Starting the Avalanche:
|
|
- Gilbert Andrews
- 6 years ago
- Views:
Transcription
1 Starting the Avalanche: Application DoS In Microservice Architectures Scott Behrens Jeremy Heffner
2 Introductions Scott Behrens Netflix senior application security engineer Breaking and building for 8+ years Contributor to a variety of open source projects (github.com/sbehrens) Jeremy Heffner Senior Security Software Engineer Developing and securing things for 20+ years
3 DoS focused on application layer logic
4 Photo of a battering ram by Flickr user Patrick Denker; License:
5
6 How Novel is Application DoS?
7 Microservice Primer: High Level View Architecture Client Libraries and API Gateway Circuit Breakers / Failover Cache
8 Microservice Primer: Architecture GOOD Scale Service independence Fault isolation Eliminates stack debt BAD Distributed system complexity Deployment complexity Cascading service failures if things aren t set up right
9 Simplified Microservice API Architecture INTERNET ZUUL PROXY EDGE Middle Backend WEBSITE CORE API Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service ZUUL PROXY PROXIES Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service
10 Microservice Primer: API Gateways and Client Libraries Interface for middle tier services Services provide client libraries to API Gateway Diagrams provided by microservices.io
11 Microservice Primer: Circuit Breaker Helps with handling service failures How do you know what timeout to choose? How long should the breaker be triggered? Diagrams provided by microservices.io
12 Microservice Primer: Cache Speeds up response time Reduces load on services fronted by cache Reduces the number of servers needed to handle requests
13 Old school Application DoS CPU Mem Cache Disk Network
14 New School Application DoS CPU Mem Cache Disk Network Queueing Client Library Timeouts Healthchecks Connection Pool Hardware Operations (HSMs)
15 New School Application DoS CPU Mem Cache Disk Network Queueing Client Library Timeouts Healthchecks Connection Pool Hardware Operations (HSMs)
16 Difference Between Old School and New School App DoS Old School Application DoS New School Application DoS Often 1 to 1 Often 1 to Many
17 Simple Web Application Architecture
18 Old School Application DoS Attack HTTP Timeouts 300 requests per second HTTP Timeouts > perl create_many_profiles.pl POST /create_profile HTTP/1.1 profile_name=$counter + hacker
19 New School Microservice API DoS EDGE Middle Backend Backend Tier Service > python grizzly.py ZUUL PROXY ZUUL PROXY WEBSITE PROXIES CORE API Middle Tier Service Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service POST /recommendations HTTP/1.1 { recommendations : { range : [0,10000]}}
20 New School Microservice API DoS > python grizzly.py Fallback or Site Error ZUUL PROXY ZUUL PROXY EDGE Middle Backend WEBSITE PROXIES CORE API Middle Tier Service Middle Tier Service Middle Tier Service Middle Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service Backend Tier Service POST /recommendations HTTP/1.1 { recommendations : { range : [0,10000]}} Core Client API Timeouts, making circuit many client breakers requests triggered, fallback experience triggered Middle tier services making many calls to backend services Backend service queues filling up with expensive requests
21 Workflow for Identifying Application DoS - Part 1 Identify the most latent service calls Investigate if latent calls allow for manipulation Tune payload to fly under WAF/Rate Limiting Test hypothesis Scale your test using Cloudy Kraken (orchestrator) and Repulsive Grizzly (attack framework)
22 Workflow for Identifying Application DoS - Part 1 Identify the most latent service calls Investigate if latent calls allow for manipulation Tune payload to fly under WAF/Rate Limiting Test hypothesis Scale your test using Cloudy Kraken (orchestrator) and Repulsive Grizzly (attack framework)
23 Identifying Latent Service Calls
24 Identifying Latent Service Calls
25 Microservice Application DoS: Attack Patterns Range Object Out per Object in Request Size All of the Above
26 Application DoS Technique: Range
27 Application DoS Technique: Object Out Per Object In
28 Application DoS Technique: Request Size
29 Application DoS Technique: All of the Above <--What about N languages? <--What about more object fields?
30 Rate Limited # Req Service Impact Service Healthy Service Impact Service Auto-Scaling/Healthy Logical Work Per Request
31 New School Application DoS Attack: Case Study
32 Making the call more expensive
33 Workflow for Identifying Application DoS - Part 2 Identify the most latent service calls Investigate if latent calls allow for range, object out/object in, request size, or other manipulation Tune payload to fly under WAF/Rate Limiting while causing the most application instability Test hypothesis on a smaller scale using Repulsive Grizzly Scale your test using Cloudy Kraken
34 Repulsive Grizzly Skunkworks application DoS framework Written in Python3 Eventlet for high concurrency Uses AWS SNS for logging analysis Easily configurable
35 Repulsive Grizzly: Command File
36 Repulsive Grizzly: Payload and Header Files Provide payloads in any format you want Headers are provided as a JSON key/value hash Use $$AUTH$$ placeholder to tell grizzly where to place tokens
37 Repulsive Grizzly: Bypass Rate Limiter with Sessions
38 Repulsive Grizzly: Single Node
39
40 Cloudy Kraken Overview
41 Push the latest configuration file and attack scripts to S3. Launch instances Tear down and reset the environment in each region Reset the DynamoDB state. Update Config Build Environment Start up Attack Nodes Collect data Tear-Down Configure the VPCs in each region Wait for data to come through SNS
42 Cloudy Kraken Configuration S3 Bucket Zip File and Configuration Reset State DynamoDB Table
43 Cloudy Kraken: Key AWS Deployment Building Blocks Region VPC Auto-Scaling Group Node Node NodeNode Node Node Node NodeNode Node AZ/Subnet AZ/Subnet Region => AWS Geographical Region VPC => VLAN ASG => Automatically starts identical nodes AZ/Subnet => Localized nodes / Subnet Launch Config => Initial configuration
44 Cloudy Kraken Deployment phase VPC Region A Security Group Auto Scaling Group VPC Region B Security Group Auto Scaling Group
45 Cloudy Kraken Workers Each worker node is a single EC2 instance Each worker runs many threads EC2 gives you access to Enhanced Networking Driver Minimal overhead with launch config and ASG
46 Cloudy Kraken Execution phase On startup, each worker node runs a cloud-init script Enables ssh access for monitoring and debugging Downloads and runs main config script Downloads ZIP file with attack script Spins up attack worker Waits for coordinated time to start
47 Cloudy Kraken Kill-Switch Script to set the kill switch, and bring it all down
48 Cloudy Kraken Tear-Down Terminates all the instances Removes ASGs and Launch Configs Removes VPC, Security group, and Instance Profiles
49 We scaled up, time to run the test! Tested against prod Multi-region and multi-agent Conducted two 5 minute attacks Monitored for success
50 Results of Test 80% Error Rate
51 $ minute outage for a single AWS region
52 So What Failed? Expensive API calls could be invoked with non-member cookies Expensive traffic resulted in many RPCs per request WAF/Rate Limiter was unable to monitor middle tier RPCs Missing fallback experience when cache missed
53 Demo Test app Launching and scaling attack with Cloudy Kraken
54 Microservice Application DoS: Mitigations Understand which microservices impact customer experience
55 Microservice Application DoS: Mitigations Rate limiter (WAF) should monitor middle tier signals or cost of request*
56 Microservice Application DoS: Mitigations Middle tier services should provide context on abnormal behavior
57 Microservice Application DoS: Mitigations Rate limiter (WAF) should monitor volume of cache misses*
58 Microservice Application DoS: Mitigations Prioritize authenticated traffic over unauthenticated
59 Microservice Application DoS: Mitigations Configure reasonable client library timeouts
60 Microservice Application DoS: Mitigations Trigger fallback experiences when cache or lookups fail
61 Thanks!
Serverless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect
Serverless Architecture Hochskalierbare Anwendungen ohne Server Sascha Möllering, Solutions Architect Agenda Serverless Architecture AWS Lambda Amazon API Gateway Amazon DynamoDB Amazon S3 Serverless Framework
More informationMicroservices without the Servers: AWS Lambda in Action
Microservices without the Servers: AWS Lambda in Action Dr. Tim Wagner, General Manager AWS Lambda August 19, 2015 Seattle, WA 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Two
More informationHow to go serverless with AWS Lambda
How to go serverless with AWS Lambda Roman Plessl, nine (AWS Partner) Zürich, AWSomeDay 12. September 2018 About myself and nine Roman Plessl Working for nine as a Solution Architect, Consultant and Leader.
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationAWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster
AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster Protecting highly dynamic AWS resources with a static firewall setup is neither efficient nor economical. A CloudGen Firewall Auto Scaling
More informationAWS Lambda: Event-driven Code in the Cloud
AWS Lambda: Event-driven Code in the Cloud Dean Bryen, Solutions Architect AWS Andrew Wheat, Senior Software Engineer - BBC April 15, 2015 London, UK 2015, Amazon Web Services, Inc. or its affiliates.
More informationElastic Load Balancing
Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th,
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationIoT Device Simulator
IoT Device Simulator AWS Implementation Guide Sean Senior May 2018 Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. IoT Device Simulator is licensed under the terms of the Amazon Software License
More informationZombie Apocalypse Workshop
Zombie Apocalypse Workshop Building Serverless Microservices Danilo Poccia @danilop Paolo Latella @LatellaPaolo September 22 nd, 2016 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationAmazon Web Services (AWS) Training Course Content
Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationPARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM
PARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM This project is focused on building and implementing a single course exploration and enrollment solution that is intuitive, interactive, and
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : AWS-Developer Title : AWS Certified Developer - Associate Vendor : Amazon Version : DEMO Get
More informationDevelop and test your Mobile App faster on AWS
Develop and test your Mobile App faster on AWS Carlos Sanchiz, Solutions Architect @xcarlosx26 #AWSSummit 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The best mobile apps are
More informationPragmatic Cloud Security
Pragmatic Cloud Security Rich Mogull, Analyst & CEO, Securosis, LLC @rmogull events.techtarget.com Information Security Decisions TechTarget This Old Process Assess Redesign Secure Inspect Profit! Information
More informationMaking Non-Distributed Databases, Distributed. Ioannis Papapanagiotou, PhD Shailesh Birari
Making Non-Distributed Databases, Distributed Ioannis Papapanagiotou, PhD Shailesh Birari Dynomite Ecosystem Dynomite - Proxy layer Dyno - Client Dynomite-manager - Ecosystem orchestrator Dynomite-explorer
More informationAWS Lambda. 1.1 What is AWS Lambda?
Objectives Key objectives of this chapter Lambda Functions Use cases The programming model Lambda blueprints AWS Lambda 1.1 What is AWS Lambda? AWS Lambda lets you run your code written in a number of
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?
DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing Slide 1 Slide 3 ➀ What is Cloud Computing? ➁ X as a Service ➂ Key Challenges ➃ Developing for the Cloud Why is it called Cloud? services provided
More informationZero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks
Zero to Microservices in 5 minutes using Docker Containers Mathew Lodge (@mathewlodge) Weaveworks (@weaveworks) https://www.weave.works/ 2 Going faster with software delivery is now a business issue Software
More informationAmazon. Exam Questions AWS-Certified-Solutions-Architect- Professional. AWS-Certified-Solutions-Architect-Professional.
Amazon Exam Questions AWS-Certified-Solutions-Architect- Professional AWS-Certified-Solutions-Architect-Professional Version:Demo 1.. The MySecureData company has five branches across the globe. They want
More informationExam Questions AWS-Certified- Developer-Associate
Exam Questions AWS-Certified- Developer-Associate Amazon AWS Certified Developer Associate https://www.2passeasy.com/dumps/aws-certified- Developer-Associate/ 1. When using Amazon SQS how much data can
More informationBuilding a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS
Building a Self-Defending Border Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS www.cloudsec.com #cloudsec Building A Defending Borders Protect Your Web-facing Workloads
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationScaling DreamFactory
Scaling DreamFactory This white paper is designed to provide information to enterprise customers about how to scale a DreamFactory Instance. The sections below talk about horizontal, vertical, and cloud
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationManaging your microservices with Kubernetes and Istio. Craig Box
Managing your microservices with Kubernetes and Istio Craig Box Agenda What is a Service Mesh? How we got here: a story Architecture and details Q&A 2 What is a service mesh? A network for services, not
More informationSaaS Identity and Isolation with Amazon Cognito on the AWS Cloud
SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud Quick Start Reference Deployment Judah Bernstein, Tod Golding, and Santiago Cardenas Amazon Web Services October 2017 Last updated: December
More informationMongoDB in AWS (MongoDB as a DBaaS)
MongoDB in AWS (MongoDB as a DBaaS) Jing Wu Zhang Lu April 2017 Goals Automatically build MongoDB cluster Flexible scaling options Automatically recover from resource failures 2 Utilizing CloudFormation
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationMicroservices mit Java, Spring Boot & Spring Cloud. Eberhard Wolff
Microservices mit Java, Spring Boot & Spring Cloud Eberhard Wolff Fellow @ewolff What are Microservices? Micro Service: Definition > Small > Independent deployment units > i.e. processes or VMs > Any technology
More informationvcloud Automation Center Reference Architecture vcloud Automation Center 5.2
vcloud Automation Center Reference Architecture vcloud Automation Center 5.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationElastic Efficient Execution of Varied Containers. Sharma Podila Nov 7th 2016, QCon San Francisco
Elastic Efficient Execution of Varied Containers Sharma Podila Nov 7th 2016, QCon San Francisco In other words... How do we efficiently run heterogeneous workloads on an elastic pool of heterogeneous resources,
More informationApplication Resilience Engineering and Operations at Netflix. Ben Software Engineer on API Platform at Netflix
Application Resilience Engineering and Operations at Netflix Ben Christensen @benjchristensen Software Engineer on API Platform at Netflix Global deployment spread across data centers in multiple AWS regions.
More informationFAST, FLEXIBLE, RELIABLE SEAMLESSLY ROUTING AND SECURING BILLIONS OF REQUESTS PER MONTH
We help Big Brands, Scale WordPress. WORDPRESS HOSTING MANAGED BY PROFESSIONALS PAGELY, INC pagely.com THE PAGELY ARES APPLICATION GATEWAY FAST, FLEXIBLE, RELIABLE SEAMLESSLY ROUTING AND SECURING BILLIONS
More informationPREPARING FOR DISASTER
PREPARING FOR DISASTER INTEGRATING BCDR PRINCIPLES INTO YOUR DEVOPS PRACTICE Jeremy Heffner SANS Secure DevOps Summit & Training October 2017 CODE SPACES Source: https://arstechnica.com/information-technology/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/
More informationARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS
ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationLevel Up Your CF Apps with Amazon Web Services
Level Up Your CF Apps with Amazon Web Services Brian Klaas bklaas@jhu.edu @brian_klaas Level Up Your CF Apps with Amazon Web Services Brian Klaas bklaas@jhu.edu @brian_klaas Hello Hello Hello Hello Hello
More informationSecurity Overview of the BGI Online Platform
WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra
More informationUsing DC/OS for Continuous Delivery
Using DC/OS for Continuous Delivery DevPulseCon 2017 Elizabeth K. Joseph, @pleia2 Mesosphere 1 Elizabeth K. Joseph, Developer Advocate, Mesosphere 15+ years working in open source communities 10+ years
More informationWe are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info
We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Storage & Database Services : Introduction
More informationDesign and Architecture. Derek Collison
Design and Architecture Derek Collison What is Cloud Foundry? 2 The Open Platform as a Service 3 4 What is PaaS? Or more specifically, apaas? 5 apaas Application Platform as a Service Applications and
More informationThe Guide to Best Practices in PREMIUM ONLINE VIDEO STREAMING
AKAMAI.COM The Guide to Best Practices in PREMIUM ONLINE VIDEO STREAMING PART 3: STEPS FOR ENSURING CDN PERFORMANCE MEETS AUDIENCE EXPECTATIONS FOR OTT STREAMING In this third installment of Best Practices
More informationHow to Deploy an AMI Test Agent in Amazon Web Services
How to Deploy an AMI Test Agent in Amazon Web Services Executive Summary This guide explains how to deploy a Netrounds Test Agent in Amazon EC2 (Elastic Compute Cloud) by launching an AWS instance on which
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal
More informationArcGIS for Server: Administration and Security. Amr Wahba
ArcGIS for Server: Administration and Security Amr Wahba awahba@esri.com Agenda ArcGIS Server architecture Distributing and scaling components Implementing security Monitoring server logs Automating server
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationGoing Serverless. Building Production Applications Without Managing Infrastructure
Going Serverless Building Production Applications Without Managing Infrastructure Objectives of this talk Outline what serverless means Discuss AWS Lambda and its considerations Delve into common application
More informationCloud Computing. Amazon Web Services (AWS)
Cloud Computing What is Cloud Computing? Benefit of cloud computing Overview of IAAS, PAAS, SAAS Types Of Cloud private, public & hybrid Amazon Web Services (AWS) Introduction to Cloud Computing. Introduction
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationUsing AWS to Build a Large Scale Dockerized Microservices Architecture. Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30.
Using AWS to Build a Large Scale Dockerized Microservices Architecture Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30. Juni 2016 The moovel Group GmbH Our vision is an ecosystem that simplifies mobility
More informationTo Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin,
To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry Tony Erwin, aerwin@us.ibm.com Agenda Origins of the Bluemix UI Demons of the Monolith Slaying Demons with
More informationPerformance Case Study
Performance Case Study @Fabian_Frank Yahoo! Search, Engineer Youthmedia.eu, Volunteer A Dynamic Website self-contained App self-contained App self-contained App node v0.4.x multi-core
More informationReactive Microservices Architecture on AWS
Reactive Microservices Architecture on AWS Sascha Möllering Solutions Architect, @sascha242, Amazon Web Services Germany GmbH Why are we here today? https://secure.flickr.com/photos/mgifford/4525333972
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationA Cloud Gateway - A Large Scale Company s First Line of Defense. Mikey Cohen Manager - Edge Gateway Netflix
A Cloud - A Large Scale Company s First Line of Defense Mikey Cohen Manager - Edge Netflix Today, more than 36% of North America s internet traffic is controlled by systems in the Amazon Cloud Global
More informationIstio. A modern service mesh. Louis Ryan Principal
Istio A modern service mesh Louis Ryan Principal Engineer @ Google @louiscryan My Google Career HTTP Reverse Proxy HTTP HTTP2 GRPC Reverse Proxy Reverse Proxy HTTP API Proxy HTTP Control Plane HTTP2 GRPC
More informationHow to use or not use the AWS API Gateway for Microservices
How to use or not use the AWS API Gateway for Microservices Presented by Dr. Martin Merck Wednesday 26 September 2018 What is an API Gateway Traits AWS API Gateway Features of API gateway OAuth2.0 Agenda
More informationAbout Intellipaat. About the Course. Why Take This Course?
About Intellipaat Intellipaat is a fast growing professional training provider that is offering training in over 150 most sought-after tools and technologies. We have a learner base of 600,000 in over
More informationThe Day the DNS Died
The Day the DNS Died Jeremy Blosser, Principal Operations Engineer jblosser@sparkpost.com https://tinyurl.com/spdnstalk 1 Introduction SparkPost, aka Message Systems, is a high-volume, transactional email
More informationPRAGMATIC SECURITY AUTOMATION FOR CLOUD
SESSION ID: CSV-R04 PRAGMATIC SECURITY AUTOMATION FOR CLOUD Rich Mogull Analyst/VP of Product Securosis/DisruptOPS rmogull@disruptops.com @rmogull Cloud is Fundamentally Different Abstraction Automation
More informationWhat Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OS
What Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OS Nathan Shimek - VP of Client Solutions at New Context Dinesh Israin Senior Software Engineer at Portworx
More informationEVCache: Lowering Costs for a Low Latency Cache with RocksDB. Scott Mansfield Vu Nguyen EVCache
EVCache: Lowering Costs for a Low Latency Cache with RocksDB Scott Mansfield Vu Nguyen EVCache 90 seconds What do caches touch? Signing up* Logging in Choosing a profile Picking liked videos
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationAurora, RDS, or On-Prem, Which is right for you
Aurora, RDS, or On-Prem, Which is right for you Kathy Gibbs Database Specialist TAM Katgibbs@amazon.com Santa Clara, California April 23th 25th, 2018 Agenda RDS Aurora EC2 On-Premise Wrap-up/Recommendation
More informationHow we scaled push messaging for millions of Netflix devices. Susheel Aroskar Cloud Gateway
How we scaled push messaging for millions of Netflix devices Susheel Aroskar Cloud Gateway Why do we need push? How I spend my time in Netflix application... What is push? What is push? How you can build
More informationHow to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018
How to Re-Architect without Breaking Stuff (too much) Owen Garrett March 2018 owen@nginx.com All problems in computer science can be solved by another layer of indirection --- David Wheeler, FRS This giant
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationHow the Cloud is Enabling the Disruption of the Construction Industry. AWS Case Study Construction Industry. Abstract
Case Study Construction Industry How the Cloud is Enabling the Disruption of the Construction Industry Abstract A Minfy-architected cloud solution is helping iquippo, a digital marketplace for the construction
More informationCloud Catastrophes. and how to avoid them
Cloud Catastrophes and how to avoid them Who? Mike Haworth Nope Works for: Insomnia Security Bio: Extensive biographical information Extensive biographical information Extensive biographical information
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationWrapp. Powered by AWS EC2 Container Service. Jude D Souza Solutions Wrapp Phone:
Containers @ Wrapp Powered by AWS EC2 Container Service Jude D Souza Solutions Architect @ Wrapp Phone: +46 767085740 Email: jude@wrapp.com About Me Jude D Souza Stockholm, Sweden ß Karachi, Pakistan jude@wrapp.com
More informationAWS 101. Patrick Pierson, IonChannel
AWS 101 Patrick Pierson, IonChannel What is AWS? Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help
More informationMicroservices at Netflix Scale. First Principles, Tradeoffs, Lessons Learned Ruslan
Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg @rusmeshenberg Microservices: all benefits, no costs? Netflix is the world s leading Internet television network
More informationIncident Response and Forensics in your Pyjamas
Incident Response and Forensics in your Pyjamas When security incidents happen, you often have to respond in a hurry to gather forensic data from the resources that were involved. You might need to grab
More informationAmazon Search Services. Christoph Schmitter
Amazon Search Services Christoph Schmitter csc@amazon.de What we'll cover Overview of Amazon Search Services Understand the difference between Cloudsearch and Amazon ElasticSearch Service Q&A Amazon Search
More informationLarge-Scale Web Applications
Large-Scale Web Applications Mendel Rosenblum Web Application Architecture Web Browser Web Server / Application server Storage System HTTP Internet CS142 Lecture Notes - Intro LAN 2 Large-Scale: Scale-Out
More informationOverview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP
Networking in AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationCopyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.
Server 5.0 Copyright 1 Copyright 2018 Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.0 February, 2018 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationEmulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner
Emulating Lambda to speed up development Kevin Epstein CTO CorpInfo AWS Premier Partner What is Lambda? Scalable, Highly Available, Stateless, event driven computing Fully managed runtime environment Python
More informationSAP Vora - AWS Marketplace Production Edition Reference Guide
SAP Vora - AWS Marketplace Production Edition Reference Guide 1. Introduction 2 1.1. SAP Vora 2 1.2. SAP Vora Production Edition in Amazon Web Services 2 1.2.1. Vora Cluster Composition 3 1.2.2. Ambari
More informationLayer-4 to Layer-7 Services
Overview, page 1 Tenant Edge-Firewall, page 1 LBaaS, page 2 FWaaS, page 4 Firewall Configuration, page 6 Overview Layer-4 through Layer-7 services support(s) end-to-end communication between a source and
More informationTetration Cluster Cloud Deployment Guide
First Published: 2017-11-16 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationAWS Solution Architect Associate
AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of
More informationAWS London Loft: CloudFormation Workshop
AWS London Loft: CloudFormation Workshop Templated AWS Resources Tom Maddox Solutions Architect tmaddox@amazon.co.uk Who am I? Gardener (Capacity Planning) Motorcyclist (Agility) Mobile App Writer Problem
More informationHosting Roadmap Upgrades, Improvements and Changes
Hosting Roadmap 2014 Upgrades, Improvements and Changes Objectives First and Foremost : Uptime Denial of Service (DDoS) Attack Mitigation Mitigate Hacking Attempts Eliminate Media Outages (95% of the data)
More informationMicroservices Architekturen aufbauen, aber wie?
Microservices Architekturen aufbauen, aber wie? Constantin Gonzalez, Principal Solutions Architect glez@amazon.de, @zalez 30. Juni 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationEnroll Now to Take online Course Contact: Demo video By Chandra sir
Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc
More informationContainers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture
Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture A Typical Application with Microservices Client Webapp Webapp Webapp Greeting Greeting Greeting Name Name Name Microservice
More informationISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio
ISTIO 1.0 INTRODUCTION & OVERVIEW OpenShift Commons Briefing Brian redbeard Harrington Product Manager, Istio 2018-08-07 PARTY TIME 2018-07-31 Istio hits 1.0!!! ONE STEP CLOSER TO BORING* * http://mcfunley.com/choose-boring-technology
More informationAGENDA Introduction Pivotal Cloud Foundry NSX-V integration with Cloud Foundry New Features in Cloud Foundry Networking NSX-T with Cloud Fou
NET1523BE INTEGRATING NSX AND CLOUD FOUNDRY Usha Ramachandran Staff Product Manager, Pivotal Sai Chaitanya Product Line Manager, VMware VMworld 2017 Content: Not for publication #VMworld AGENDA 1 2 3 4
More informationCloud Security Strategy - Adapt to Changes with Security Automation -
SESSION ID: CMI-F03 Cloud Security Strategy - Adapt to Changes with Security Automation - Hayato Kiriyama Security Solutions Architect Amazon Web Services Japan K.K. @hkiriyam1 Agenda New Normal of Security
More informationCONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS
APACHE MESOS NYC MEETUP SEPTEMBER 22, 2016 CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS WHO WE ARE ROGER IGNAZIO SUNIL SHAH Tech Lead at Mesosphere @rogerignazio Product Manager at Mesosphere @ssk2
More informationAPI Best Practices. Managing APIs holistically across the enterprise
API Best Practices Managing APIs holistically across the enterprise APIs are critical to evolving application architectures Public clouds Microservices Distributed apps μservice μservice μservice μservice
More informationPlanning Resources. vrealize Automation 7.1
vrealize Automation 7.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to
More informationExam Questions AWS-Solution- Architect-Associate
Exam Questions AWS-Solution- Architect-Associate AWS Certified Solutions Architect - Associate https://www.2passeasy.com/dumps/aws-solution- Architect-Associate/ 1. Does DynamoDB support in-place atomic
More information