More information

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

PracticeDump.   Free Practice Dumps - Unlimited Free Access of practice exam PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : AWS-Developer Title : AWS Certified Developer - Associate Vendor : Amazon Version : DEMO Get

More information

Develop and test your Mobile App faster on AWS

Develop and test your Mobile App faster on AWS Develop and test your Mobile App faster on AWS Carlos Sanchiz, Solutions Architect @xcarlosx26 #AWSSummit 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The best mobile apps are

More information

Pragmatic Cloud Security

Pragmatic Cloud Security Pragmatic Cloud Security Rich Mogull, Analyst & CEO, Securosis, LLC @rmogull events.techtarget.com Information Security Decisions TechTarget This Old Process Assess Redesign Secure Inspect Profit! Information

More information

Making Non-Distributed Databases, Distributed. Ioannis Papapanagiotou, PhD Shailesh Birari

Making Non-Distributed Databases, Distributed. Ioannis Papapanagiotou, PhD Shailesh Birari Making Non-Distributed Databases, Distributed Ioannis Papapanagiotou, PhD Shailesh Birari Dynomite Ecosystem Dynomite - Proxy layer Dyno - Client Dynomite-manager - Ecosystem orchestrator Dynomite-explorer

More information

AWS Lambda. 1.1 What is AWS Lambda?

AWS Lambda. 1.1 What is AWS Lambda? Objectives Key objectives of this chapter Lambda Functions Use cases The programming model Lambda blueprints AWS Lambda 1.1 What is AWS Lambda? AWS Lambda lets you run your code written in a number of

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud? DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing Slide 1 Slide 3 ➀ What is Cloud Computing? ➁ X as a Service ➂ Key Challenges ➃ Developing for the Cloud Why is it called Cloud? services provided

More information

Zero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks

Zero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks Zero to Microservices in 5 minutes using Docker Containers Mathew Lodge (@mathewlodge) Weaveworks (@weaveworks) https://www.weave.works/ 2 Going faster with software delivery is now a business issue Software

More information

Amazon. Exam Questions AWS-Certified-Solutions-Architect- Professional. AWS-Certified-Solutions-Architect-Professional.

Amazon. Exam Questions AWS-Certified-Solutions-Architect- Professional. AWS-Certified-Solutions-Architect-Professional. Amazon Exam Questions AWS-Certified-Solutions-Architect- Professional AWS-Certified-Solutions-Architect-Professional Version:Demo 1.. The MySecureData company has five branches across the globe. They want

More information

Exam Questions AWS-Certified- Developer-Associate

Exam Questions AWS-Certified- Developer-Associate Exam Questions AWS-Certified- Developer-Associate Amazon AWS Certified Developer Associate https://www.2passeasy.com/dumps/aws-certified- Developer-Associate/ 1. When using Amazon SQS how much data can

More information

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS Building a Self-Defending Border Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS www.cloudsec.com #cloudsec Building A Defending Borders Protect Your Web-facing Workloads

More information

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time

More information

Amazon Web Services Training. Training Topics:

Amazon Web Services Training. Training Topics: Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing

More information

Scaling DreamFactory

Scaling DreamFactory Scaling DreamFactory This white paper is designed to provide information to enterprise customers about how to scale a DreamFactory Instance. The sections below talk about horizontal, vertical, and cloud

More information

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction

More information

Managing your microservices with Kubernetes and Istio. Craig Box

Managing your microservices with Kubernetes and Istio. Craig Box Managing your microservices with Kubernetes and Istio Craig Box Agenda What is a Service Mesh? How we got here: a story Architecture and details Q&A 2 What is a service mesh? A network for services, not

More information

SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud

SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud Quick Start Reference Deployment Judah Bernstein, Tod Golding, and Santiago Cardenas Amazon Web Services October 2017 Last updated: December

More information

MongoDB in AWS (MongoDB as a DBaaS)

MongoDB in AWS (MongoDB as a DBaaS) MongoDB in AWS (MongoDB as a DBaaS) Jing Wu Zhang Lu April 2017 Goals Automatically build MongoDB cluster Flexible scaling options Automatically recover from resource failures 2 Utilizing CloudFormation

More information

TIBCO Cloud Integration Security Overview

TIBCO Cloud Integration Security Overview TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized

More information

Microservices mit Java, Spring Boot & Spring Cloud. Eberhard Wolff

Microservices mit Java, Spring Boot & Spring Cloud. Eberhard Wolff Microservices mit Java, Spring Boot & Spring Cloud Eberhard Wolff Fellow @ewolff What are Microservices? Micro Service: Definition > Small > Independent deployment units > i.e. processes or VMs > Any technology

More information

vcloud Automation Center Reference Architecture vcloud Automation Center 5.2

vcloud Automation Center Reference Architecture vcloud Automation Center 5.2 vcloud Automation Center Reference Architecture vcloud Automation Center 5.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Elastic Efficient Execution of Varied Containers. Sharma Podila Nov 7th 2016, QCon San Francisco

Elastic Efficient Execution of Varied Containers. Sharma Podila Nov 7th 2016, QCon San Francisco Elastic Efficient Execution of Varied Containers Sharma Podila Nov 7th 2016, QCon San Francisco In other words... How do we efficiently run heterogeneous workloads on an elastic pool of heterogeneous resources,

More information

Application Resilience Engineering and Operations at Netflix. Ben Software Engineer on API Platform at Netflix

Application Resilience Engineering and Operations at Netflix. Ben Software Engineer on API Platform at Netflix Application Resilience Engineering and Operations at Netflix Ben Christensen @benjchristensen Software Engineer on API Platform at Netflix Global deployment spread across data centers in multiple AWS regions.

More information

FAST, FLEXIBLE, RELIABLE SEAMLESSLY ROUTING AND SECURING BILLIONS OF REQUESTS PER MONTH

FAST, FLEXIBLE, RELIABLE SEAMLESSLY ROUTING AND SECURING BILLIONS OF REQUESTS PER MONTH We help Big Brands, Scale WordPress. WORDPRESS HOSTING MANAGED BY PROFESSIONALS PAGELY, INC pagely.com THE PAGELY ARES APPLICATION GATEWAY FAST, FLEXIBLE, RELIABLE SEAMLESSLY ROUTING AND SECURING BILLIONS

More information

PREPARING FOR DISASTER

PREPARING FOR DISASTER PREPARING FOR DISASTER INTEGRATING BCDR PRINCIPLES INTO YOUR DEVOPS PRACTICE Jeremy Heffner SANS Secure DevOps Summit & Training October 2017 CODE SPACES Source: https://arstechnica.com/information-technology/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/

More information

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

Level Up Your CF Apps with Amazon Web Services

Level Up Your CF Apps with Amazon Web Services Level Up Your CF Apps with Amazon Web Services Brian Klaas bklaas@jhu.edu @brian_klaas Level Up Your CF Apps with Amazon Web Services Brian Klaas bklaas@jhu.edu @brian_klaas Hello Hello Hello Hello Hello

More information

Security Overview of the BGI Online Platform

Security Overview of the BGI Online Platform WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra

More information

Using DC/OS for Continuous Delivery

Using DC/OS for Continuous Delivery Using DC/OS for Continuous Delivery DevPulseCon 2017 Elizabeth K. Joseph, @pleia2 Mesosphere 1 Elizabeth K. Joseph, Developer Advocate, Mesosphere 15+ years working in open source communities 10+ years

More information

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Storage & Database Services : Introduction

More information

Design and Architecture. Derek Collison

Design and Architecture. Derek Collison Design and Architecture Derek Collison What is Cloud Foundry? 2 The Open Platform as a Service 3 4 What is PaaS? Or more specifically, apaas? 5 apaas Application Platform as a Service Applications and

More information

The Guide to Best Practices in PREMIUM ONLINE VIDEO STREAMING

The Guide to Best Practices in PREMIUM ONLINE VIDEO STREAMING AKAMAI.COM The Guide to Best Practices in PREMIUM ONLINE VIDEO STREAMING PART 3: STEPS FOR ENSURING CDN PERFORMANCE MEETS AUDIENCE EXPECTATIONS FOR OTT STREAMING In this third installment of Best Practices

More information

How to Deploy an AMI Test Agent in Amazon Web Services

How to Deploy an AMI Test Agent in Amazon Web Services How to Deploy an AMI Test Agent in Amazon Web Services Executive Summary This guide explains how to deploy a Netrounds Test Agent in Amazon EC2 (Elastic Compute Cloud) by launching an AWS instance on which

More information

Cloud Security Best Practices

Cloud Security Best Practices Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal

More information

ArcGIS for Server: Administration and Security. Amr Wahba

ArcGIS for Server: Administration and Security. Amr Wahba ArcGIS for Server: Administration and Security Amr Wahba awahba@esri.com Agenda ArcGIS Server architecture Distributing and scaling components Implementing security Monitoring server logs Automating server

More information

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India (AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.

More information

Going Serverless. Building Production Applications Without Managing Infrastructure

Going Serverless. Building Production Applications Without Managing Infrastructure Going Serverless Building Production Applications Without Managing Infrastructure Objectives of this talk Outline what serverless means Discuss AWS Lambda and its considerations Delve into common application

More information

Cloud Computing. Amazon Web Services (AWS)

Cloud Computing. Amazon Web Services (AWS) Cloud Computing What is Cloud Computing? Benefit of cloud computing Overview of IAAS, PAAS, SAAS Types Of Cloud private, public & hybrid Amazon Web Services (AWS) Introduction to Cloud Computing. Introduction

More information

Cloud Computing /AWS Course Content

Cloud Computing /AWS Course Content Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your

More information

Using AWS to Build a Large Scale Dockerized Microservices Architecture. Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30.

Using AWS to Build a Large Scale Dockerized Microservices Architecture. Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30. Using AWS to Build a Large Scale Dockerized Microservices Architecture Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30. Juni 2016 The moovel Group GmbH Our vision is an ecosystem that simplifies mobility

More information

To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin,

To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin, To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry Tony Erwin, aerwin@us.ibm.com Agenda Origins of the Bluemix UI Demons of the Monolith Slaying Demons with

More information

Performance Case Study

Performance Case Study Performance Case Study @Fabian_Frank Yahoo! Search, Engineer Youthmedia.eu, Volunteer A Dynamic Website self-contained App self-contained App self-contained App node v0.4.x multi-core

More information

Reactive Microservices Architecture on AWS

Reactive Microservices Architecture on AWS Reactive Microservices Architecture on AWS Sascha Möllering Solutions Architect, @sascha242, Amazon Web Services Germany GmbH Why are we here today? https://secure.flickr.com/photos/mgifford/4525333972

More information

CogniFit Technical Security Details

CogniFit Technical Security Details Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................

More information

A Cloud Gateway - A Large Scale Company s First Line of Defense. Mikey Cohen Manager - Edge Gateway Netflix

A Cloud Gateway - A Large Scale Company s First Line of Defense. Mikey Cohen Manager - Edge Gateway Netflix A Cloud - A Large Scale Company s First Line of Defense Mikey Cohen Manager - Edge Netflix Today, more than 36% of North America s internet traffic is controlled by systems in the Amazon Cloud Global

More information

Istio. A modern service mesh. Louis Ryan Principal

Istio. A modern service mesh. Louis Ryan Principal Istio A modern service mesh Louis Ryan Principal Engineer @ Google @louiscryan My Google Career HTTP Reverse Proxy HTTP HTTP2 GRPC Reverse Proxy Reverse Proxy HTTP API Proxy HTTP Control Plane HTTP2 GRPC

More information

How to use or not use the AWS API Gateway for Microservices

How to use or not use the AWS API Gateway for Microservices How to use or not use the AWS API Gateway for Microservices Presented by Dr. Martin Merck Wednesday 26 September 2018 What is an API Gateway Traits AWS API Gateway Features of API gateway OAuth2.0 Agenda

More information

About Intellipaat. About the Course. Why Take This Course?

About Intellipaat. About the Course. Why Take This Course? About Intellipaat Intellipaat is a fast growing professional training provider that is offering training in over 150 most sought-after tools and technologies. We have a learner base of 600,000 in over

More information

The Day the DNS Died

The Day the DNS Died The Day the DNS Died Jeremy Blosser, Principal Operations Engineer jblosser@sparkpost.com https://tinyurl.com/spdnstalk 1 Introduction SparkPost, aka Message Systems, is a high-volume, transactional email

More information

PRAGMATIC SECURITY AUTOMATION FOR CLOUD

PRAGMATIC SECURITY AUTOMATION FOR CLOUD SESSION ID: CSV-R04 PRAGMATIC SECURITY AUTOMATION FOR CLOUD Rich Mogull Analyst/VP of Product Securosis/DisruptOPS rmogull@disruptops.com @rmogull Cloud is Fundamentally Different Abstraction Automation

More information

What Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OS

What Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OS What Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OS Nathan Shimek - VP of Client Solutions at New Context Dinesh Israin Senior Software Engineer at Portworx

More information

EVCache: Lowering Costs for a Low Latency Cache with RocksDB. Scott Mansfield Vu Nguyen EVCache

EVCache: Lowering Costs for a Low Latency Cache with RocksDB. Scott Mansfield Vu Nguyen EVCache EVCache: Lowering Costs for a Low Latency Cache with RocksDB Scott Mansfield Vu Nguyen EVCache 90 seconds What do caches touch? Signing up* Logging in Choosing a profile Picking liked videos

More information

DreamFactory Security Guide

DreamFactory Security Guide DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit

More information

NGF0502 AWS Student Slides

NGF0502 AWS Student Slides NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud

More information

Aurora, RDS, or On-Prem, Which is right for you

Aurora, RDS, or On-Prem, Which is right for you Aurora, RDS, or On-Prem, Which is right for you Kathy Gibbs Database Specialist TAM Katgibbs@amazon.com Santa Clara, California April 23th 25th, 2018 Agenda RDS Aurora EC2 On-Premise Wrap-up/Recommendation

More information

How we scaled push messaging for millions of Netflix devices. Susheel Aroskar Cloud Gateway

How we scaled push messaging for millions of Netflix devices. Susheel Aroskar Cloud Gateway How we scaled push messaging for millions of Netflix devices Susheel Aroskar Cloud Gateway Why do we need push? How I spend my time in Netflix application... What is push? What is push? How you can build

More information

How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018

How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018 How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018 owen@nginx.com All problems in computer science can be solved by another layer of indirection --- David Wheeler, FRS This giant

More information

Getting Started with AWS Security

Getting Started with AWS Security Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move

More information

How the Cloud is Enabling the Disruption of the Construction Industry. AWS Case Study Construction Industry. Abstract

How the Cloud is Enabling the Disruption of the Construction Industry. AWS Case Study Construction Industry. Abstract Case Study Construction Industry How the Cloud is Enabling the Disruption of the Construction Industry Abstract A Minfy-architected cloud solution is helping iquippo, a digital marketplace for the construction

More information

Cloud Catastrophes. and how to avoid them

Cloud Catastrophes. and how to avoid them Cloud Catastrophes and how to avoid them Who? Mike Haworth Nope Works for: Insomnia Security Bio: Extensive biographical information Extensive biographical information Extensive biographical information

More information

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting

More information

Wrapp. Powered by AWS EC2 Container Service. Jude D Souza Solutions Wrapp Phone:

Wrapp. Powered by AWS EC2 Container Service. Jude D Souza Solutions Wrapp Phone: Containers @ Wrapp Powered by AWS EC2 Container Service Jude D Souza Solutions Architect @ Wrapp Phone: +46 767085740 Email: jude@wrapp.com About Me Jude D Souza Stockholm, Sweden ß Karachi, Pakistan jude@wrapp.com

More information

AWS 101. Patrick Pierson, IonChannel

AWS 101. Patrick Pierson, IonChannel AWS 101 Patrick Pierson, IonChannel What is AWS? Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help

More information

Microservices at Netflix Scale. First Principles, Tradeoffs, Lessons Learned Ruslan

Microservices at Netflix Scale. First Principles, Tradeoffs, Lessons Learned Ruslan Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg @rusmeshenberg Microservices: all benefits, no costs? Netflix is the world s leading Internet television network

More information

Incident Response and Forensics in your Pyjamas

Incident Response and Forensics in your Pyjamas Incident Response and Forensics in your Pyjamas When security incidents happen, you often have to respond in a hurry to gather forensic data from the resources that were involved. You might need to grab

More information

Amazon Search Services. Christoph Schmitter

Amazon Search Services. Christoph Schmitter Amazon Search Services Christoph Schmitter csc@amazon.de What we'll cover Overview of Amazon Search Services Understand the difference between Cloudsearch and Amazon ElasticSearch Service Q&A Amazon Search

More information

Large-Scale Web Applications

Large-Scale Web Applications Large-Scale Web Applications Mendel Rosenblum Web Application Architecture Web Browser Web Server / Application server Storage System HTTP Internet CS142 Lecture Notes - Intro LAN 2 Large-Scale: Scale-Out

More information

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP Networking in AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,

More information

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5. Server 5.0 Copyright 1 Copyright 2018 Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.0 February, 2018 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,

More information

Emulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner

Emulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner Emulating Lambda to speed up development Kevin Epstein CTO CorpInfo AWS Premier Partner What is Lambda? Scalable, Highly Available, Stateless, event driven computing Fully managed runtime environment Python

More information

SAP Vora - AWS Marketplace Production Edition Reference Guide

SAP Vora - AWS Marketplace Production Edition Reference Guide SAP Vora - AWS Marketplace Production Edition Reference Guide 1. Introduction 2 1.1. SAP Vora 2 1.2. SAP Vora Production Edition in Amazon Web Services 2 1.2.1. Vora Cluster Composition 3 1.2.2. Ambari

More information

Layer-4 to Layer-7 Services

Layer-4 to Layer-7 Services Overview, page 1 Tenant Edge-Firewall, page 1 LBaaS, page 2 FWaaS, page 4 Firewall Configuration, page 6 Overview Layer-4 through Layer-7 services support(s) end-to-end communication between a source and

More information

Tetration Cluster Cloud Deployment Guide

Tetration Cluster Cloud Deployment Guide First Published: 2017-11-16 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE

More information

AWS Well Architected Framework

AWS Well Architected Framework AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization

More information

AWS Solution Architect Associate

AWS Solution Architect Associate AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of

More information

AWS London Loft: CloudFormation Workshop

AWS London Loft: CloudFormation Workshop AWS London Loft: CloudFormation Workshop Templated AWS Resources Tom Maddox Solutions Architect tmaddox@amazon.co.uk Who am I? Gardener (Capacity Planning) Motorcyclist (Agility) Mobile App Writer Problem

More information

Hosting Roadmap Upgrades, Improvements and Changes

Hosting Roadmap Upgrades, Improvements and Changes Hosting Roadmap 2014 Upgrades, Improvements and Changes Objectives First and Foremost : Uptime Denial of Service (DDoS) Attack Mitigation Mitigate Hacking Attempts Eliminate Media Outages (95% of the data)

More information

Microservices Architekturen aufbauen, aber wie?

Microservices Architekturen aufbauen, aber wie? Microservices Architekturen aufbauen, aber wie? Constantin Gonzalez, Principal Solutions Architect glez@amazon.de, @zalez 30. Juni 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

More information

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Enroll Now to Take online Course   Contact: Demo video By Chandra sir Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc

More information

Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture

Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture A Typical Application with Microservices Client Webapp Webapp Webapp Greeting Greeting Greeting Name Name Name Microservice

More information

ISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio

ISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio ISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio 2018-08-07 PARTY TIME 2018-07-31 Istio hits 1.0!!! ONE STEP CLOSER TO BORING* * http://mcfunley.com/choose-boring-technology

More information

AGENDA Introduction Pivotal Cloud Foundry NSX-V integration with Cloud Foundry New Features in Cloud Foundry Networking NSX-T with Cloud Fou

AGENDA Introduction Pivotal Cloud Foundry NSX-V integration with Cloud Foundry New Features in Cloud Foundry Networking NSX-T with Cloud Fou NET1523BE INTEGRATING NSX AND CLOUD FOUNDRY Usha Ramachandran Staff Product Manager, Pivotal Sai Chaitanya Product Line Manager, VMware VMworld 2017 Content: Not for publication #VMworld AGENDA 1 2 3 4

More information

Cloud Security Strategy - Adapt to Changes with Security Automation -

Cloud Security Strategy - Adapt to Changes with Security Automation - SESSION ID: CMI-F03 Cloud Security Strategy - Adapt to Changes with Security Automation - Hayato Kiriyama Security Solutions Architect Amazon Web Services Japan K.K. @hkiriyam1 Agenda New Normal of Security

More information

CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS

CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS APACHE MESOS NYC MEETUP SEPTEMBER 22, 2016 CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS WHO WE ARE ROGER IGNAZIO SUNIL SHAH Tech Lead at Mesosphere @rogerignazio Product Manager at Mesosphere @ssk2

More information

API Best Practices. Managing APIs holistically across the enterprise

API Best Practices. Managing APIs holistically across the enterprise API Best Practices Managing APIs holistically across the enterprise APIs are critical to evolving application architectures Public clouds Microservices Distributed apps μservice μservice μservice μservice

More information

Planning Resources. vrealize Automation 7.1

Planning Resources. vrealize Automation 7.1 vrealize Automation 7.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to

More information

Exam Questions AWS-Solution- Architect-Associate

Exam Questions AWS-Solution- Architect-Associate Exam Questions AWS-Solution- Architect-Associate AWS Certified Solutions Architect - Associate https://www.2passeasy.com/dumps/aws-solution- Architect-Associate/ 1. Does DynamoDB support in-place atomic

More information