SlideShare a Scribd company logo

Nginx conference 2015

ING-IT
ING-IT

Bart Warmerdam, Advisory IT Specialist at ING, talks about NGINX.

Software
1 of 58
Download to read offline
Move Over IBM WebSeal and F5 BigIP, Here Comes NGINX 09/23/2015
#nginx #nginxconf 2 Advisory IT Specialist at ING Bank N.V. Bart Warmerdam
Who is ING globally 3
Who is ING in the Netherlands 4
• Bank with diverse software and hardware landscape • Cost driven IT • Traditional software development: design, build, test, implement • Software strategy: buy before build • Middleware strategy: buy • Hardware strategy: appliance History up to 2.5 years ago within ING 5
• Bank with diverse software and hardware landscape • IT and Time-to-Market is important • 60 scrum teams internally working on software • Software strategy: build before buy (a lot of time) • Middleware strategy: buy but… • Hardware strategy: standard scalable stacks From 2.5 years ago up to now 6
Complex IT landscape Task: simplify IT Add missing functionality 7
• Internet facing reverse proxies (IBM TAM WebSeal)  Authenticating proxy  Content caching and compression  Cookie jar functionality • Multiple layers of load balancers (F5 BigIP)  Over data centers  Over nodes in different network zones For all internet facing domains of domestic banking Netherlands Infra structure to replace 8
• Investigate open source software: NGINX or Apache vs IBM WebSeal / F5 • Perform a proof of concept with NGINX for Authentication and Event Publishing • Write a report for deciding architects which concluded after proof of concept:  Replace IBM TAM WebSeal with NGINX using custom modules  Integrate the layers of F5 BigIP’s with NGINX The result “GO!” Now we are more in control then ever. The Plan to Simplify 9
Starting with 10 Load balancer WebSeal Load balancer Tier 1 (dmz) Tier 2 F5 IBM F5 F5 External Authentication Interface Application Application Application 10 Inter Connectivity Cloud (between DC’s)Inter Connectivity Cloud (between DC’s) Policy Mgr LDAP Load Balancer
Working towards 11 Load balancer NGINX Tier 1 (dmz) Tier 2 F5 NGINX External Authentication Interface Application Application Application 11 Inter Connectivity Cloud (between DC’s)Inter Connectivity Cloud (between DC’s)
Control in… 12 • Integrate Authentication and Event Publishing module from PoC Functionality Time-to-Market Operational Monitoring Control
Control in… 13 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality Functionality Time-to-Market Operational Monitoring Control
Control in… 14 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers Functionality Time-to-Market Operational Monitoring Control
Control in… 15 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points Functionality Time-to-Market Operational Monitoring Control
Control in… 16 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline Functionality Time-to-Market Operational Monitoring Control
Control in… 17 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite Functionality Time-to-Market Operational Monitoring Control
Control in… 18 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite • Add Grafana dashboards and Mobile alerts for team dashboards Functionality Time-to-Market Operational Monitoring Control
Control in… 19 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite • Add Grafana dashboards and Mobile alerts for team dashboards • Monitor and report upstream errors to Tivoli Omnibus (MCR) Functionality Time-to-Market Operational Monitoring Control
Control in… 20 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite • Add Grafana dashboards and Mobile alerts for team dashboards • Monitor and report upstream errors to Tivoli Omnibus (MCR) • Make performance data and reports available to all scrum teams Functionality Time-to-Market Operational Monitoring Control
• First step: Integrate into the Continuous Delivery Pipeline • From GIT to production • Second step: Add additional functionality to NGINX • Future roadmap of the NGINX authenticating proxy environment Roll-out planning 21
• Using standard open source tools like: Git, Jenkins, Maven, Nexus, Docker, Valgrind, Python • And closed source tools like Nolio (deployments), Fortify (static source code analysis) First step: integrate in continuous delivery pipeline 22
23 GIT repository
24 Commits on “develop” trigger a build in Jenkins Using an Apache Maven build profile
25 Which builds the project modules
26 By packaging all own modules And add nginx.org source from our Nexus repository And 3rd party source modules from our Nexus repository As a tar.gz file
27 And add the RedHat .spec file
28 To start a Docker build in a CentOS image Which results in an RPM
29 If all Python tests succeed on the binary
30 If all integration test scripts ran successfully All product acceptance scripts ran successfully
31 And all module tests succeed as well
32 Using a Python test framework To easily create test cases for the binary and modules
33 The RPM’s and test results are uploaded to a Nexus Repository Together with Nolio deployment scripts After which Jenkins triggers an automatic Nolio deployment in LCM
34 Each commit in “develop” also starts a Jenkins job that Triggers the Valgrind tests on all modules And emails the results on failures
35 Each commit in “develop” also starts a nightly Jenkins job that Starts a Fortify scan for static source code analysis On all own modules, NGINX code and all 3rd party modules used
36 Releases on “master” trigger a build in Jenkins Using Apache Maven release profile Where versioned artifacts are uploaded to Nexus
37 Configuration releases on “master” trigger a build in Jenkins Where the correct nginx.conf and site information created
38 And SQL is used to create a list of URL endpoints And their module directives
39 Using a maven plugin to create the correct configuration files
40 Using Docker to build a RPM and test all generated configurations
41 So it can be automatically deployed in Nolio in LCM by Jenkins
• LCM DEV + TST environment for internal team tests • DEV + TST for integration tests for all other teams • ACC for pre-production tests Daily load tests using Load Runner & perf. reports using Python, Latex and gnuplot Weekly resilience tests Unplanned Simian Army tests Run “perf” tests for NGINX profiling (if a change requires it) Penetration and security tests • Multiple PRD environments in different data centers Replaced all IBM WebSeal reverse proxies with NGINX Starting to replace all F5 BigIP internal load balancers with NGINX load balancer module The result… 42
• Using “perf” we analyzed the binary under load ~500 URI/sec Optimizing the result 43 Number 1, 3, 8,11 is GZIP compression Number 2 is memset => hard to pinpoint since generic use Number 4 is network driver => cannot change Number 5 is cookie header parsing, triggered by our code Number 6 is OS Number 7 is Kafka CRC32 code Number 9 is memcpy => hard to pinpoint since generic use Number 10 is cause by the audit system => cannot change Number 20 first own method listed
• GZIP is expensive on the CPU, use optimized libraries when possible • Use static linking when replacing the patched library cannot be done on target machine • Two patches available, from Intel and Cloudflare Compression level 5 Source: https://www.snellman.net/blog/archive/2014-08-04-comparison-of-intel-and-cloudflare-zlib-patches.html Include optimized libraries 44
• Some libraries are not available on the target machine (Kafka, MaxMind, Protobuf) • Some libraries are too old on target machine (PCRE3 – for JIT) • CPU optimized versions are added in the Docker image and statically linked Patching libraries for performance 45
• Our five most important home-made modules Cookie jar module – store Set-Cookie operations in reverse proxy WebSeal module – Authentication module based on Extended Authentication Interface (EAI) Kafka module – Send Event Messages from proxy layer to other systems Load balancing – Rule based upstream use, allow dynamic service discovery Monitoring module – Monitor application use and system resource usage Second step: Add additional functionality to NGINX 46
• Uses two levels of RB Trees to store state • Highly configurable • Use timers for automatic expiration and cleanup • Use shared memory to share state between workers Cookie jar module 47
• Uses a RB Trees to store session state • Allows access on different policies (fine or coarse grained) • Use timers for automatic expiration and cleanup • Use shared memory to share state between workers • Implement the EAI interface to allow gradual migration WebSeal module 48
• Publish Events for monitoring and error analysis • Highly configurable using a separate json config file • Fast and asynchronous to avoid processing overhead Event Publishing (Kafka) module 49
• Use specific upstream servers based on rules (e.g. confidence test) • Allow static load balancing over data centers for stateful applications • Allow TCP connection re-use, using pools • Integration with monitoring module to allow monitoring via MCR Load balancing module 50
• Read variables from other modules to monitor • Create and expose variables with system resources to monitor • Use UDP or TCP to transfer monitor data to Graphite • Integration with Tivoli Omnibus to allow monitoring via MCR Monitoring module 51
Monitoring example 52
• Add WAF modules • Fully implement dynamic service discovery to dynamically add/remove URI’s and upstream servers • Implement cross datacenter persistency for cookie jar Future roadmap of the NGINX authenticating proxy environment 53
• Remove manual work in development and testing ASAP • NGINX has a lot of configuration optimization possibilities TCP Socket/TCP options, caching, connection re-use, JIT, Threads, upstream zone, buffer settings, timeouts • In own modules Use Shared Memory for Session State (if needed), RB Trees, Thread pools, Timers and the event queue Use atomic reference counter over shared mutex locks if possible Use variables to pass data between modules • In NGINX modules Compression on content is CPU expensive! Cookie lookups in modules are potentially CPU expensive CRC32 is potentially CPU expensive If using symmetric crypto, use types supported by the CPU (EAS-NI), like EAS GCM/CTR Lessons learned so far… 54
• Older stack require more work to fully use all configurations Recompiled new GCC C-compiler for strong stack protector and CPU optimization options Recompiled libz and static link for latest version and add Intel performance patches Recompiled libpcre and static link for latest version for JIT, and use CPU optimize flags Recompiled other libs which are not present in RHEL and use CPU optimize flags • Make monitoring highly configurable per site and fine-tune over time • Use good monitoring dashboards Combination of Graphite and Grafana works very well Test which log data in error.log is required for good root-cause-analysis if an error occurs • Take enough time to test Performance tests under stress load with tools like “perf” give a lot of insight Invest enough time in resilience tests and what key data is needed to monitor your system All code which involves shared memory, locks, timers and configuration reloads take more time to get right Lessons learned so far… 55
And… NGINX is very fast, very efficiently coded and extremely fun to program for! Lessons learned so far… 56
Questions?? E-mail: bart.warmerdam@ing.nl And... 57
The opinions expressed in this publication are based on information gathered by ING and on sources that ING deems reliable. This data has been processed with care in our analyses. Neither ING nor employees of the bank can be held liable for any inaccuracies in this publication. No rights can be derived from the information given. ING accepts no liability whatsoever for the content of the publication or for information offered on or via the sites. Author rights and data protection rights apply to this publication. Nothing in this publication may be reproduced, distributed or published without explicit mention of ING as the source of this information. The user of this information is obliged ot abide byb ING's instructions relating to the use of this information. Dutch law applies. www.ing.com Disclaimer 58

Recommended

Websockets: Pushing the web forward
Websockets: Pushing the web forwardWebsockets: Pushing the web forward
Websockets: Pushing the web forward
Mark Roden
 
Build Your Own SaaS using Docker
Build Your Own SaaS using DockerBuild Your Own SaaS using Docker
Build Your Own SaaS using Docker
Julien Barbier
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTR
Docker, Inc.
 
OpenShift for Java EE Developers
OpenShift for Java EE DevelopersOpenShift for Java EE Developers
OpenShift for Java EE Developers
Markus Eisele
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013
aspyker
 
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Docker, Inc.
 
Provisioning Servers Made Easy
Provisioning Servers Made EasyProvisioning Servers Made Easy
Provisioning Servers Made Easy
All Things Open
 
Deploying OpenStack Using Docker in Production
Deploying OpenStack Using Docker in ProductionDeploying OpenStack Using Docker in Production
Deploying OpenStack Using Docker in Production
clayton_oneill
 

Recommended

Websockets: Pushing the web forward
Websockets: Pushing the web forwardWebsockets: Pushing the web forward
Websockets: Pushing the web forward
Mark Roden
 
Build Your Own SaaS using Docker
Build Your Own SaaS using DockerBuild Your Own SaaS using Docker
Build Your Own SaaS using Docker
Julien Barbier
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTR
Docker, Inc.
 
OpenShift for Java EE Developers
OpenShift for Java EE DevelopersOpenShift for Java EE Developers
OpenShift for Java EE Developers
Markus Eisele
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013
aspyker
 
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Docker, Inc.
 
Provisioning Servers Made Easy
Provisioning Servers Made EasyProvisioning Servers Made Easy
Provisioning Servers Made Easy
All Things Open
 
Deploying OpenStack Using Docker in Production
Deploying OpenStack Using Docker in ProductionDeploying OpenStack Using Docker in Production
Deploying OpenStack Using Docker in Production
clayton_oneill
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
Docker, Inc.
 
Your Auto-Scaling Bot - Volkan Tufecki
Your Auto-Scaling Bot - Volkan TufeckiYour Auto-Scaling Bot - Volkan Tufecki
Your Auto-Scaling Bot - Volkan Tufecki
Docker, Inc.
 
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy
Amazon Web Services
 
Introduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes TrainingIntroduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes Training
Shailendra Chauhan
 
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMwarePhoton Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Docker, Inc.
 
Structured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, AccentureStructured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, Accenture
Docker, Inc.
 
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java ApplicationsAutomating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Jelastic Multi-Cloud PaaS
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
Dmitry Skaredov
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
Continuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & KontenaContinuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & Kontena
Jussi Nummelin
 
fabric8 ... and Docker, Kubernetes & OpenShift
fabric8 ... and Docker, Kubernetes & OpenShiftfabric8 ... and Docker, Kubernetes & OpenShift
fabric8 ... and Docker, Kubernetes & OpenShift
roland.huss
 
All the troubles you get into when setting up a production ready Kubernetes c...
All the troubles you get into when setting up a production ready Kubernetes c...All the troubles you get into when setting up a production ready Kubernetes c...
All the troubles you get into when setting up a production ready Kubernetes c...
Jimmy Lu
 
Docker on AWS - the Right Way
Docker on AWS - the Right WayDocker on AWS - the Right Way
Docker on AWS - the Right Way
AllCloud
 
Docker With Asp.net Core
Docker With Asp.net CoreDocker With Asp.net Core
Docker With Asp.net Core
Fatih Şimşek
 
How (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSHow (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaS
Ryan Crawford
 
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with DockerThe Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
Elton Stoneman
 
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Henning Jacobs
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
Docker, Inc.
 
Understanding the Docker ecosystem
Understanding the Docker ecosystemUnderstanding the Docker ecosystem
Understanding the Docker ecosystem
Kiratech
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of Containers
Kel Cecil
 
NGINX High-performance Caching
NGINX High-performance CachingNGINX High-performance Caching
NGINX High-performance Caching
NGINX, Inc.
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.
Harish S
 

More Related Content

What's hot

Photon Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMwarePhoton Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Docker, Inc.
 
Structured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, AccentureStructured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, Accenture
Docker, Inc.
 
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java ApplicationsAutomating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Jelastic Multi-Cloud PaaS
 
All the troubles you get into when setting up a production ready Kubernetes c...
All the troubles you get into when setting up a production ready Kubernetes c...All the troubles you get into when setting up a production ready Kubernetes c...
All the troubles you get into when setting up a production ready Kubernetes c...
Jimmy Lu
 
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Henning Jacobs
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
Docker, Inc.
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of Containers
Kel Cecil
 

What's hot (20)

DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
 
Your Auto-Scaling Bot - Volkan Tufecki
Your Auto-Scaling Bot - Volkan TufeckiYour Auto-Scaling Bot - Volkan Tufecki
Your Auto-Scaling Bot - Volkan Tufecki
 
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeploy
 
Introduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes TrainingIntroduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes Training
 
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMwarePhoton Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMware
 
Structured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, AccentureStructured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, Accenture
 
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java ApplicationsAutomating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
 
Continuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & KontenaContinuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & Kontena
 
fabric8 ... and Docker, Kubernetes & OpenShift
fabric8 ... and Docker, Kubernetes & OpenShiftfabric8 ... and Docker, Kubernetes & OpenShift
fabric8 ... and Docker, Kubernetes & OpenShift
 
All the troubles you get into when setting up a production ready Kubernetes c...
All the troubles you get into when setting up a production ready Kubernetes c...All the troubles you get into when setting up a production ready Kubernetes c...
All the troubles you get into when setting up a production ready Kubernetes c...
 
Docker on AWS - the Right Way
Docker on AWS - the Right WayDocker on AWS - the Right Way
Docker on AWS - the Right Way
 
Docker With Asp.net Core
Docker With Asp.net CoreDocker With Asp.net Core
Docker With Asp.net Core
 
How (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSHow (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaS
 
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with DockerThe Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
 
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
Large Scale Kubernetes on AWS at Europe's Leading Online Fashion Platform - A...
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
 
Understanding the Docker ecosystem
Understanding the Docker ecosystemUnderstanding the Docker ecosystem
Understanding the Docker ecosystem
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of Containers
 

Viewers also liked

Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.
Harish S
 
Introducing Scala in your existing Java project
Introducing Scala in your existing Java projectIntroducing Scala in your existing Java project
Introducing Scala in your existing Java project
ING-IT
 
Exploiting hotel Cassandra
Exploiting hotel CassandraExploiting hotel Cassandra
Exploiting hotel Cassandra
ING-IT
 
Nginx深度開發與客制化
Nginx深度開發與客制化Nginx深度開發與客制化
Nginx深度開發與客制化
Joshua Zhu
 
Transforming to OpenStack: a sample roadmap to DevOps
Transforming to OpenStack: a sample roadmap to DevOpsTransforming to OpenStack: a sample roadmap to DevOps
Transforming to OpenStack: a sample roadmap to DevOps
Nicolas (Nick) Barcet
 
Supercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSupercharging Content Delivery with Varnish
Supercharging Content Delivery with Varnish
Samantha Quiñones
 
Cassandra at ING - There and back again
Cassandra at ING - There and back againCassandra at ING - There and back again
Cassandra at ING - There and back again
ING-IT
 

Viewers also liked (20)

NGINX High-performance Caching
NGINX High-performance CachingNGINX High-performance Caching
NGINX High-performance Caching
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.
 
OpenStack Summit Vancouver: Lessons learned on upgrades
OpenStack Summit Vancouver: Lessons learned on upgradesOpenStack Summit Vancouver: Lessons learned on upgrades
OpenStack Summit Vancouver: Lessons learned on upgrades
 
Build a Basic Cloud Using RDO-manager
Build a Basic Cloud Using RDO-managerBuild a Basic Cloud Using RDO-manager
Build a Basic Cloud Using RDO-manager
 
Introducing Scala in your existing Java project
Introducing Scala in your existing Java projectIntroducing Scala in your existing Java project
Introducing Scala in your existing Java project
 
RPM Factory for RDO
RPM Factory for RDORPM Factory for RDO
RPM Factory for RDO
 
Exploiting hotel Cassandra
Exploiting hotel CassandraExploiting hotel Cassandra
Exploiting hotel Cassandra
 
Open whisk quick start guide
Open whisk quick start guideOpen whisk quick start guide
Open whisk quick start guide
 
Nginx深度開發與客制化
Nginx深度開發與客制化Nginx深度開發與客制化
Nginx深度開發與客制化
 
Transforming to OpenStack: a sample roadmap to DevOps
Transforming to OpenStack: a sample roadmap to DevOpsTransforming to OpenStack: a sample roadmap to DevOps
Transforming to OpenStack: a sample roadmap to DevOps
 
Elastic{on} - Tracking of events within ING
Elastic{on} - Tracking of events within INGElastic{on} - Tracking of events within ING
Elastic{on} - Tracking of events within ING
 
Supercharging Content Delivery with Varnish
Supercharging Content Delivery with VarnishSupercharging Content Delivery with Varnish
Supercharging Content Delivery with Varnish
 
Varnish Cache and its usage in the real world!
Varnish Cache and its usage in the real world!Varnish Cache and its usage in the real world!
Varnish Cache and its usage in the real world!
 
Webinar usando graylog para la gestión centralizada de logs
Webinar usando graylog para la gestión centralizada de logsWebinar usando graylog para la gestión centralizada de logs
Webinar usando graylog para la gestión centralizada de logs
 
Cassandra at ING - There and back again
Cassandra at ING - There and back againCassandra at ING - There and back again
Cassandra at ING - There and back again
 
Varnish Configuration Step by Step
Varnish Configuration Step by StepVarnish Configuration Step by Step
Varnish Configuration Step by Step
 
Caching
CachingCaching
Caching
 
Red hat lvm cheatsheet
Red hat lvm cheatsheetRed hat lvm cheatsheet
Red hat lvm cheatsheet
 
ITIL and DEVOPS can be friends
ITIL and DEVOPS can be friendsITIL and DEVOPS can be friends
ITIL and DEVOPS can be friends
 
Introduction openstack-meetup-nov-28
Introduction openstack-meetup-nov-28Introduction openstack-meetup-nov-28
Introduction openstack-meetup-nov-28
 

Similar to Nginx conference 2015

Symfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim RomanovskySymfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim Romanovsky
php-user-group-minsk
 
Continuous Delivery Applied (Agile Richmond)
Continuous Delivery Applied (Agile Richmond)Continuous Delivery Applied (Agile Richmond)
Continuous Delivery Applied (Agile Richmond)
Mike McGarr
 
Cloudstack Continuous Delivery
Cloudstack Continuous DeliveryCloudstack Continuous Delivery
Cloudstack Continuous Delivery
buildacloud
 
Continuous Delivery Applied (AgileDC)
Continuous Delivery Applied (AgileDC)Continuous Delivery Applied (AgileDC)
Continuous Delivery Applied (AgileDC)
Mike McGarr
 
Microservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing MicroservicesMicroservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing Microservices
QAware GmbH
 

Similar to Nginx conference 2015 (20)

Integration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob DaviesIntegration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob Davies
 
CV_RishabhDixit
CV_RishabhDixitCV_RishabhDixit
CV_RishabhDixit
 
Pivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformPivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platform
 
Continuous Delivery: releasing Better and Faster at Dashlane
Continuous Delivery: releasing Better and Faster at DashlaneContinuous Delivery: releasing Better and Faster at Dashlane
Continuous Delivery: releasing Better and Faster at Dashlane
 
Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...
 
Symfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim RomanovskySymfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim Romanovsky
 
Mainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live DataMainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live Data
 
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
 
Continuous Delivery Applied
Continuous Delivery AppliedContinuous Delivery Applied
Continuous Delivery Applied
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack Summit
 
Continuous Delivery Applied
Continuous Delivery AppliedContinuous Delivery Applied
Continuous Delivery Applied
 
Continuous Delivery Applied (Agile Richmond)
Continuous Delivery Applied (Agile Richmond)Continuous Delivery Applied (Agile Richmond)
Continuous Delivery Applied (Agile Richmond)
 
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Continuous Integration at Mollie
Continuous Integration at MollieContinuous Integration at Mollie
Continuous Integration at Mollie
 
Webinar June 2017 l Apica LoadTest to compliment HP Loadrunner
Webinar June 2017 l Apica LoadTest to compliment HP LoadrunnerWebinar June 2017 l Apica LoadTest to compliment HP Loadrunner
Webinar June 2017 l Apica LoadTest to compliment HP Loadrunner
 
Cloudstack Continuous Delivery
Cloudstack Continuous DeliveryCloudstack Continuous Delivery
Cloudstack Continuous Delivery
 
Continuous Delivery Applied (AgileDC)
Continuous Delivery Applied (AgileDC)Continuous Delivery Applied (AgileDC)
Continuous Delivery Applied (AgileDC)
 
Microservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing MicroservicesMicroservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing Microservices
 
Docker12 factor
Docker12 factorDocker12 factor
Docker12 factor
 

Recently uploaded

How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 

Nginx conference 2015

  • 1. Move Over IBM WebSeal and F5 BigIP, Here Comes NGINX 09/23/2015
  • 2. #nginx #nginxconf 2 Advisory IT Specialist at ING Bank N.V. Bart Warmerdam
  • 3. Who is ING globally 3
  • 4. Who is ING in the Netherlands 4
  • 5. • Bank with diverse software and hardware landscape • Cost driven IT • Traditional software development: design, build, test, implement • Software strategy: buy before build • Middleware strategy: buy • Hardware strategy: appliance History up to 2.5 years ago within ING 5
  • 6. • Bank with diverse software and hardware landscape • IT and Time-to-Market is important • 60 scrum teams internally working on software • Software strategy: build before buy (a lot of time) • Middleware strategy: buy but… • Hardware strategy: standard scalable stacks From 2.5 years ago up to now 6
  • 7. Complex IT landscape Task: simplify IT Add missing functionality 7
  • 8. • Internet facing reverse proxies (IBM TAM WebSeal)  Authenticating proxy  Content caching and compression  Cookie jar functionality • Multiple layers of load balancers (F5 BigIP)  Over data centers  Over nodes in different network zones For all internet facing domains of domestic banking Netherlands Infra structure to replace 8
  • 9. • Investigate open source software: NGINX or Apache vs IBM WebSeal / F5 • Perform a proof of concept with NGINX for Authentication and Event Publishing • Write a report for deciding architects which concluded after proof of concept:  Replace IBM TAM WebSeal with NGINX using custom modules  Integrate the layers of F5 BigIP’s with NGINX The result “GO!” Now we are more in control then ever. The Plan to Simplify 9
  • 10. Starting with 10 Load balancer WebSeal Load balancer Tier 1 (dmz) Tier 2 F5 IBM F5 F5 External Authentication Interface Application Application Application 10 Inter Connectivity Cloud (between DC’s)Inter Connectivity Cloud (between DC’s) Policy Mgr LDAP Load Balancer
  • 11. Working towards 11 Load balancer NGINX Tier 1 (dmz) Tier 2 F5 NGINX External Authentication Interface Application Application Application 11 Inter Connectivity Cloud (between DC’s)Inter Connectivity Cloud (between DC’s)
  • 12. Control in… 12 • Integrate Authentication and Event Publishing module from PoC Functionality Time-to-Market Operational Monitoring Control
  • 13. Control in… 13 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality Functionality Time-to-Market Operational Monitoring Control
  • 14. Control in… 14 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers Functionality Time-to-Market Operational Monitoring Control
  • 15. Control in… 15 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points Functionality Time-to-Market Operational Monitoring Control
  • 16. Control in… 16 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline Functionality Time-to-Market Operational Monitoring Control
  • 17. Control in… 17 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite Functionality Time-to-Market Operational Monitoring Control
  • 18. Control in… 18 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite • Add Grafana dashboards and Mobile alerts for team dashboards Functionality Time-to-Market Operational Monitoring Control
  • 19. Control in… 19 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite • Add Grafana dashboards and Mobile alerts for team dashboards • Monitor and report upstream errors to Tivoli Omnibus (MCR) Functionality Time-to-Market Operational Monitoring Control
  • 20. Control in… 20 • Integrate Authentication and Event Messaging module from PoC • Add missing cookie jar functionality • Add load balancing persistency over data centers • Add dynamic service discovery so teams can self-service end points • Integrate existing (Java) Continuous Delivery Pipeline • Monitor system resource usages and errors to Graphite • Add Grafana dashboards and Mobile alerts for team dashboards • Monitor and report upstream errors to Tivoli Omnibus (MCR) • Make performance data and reports available to all scrum teams Functionality Time-to-Market Operational Monitoring Control
  • 21. • First step: Integrate into the Continuous Delivery Pipeline • From GIT to production • Second step: Add additional functionality to NGINX • Future roadmap of the NGINX authenticating proxy environment Roll-out planning 21
  • 22. • Using standard open source tools like: Git, Jenkins, Maven, Nexus, Docker, Valgrind, Python • And closed source tools like Nolio (deployments), Fortify (static source code analysis) First step: integrate in continuous delivery pipeline 22
  • 24. 24 Commits on “develop” trigger a build in Jenkins Using an Apache Maven build profile
  • 25. 25 Which builds the project modules
  • 26. 26 By packaging all own modules And add nginx.org source from our Nexus repository And 3rd party source modules from our Nexus repository As a tar.gz file
  • 27. 27 And add the RedHat .spec file
  • 28. 28 To start a Docker build in a CentOS image Which results in an RPM
  • 29. 29 If all Python tests succeed on the binary
  • 30. 30 If all integration test scripts ran successfully All product acceptance scripts ran successfully
  • 31. 31 And all module tests succeed as well
  • 32. 32 Using a Python test framework To easily create test cases for the binary and modules
  • 33. 33 The RPM’s and test results are uploaded to a Nexus Repository Together with Nolio deployment scripts After which Jenkins triggers an automatic Nolio deployment in LCM
  • 34. 34 Each commit in “develop” also starts a Jenkins job that Triggers the Valgrind tests on all modules And emails the results on failures
  • 35. 35 Each commit in “develop” also starts a nightly Jenkins job that Starts a Fortify scan for static source code analysis On all own modules, NGINX code and all 3rd party modules used
  • 36. 36 Releases on “master” trigger a build in Jenkins Using Apache Maven release profile Where versioned artifacts are uploaded to Nexus
  • 37. 37 Configuration releases on “master” trigger a build in Jenkins Where the correct nginx.conf and site information created
  • 38. 38 And SQL is used to create a list of URL endpoints And their module directives
  • 39. 39 Using a maven plugin to create the correct configuration files
  • 40. 40 Using Docker to build a RPM and test all generated configurations
  • 41. 41 So it can be automatically deployed in Nolio in LCM by Jenkins
  • 42. • LCM DEV + TST environment for internal team tests • DEV + TST for integration tests for all other teams • ACC for pre-production tests Daily load tests using Load Runner & perf. reports using Python, Latex and gnuplot Weekly resilience tests Unplanned Simian Army tests Run “perf” tests for NGINX profiling (if a change requires it) Penetration and security tests • Multiple PRD environments in different data centers Replaced all IBM WebSeal reverse proxies with NGINX Starting to replace all F5 BigIP internal load balancers with NGINX load balancer module The result… 42
  • 43. • Using “perf” we analyzed the binary under load ~500 URI/sec Optimizing the result 43 Number 1, 3, 8,11 is GZIP compression Number 2 is memset => hard to pinpoint since generic use Number 4 is network driver => cannot change Number 5 is cookie header parsing, triggered by our code Number 6 is OS Number 7 is Kafka CRC32 code Number 9 is memcpy => hard to pinpoint since generic use Number 10 is cause by the audit system => cannot change Number 20 first own method listed
  • 44. • GZIP is expensive on the CPU, use optimized libraries when possible • Use static linking when replacing the patched library cannot be done on target machine • Two patches available, from Intel and Cloudflare Compression level 5 Source: https://www.snellman.net/blog/archive/2014-08-04-comparison-of-intel-and-cloudflare-zlib-patches.html Include optimized libraries 44
  • 45. • Some libraries are not available on the target machine (Kafka, MaxMind, Protobuf) • Some libraries are too old on target machine (PCRE3 – for JIT) • CPU optimized versions are added in the Docker image and statically linked Patching libraries for performance 45
  • 46. • Our five most important home-made modules Cookie jar module – store Set-Cookie operations in reverse proxy WebSeal module – Authentication module based on Extended Authentication Interface (EAI) Kafka module – Send Event Messages from proxy layer to other systems Load balancing – Rule based upstream use, allow dynamic service discovery Monitoring module – Monitor application use and system resource usage Second step: Add additional functionality to NGINX 46
  • 47. • Uses two levels of RB Trees to store state • Highly configurable • Use timers for automatic expiration and cleanup • Use shared memory to share state between workers Cookie jar module 47
  • 48. • Uses a RB Trees to store session state • Allows access on different policies (fine or coarse grained) • Use timers for automatic expiration and cleanup • Use shared memory to share state between workers • Implement the EAI interface to allow gradual migration WebSeal module 48
  • 49. • Publish Events for monitoring and error analysis • Highly configurable using a separate json config file • Fast and asynchronous to avoid processing overhead Event Publishing (Kafka) module 49
  • 50. • Use specific upstream servers based on rules (e.g. confidence test) • Allow static load balancing over data centers for stateful applications • Allow TCP connection re-use, using pools • Integration with monitoring module to allow monitoring via MCR Load balancing module 50
  • 51. • Read variables from other modules to monitor • Create and expose variables with system resources to monitor • Use UDP or TCP to transfer monitor data to Graphite • Integration with Tivoli Omnibus to allow monitoring via MCR Monitoring module 51
  • 53. • Add WAF modules • Fully implement dynamic service discovery to dynamically add/remove URI’s and upstream servers • Implement cross datacenter persistency for cookie jar Future roadmap of the NGINX authenticating proxy environment 53
  • 54. • Remove manual work in development and testing ASAP • NGINX has a lot of configuration optimization possibilities TCP Socket/TCP options, caching, connection re-use, JIT, Threads, upstream zone, buffer settings, timeouts • In own modules Use Shared Memory for Session State (if needed), RB Trees, Thread pools, Timers and the event queue Use atomic reference counter over shared mutex locks if possible Use variables to pass data between modules • In NGINX modules Compression on content is CPU expensive! Cookie lookups in modules are potentially CPU expensive CRC32 is potentially CPU expensive If using symmetric crypto, use types supported by the CPU (EAS-NI), like EAS GCM/CTR Lessons learned so far… 54
  • 55. • Older stack require more work to fully use all configurations Recompiled new GCC C-compiler for strong stack protector and CPU optimization options Recompiled libz and static link for latest version and add Intel performance patches Recompiled libpcre and static link for latest version for JIT, and use CPU optimize flags Recompiled other libs which are not present in RHEL and use CPU optimize flags • Make monitoring highly configurable per site and fine-tune over time • Use good monitoring dashboards Combination of Graphite and Grafana works very well Test which log data in error.log is required for good root-cause-analysis if an error occurs • Take enough time to test Performance tests under stress load with tools like “perf” give a lot of insight Invest enough time in resilience tests and what key data is needed to monitor your system All code which involves shared memory, locks, timers and configuration reloads take more time to get right Lessons learned so far… 55
  • 56. And… NGINX is very fast, very efficiently coded and extremely fun to program for! Lessons learned so far… 56
  • 58. The opinions expressed in this publication are based on information gathered by ING and on sources that ING deems reliable. This data has been processed with care in our analyses. Neither ING nor employees of the bank can be held liable for any inaccuracies in this publication. No rights can be derived from the information given. ING accepts no liability whatsoever for the content of the publication or for information offered on or via the sites. Author rights and data protection rights apply to this publication. Nothing in this publication may be reproduced, distributed or published without explicit mention of ING as the source of this information. The user of this information is obliged ot abide byb ING's instructions relating to the use of this information. Dutch law applies. www.ing.com Disclaimer 58