Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing the Cloud Native Stack

You can learn more about The Trusted Cloud Platform at: https://www.apcera.com/

  • Login to see the comments

Securing the Cloud Native Stack

  1. 1. Apcera Confidential Hector Tapia Principal Solutions Consultant Securing the Cloud-Native Stack
  2. 2. Software as a competitive advantage Lots of people talk about these companies and use them as examples on how innovation disrupts the marketplace • What does this innovative companies have in common? • Speed of innovation • Always-available services • Web Scale • Device-centric user experiences • Recover from failures quick Cloud-native application architectures are key to enable the business model that allowed these companies to obtain their disruptive character. 2
  3. 3. Why Cloud-Native Application Architectures? Speed Safety Scale
  4. 4. Cloud Native Applications are Architected Differently Two common examples of Cloud-Native Applications are: Twelve-factor Applications & MicroServices • Every integrationpoint will eventually fail one time or another • Be prepared to handle all kind of failures • All functionality is publishedand consumed via Web Services • Designedfor Scale Out • Break down the task, process requests asynchronously • Use messaging to decouple functionality • Eventual consistency model • Build stateless services that can be scaled out and load balancedStateless Model Asynchronous Processing Horizontal Scalability Handling Failures Services Two common examples of Cloud-Native Applications are: Twelve-factor Applications & MicroServices 4
  5. 5. • Codebase: One codebase tracked in revision control,many deploys • Dependencies: Explicitly declare and isolate dependencies • Config: Store config in the environment • Backing Services: Treat backing services as attached resources • Build, release, run: Strictly separate build and run stages • Processes: Execute the app as one or more stateless processes • Port Binding: Export services via port binding • Concurrency:Scale out via a process model • Disposability: Maximize robustness with fast startup and graceful shutdown • Dev/Prod parity: Keep development, staging, and productionas similar as possible • Logs: Treat logs as event streams • Admin processes: Run admin/managementtasks as one-off process The twelve-factor app is a collection of patterns for Cloud-Native Application Architectures 5
  6. 6. 6 MicroServices Is a way of designing software applications as suites of independently deployable services Wall-E CopyrightDisney/Pixar
  7. 7. • New requirements for Developers and Operations • Fast, tested, fail safe, small changes continuously deployed to production • Measure, share visibility and provide feedback of users to business, continuously. • Small experiments, test assumptions, fail fast and learn! How to get Cloud-Native? 7
  8. 8. 8 Most build software for Innovation and Differentiation 75% By 2020, 75% of Application Purchases supporting digital business will be “Build”, not “Buy”. Forecast Analysis: Enterprise Application Software, Worldwide, 2Q15 Update
  9. 9. But innovation doesn’t come without risk Recent Hack Attacks 9
  10. 10. Programing languages frameworks and libraries that comprise applications Code deployment pipelines, automation and configuration management frameworks, container and infrastructure management Tools which automatically run and manage jobs, containers and hosts in a cluster Tools enabling an application or service to discover information about its environment and other components needed to form a larger system Specification and execution engine for operating system level virtualization for running multiple isolated Linux systems Lightweight operating system to manage compute resources necessary to deploy application in containers Emulated physical compute, network and storage resources that are the basis for Cloud-based architectures Physical servers, switches, routers and storage arrays that occupy the Datacenter Code Workflow / Management Orchestration: Scheduling & Cluster Management Service Discovery Container Engine Minimal OS Virtual Infrastructure Physical Infrastructure Tools Infrastructure { { The Cloud-Native Stack - Taxonomy 10
  11. 11. Programing languages frameworks and libraries that comprise applications Code deployment pipelines, automation and configuration management frameworks, container and infrastructure management Tools which automatically run and manage jobs, containers and hosts in a cluster Tools enabling an application or service to discover information about its environment and other components needed to form a larger system Specification and execution engine for operating system level virtualization for running multiple isolated Linux systems Lightweight operating system to manage compute resources necessary to deploy application in containers Emulated physical compute, network and storage resources that are the basis for Cloud-based architectures Physical servers, switches, routers and storage arrays that occupy the Datacenter Code Workflow / Management Orchestration: Scheduling & Cluster Management Service Discovery Container Engine Minimal OS Virtual Infrastructure Physical Infrastructure The Cloud-Native Stack - Where it has to be secured? • Authentication mechanism • Policy changes • Resource usage (Memory, CPU, IO) • Networking (Ingress & Egress) • Service user • Data use • Staging pipelines • Package selection • Execution location • Workload deployment and changes How Much { Who { What { Which { Where { 11
  12. 12. Not everybody is ready, not everything is Cloud-Native Cloud Native Originated in Customer-facing Tech Companies 12 Customer-Facing Tech • Spend 20%+ of revenue on R&D • Employ highly paid developers • Internet-scale • Technology is their business Traditional Enterprises • Spend 2-4% of revenue on R&D • Employ “normal” people • Enterprise-scale • Thousands of apps • Technology seen as a tax
  13. 13. There are many places in the New Cloud Native Architecture where Governance is needed Load Balancer HTTP/S & TCP Router Order Management UI Browse Products UI Account Management UI Checkout UI Customer Profile Service Catalog Service Order Service Payment Service DB DB ESB / ETL 13
  14. 14. There are many places in the New Cloud Native Architecture where Governance is needed Load Balancer HTTP/S & TCP Router Order Management UI Browse Products UI Account Management UI Checkout UI Customer Profile Service Catalog Service Order Service Payment Service DB DB ESB / ETL What Users and IP addresses can come into the Cluster? What Packages can be used to deploy to Production? What Docker images can be used? What Repositories? What workload can communicate with other workloads? Which workloads can egress? What external services? What services can the workload bind to? What resources can each workload have? Where can they be scheduled? 14
  15. 15. apcera.com nats.io kurma.io docs.apcera.com We are hiring!

×