In this talk, Docker’s Jérôme Petazzoni offers best practices on keeping application containers simple and lean, while retaining the robust libraries and features required to run stable production environments.
Linux Container Brief for IEEE WG P2302Boden Russell
A brief into to Linux Containers presented to IEEE working group P2302 (InterCloud standards and portability). This deck covers:
- Definitions and motivations for containers
- Container technology stack
- Containers vs Hypervisor VMs
- Cgroups
- Namespaces
- Pivot root vs chroot
- Linux Container image basics
- Linux Container security topics
- Overview of Linux Container tooling functionality
- Thoughts on container portability and runtime configuration
- Container tooling in the industry
- Container gaps
- Sample use cases for traditional VMs
Overall, a bulk of this deck is covered in other material I have posted here. However there are a few new slides in this deck, most notability some thoughts on container portability and runtime config.
Docker storage drivers by Jérôme PetazzoniDocker, Inc.
The first release of Docker only supported AUFS, and AUFS was available (out of the box) only on Debian and Ubuntu kernel. Then Red Hat wanted Docker to run on its distros, and contributed the Device Mapper driver, and later the BTRFS driver, and recently the overlayfs driver.
Jérôme presents how those drivers compare from a high-level perspective, explaining their pros and cons.
Then he showed each driver in action, and look at low-level implementation details. We won't dive into the golang implementation code itself, but we will explain the concepts of each driver. This will help to better understand how they work, and give some hints when it comes to troubleshoot their behaviour.
KVM and docker LXC Benchmarking with OpenStackBoden Russell
Passive benchmarking with docker LXC and KVM using OpenStack hosted in SoftLayer. These results provide initial incite as to why LXC as a technology choice offers benefits over traditional VMs and seek to provide answers as to the typical initial LXC question -- "why would I consider Linux Containers over VMs" from a performance perspective.
Results here provide insight as to:
- Cloudy ops times (start, stop, reboot) using OpenStack.
- Guest micro benchmark performance (I/O, network, memory, CPU).
- Guest micro benchmark performance of MySQL; OLTP read, read / write complex and indexed insertion.
- Compute node resource consumption; VM / Container density factors.
- Lessons learned during benchmarking.
The tests here were performed using OpenStack Rally to drive the OpenStack cloudy tests and various other linux tools to test the guest performance on a "micro level". The nova docker virt driver was used in the Cloud scenario to realize VMs as docker LXC containers and compared to the nova virt driver for libvirt KVM.
Please read the disclaimers in the presentation as this is only intended to be the "chip of the ice burg".
Linux Container Brief for IEEE WG P2302Boden Russell
A brief into to Linux Containers presented to IEEE working group P2302 (InterCloud standards and portability). This deck covers:
- Definitions and motivations for containers
- Container technology stack
- Containers vs Hypervisor VMs
- Cgroups
- Namespaces
- Pivot root vs chroot
- Linux Container image basics
- Linux Container security topics
- Overview of Linux Container tooling functionality
- Thoughts on container portability and runtime configuration
- Container tooling in the industry
- Container gaps
- Sample use cases for traditional VMs
Overall, a bulk of this deck is covered in other material I have posted here. However there are a few new slides in this deck, most notability some thoughts on container portability and runtime config.
Docker storage drivers by Jérôme PetazzoniDocker, Inc.
The first release of Docker only supported AUFS, and AUFS was available (out of the box) only on Debian and Ubuntu kernel. Then Red Hat wanted Docker to run on its distros, and contributed the Device Mapper driver, and later the BTRFS driver, and recently the overlayfs driver.
Jérôme presents how those drivers compare from a high-level perspective, explaining their pros and cons.
Then he showed each driver in action, and look at low-level implementation details. We won't dive into the golang implementation code itself, but we will explain the concepts of each driver. This will help to better understand how they work, and give some hints when it comes to troubleshoot their behaviour.
KVM and docker LXC Benchmarking with OpenStackBoden Russell
Passive benchmarking with docker LXC and KVM using OpenStack hosted in SoftLayer. These results provide initial incite as to why LXC as a technology choice offers benefits over traditional VMs and seek to provide answers as to the typical initial LXC question -- "why would I consider Linux Containers over VMs" from a performance perspective.
Results here provide insight as to:
- Cloudy ops times (start, stop, reboot) using OpenStack.
- Guest micro benchmark performance (I/O, network, memory, CPU).
- Guest micro benchmark performance of MySQL; OLTP read, read / write complex and indexed insertion.
- Compute node resource consumption; VM / Container density factors.
- Lessons learned during benchmarking.
The tests here were performed using OpenStack Rally to drive the OpenStack cloudy tests and various other linux tools to test the guest performance on a "micro level". The nova docker virt driver was used in the Cloud scenario to realize VMs as docker LXC containers and compared to the nova virt driver for libvirt KVM.
Please read the disclaimers in the presentation as this is only intended to be the "chip of the ice burg".
Skale your test environment! Containerized End-2-End-Testing @Herbstcampus Nü...Tobias Schneck
http://www.herbstcampus.de/veranstaltung-5222-containerized-end-2-end-testing.html?id=5222
Bei der Konzeption von End-2-End-Tests ist eines der größten Probleme die Frage, wie die Testausführung möglichst robust, reproduzierbar und skalierbar gestaltet werden kann. Diese Hürde lässt sich mit klassischen Ansätzen nicht überwinden. Einen eleganten Ausweg bieten in Container verpackte Testumgebungen. Dadurch wird es möglich, einen definierten Systemstand reproduzierbar aufzurufen und Tests performant auszuführen.
Es wird zeigt, wie z.B. parallele GUI-Tests in verschiedenen Umgebungen zur Qualitätssicherung beitragen. Die Beispiele sind mit dem Open-Source-Tools Sakuli und Docker realisiert und testen Web- und Rich-Client-Applikationen.
Der Vortrag beinhaltet eine großen Anteil an Live-Demo. Die zugehörige Codebasis wird den Zuhören auch zugänglich gemacht.
Skills
Keine
Lernziele
Ziel ist es, dem Zuhörer aufzuzeigen, wie das Potenzial von Container-Technologien genutzt werden kann, um die Softwarequalität zu erhöhen und den manuellen Testaufwand drastisch zu verringern. Eine abschließende Bewertung der Erfahrungen sowie ein Ausblick auf weitere Einsatzszenarien und Entwicklungsschritte runden den Vortrag ab.
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
This talk was delivered at DockerCon Europe 2015 in Barcelona.
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Docker is two years old. While security has always been at the core of the questions revolving around Docker, the nature of those questions has changed. Last year, the main concern was "can I safely colocate containers on the same machine?" and it elicited various responses. Dan Walsh, SELinux expert, notoriously said: "containers do not contain!", and at last year's LinuxCon, Jérôme delivered a presentation detailing how to harden Docker and containers to isolate them better.
Today, people have new concerns. They include image transport, vulnerability mitigation, and more.
After a recap about the current state of container security, Jérôme will explain why those new questions showed up, and most importantly, how to address them and safely deploy containers in general, and Docker in particular.
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
Namespace, CGroup, and Union file-system are the basic building blocks of a container. Let’s have our focus on file-system. Why yet another file-system for the container? Is Conventional Linux file-systems like ext2, ext3, ext4, XFS, etc. not good enough to meet the purpose? In this blog post, I will try to answer these questions. Here we will be delving deeply into the Union File System and a few of its essential properties.
Cgroups, namespaces and beyond: what are containers made from?Docker, Inc.
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...Yogesh Wadile
The Docker daemon is a service that runs on your host operating system. It currently only runs on Linux because it depends on a number of Linux kernel features, but there are a few ways to run Docker on MacOS and Windows too. TheDocker daemon itself exposes a REST API.
Docker container is an open source software development platform. Its main benefit is to package applications in “containers,” allowing them to be portable among any system running the Linux operating system (OS).
Docker Hub is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts.
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.
Skale your test environment! Containerized End-2-End-Testing @Herbstcampus Nü...Tobias Schneck
http://www.herbstcampus.de/veranstaltung-5222-containerized-end-2-end-testing.html?id=5222
Bei der Konzeption von End-2-End-Tests ist eines der größten Probleme die Frage, wie die Testausführung möglichst robust, reproduzierbar und skalierbar gestaltet werden kann. Diese Hürde lässt sich mit klassischen Ansätzen nicht überwinden. Einen eleganten Ausweg bieten in Container verpackte Testumgebungen. Dadurch wird es möglich, einen definierten Systemstand reproduzierbar aufzurufen und Tests performant auszuführen.
Es wird zeigt, wie z.B. parallele GUI-Tests in verschiedenen Umgebungen zur Qualitätssicherung beitragen. Die Beispiele sind mit dem Open-Source-Tools Sakuli und Docker realisiert und testen Web- und Rich-Client-Applikationen.
Der Vortrag beinhaltet eine großen Anteil an Live-Demo. Die zugehörige Codebasis wird den Zuhören auch zugänglich gemacht.
Skills
Keine
Lernziele
Ziel ist es, dem Zuhörer aufzuzeigen, wie das Potenzial von Container-Technologien genutzt werden kann, um die Softwarequalität zu erhöhen und den manuellen Testaufwand drastisch zu verringern. Eine abschließende Bewertung der Erfahrungen sowie ein Ausblick auf weitere Einsatzszenarien und Entwicklungsschritte runden den Vortrag ab.
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
This talk was delivered at DockerCon Europe 2015 in Barcelona.
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Docker is two years old. While security has always been at the core of the questions revolving around Docker, the nature of those questions has changed. Last year, the main concern was "can I safely colocate containers on the same machine?" and it elicited various responses. Dan Walsh, SELinux expert, notoriously said: "containers do not contain!", and at last year's LinuxCon, Jérôme delivered a presentation detailing how to harden Docker and containers to isolate them better.
Today, people have new concerns. They include image transport, vulnerability mitigation, and more.
After a recap about the current state of container security, Jérôme will explain why those new questions showed up, and most importantly, how to address them and safely deploy containers in general, and Docker in particular.
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
Namespace, CGroup, and Union file-system are the basic building blocks of a container. Let’s have our focus on file-system. Why yet another file-system for the container? Is Conventional Linux file-systems like ext2, ext3, ext4, XFS, etc. not good enough to meet the purpose? In this blog post, I will try to answer these questions. Here we will be delving deeply into the Union File System and a few of its essential properties.
Cgroups, namespaces and beyond: what are containers made from?Docker, Inc.
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...Yogesh Wadile
The Docker daemon is a service that runs on your host operating system. It currently only runs on Linux because it depends on a number of Linux kernel features, but there are a few ways to run Docker on MacOS and Windows too. TheDocker daemon itself exposes a REST API.
Docker container is an open source software development platform. Its main benefit is to package applications in “containers,” allowing them to be portable among any system running the Linux operating system (OS).
Docker Hub is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts.
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
Accelerate your software development with DockerAndrey Hristov
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
Containers: from development to production at DevNation 2015Jérôme Petazzoni
In Docker, applications are shipped using a lightweight format, managed with a high-level API, and run within software containers which abstract the host environment. Operating details like distributions, versions, and network setup no longer matter to the application developer.
Thanks to this abstraction level, we can use the same container across all steps of the life cycle of an application, from development to production. This eliminates problems stemming from discrepancies between those environments.
Even so, these environments will always have different requirements. If our quality assurance (QA) and production systems use different logging systems, how can we still ship the same container to both? How can we satisfy the backup and security requirements of our production stack without bloating our development stack?
In this sess, you will learn about the unique features in containers that allow you to cleanly decouple system administrator tasks from the core of your application. We’ll show you how this decoupling results in smaller, simpler containers, and gives you more flexibility when building, managing, and evolving your application stacks.
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
A document about what we learnt while introducing Docker at the Tribal Nova company, and the migration of our backend projects as containers.
The layout is really not my strength...
The internals and the latest trends of container runtimesAkihiro Suda
Containers are a set of various lightweight methods to isolate filesystems, CPU resources, memory resources, system permissions, etc. Containers are similar to virtual machines in many senses, but they are more efficient and often less secure. This talk roughly consists of the following three parts:
1. Introduction to containers and how they spread in the last decade
2. Internals of container runtimes: namespaces, cgroups, capabilities, seccomp, etc.
3. Latest trends: Non-Docker containers, User Namespaces, Rootless Containers, Kata Containers, gVisor, WebAssembly, etc.
http://www.cce.i.kyoto-u.ac.jp/danwa23.html
History and Basics of containers, LXC, Docker and Kubernetes. This presentation is given to Engineering colleage students at VIT DevFest 2018. Beginner to Intermediate level.
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker.
A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security
Docker - Demo on PHP Application deployment Arun prasath
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.
Gives a brief introduction of the emerging containerization technology, the difference in traditional VMs and Conatiners and the most popular one- Docker
Similar to Docker's Jérôme Petazzoni: Best Practices in Dev to Production Parity for Containers (20)
Brian Doll: Land and Expand Strategies at Github and New RelicHeavybit
In his Heavybit talk, Brian Doll shares bottom-up sales approaches & messaging considerations for moving into the enterprise. He recommends a ‘do things and tell people’ approach as a critical component of developer marketing and provides actionable tips for companies looking to grow.
In this Heavybit Speaker Series, Brian Balfour, VP of Growth at HubSpot, covers the key documents to building a growth process, tactics for generating growth ideas, and what you need to generate a minimum viable test.
For the full talk, visit the Heavybit Library - http://heavybit.com/library/video/2015-09-01-donnie-berkholz
In this Heavybit Speaker Series, Donnie Berkholz of 451 Research will offer insights into analyst coverage areas and how to present to them, context-setting for analyst briefings, and finally, how to engage with analysts on their upcoming research calendars.
Sean Byrnes: Business Analytics: Are We There Yet?Heavybit
Let's get real, any monkey with a slide deck can fake hockey stick growth. In this Heavybit Speaker Series, Sean Byrnes talks about creating metrics and analytics for actual survivability, success and growth.
Sean helps you operationalize your org-wide goals, cut through the BS of pedantic goal-setting exercises, and get s@#t done.
Watch the talk here - http://heavybit.com/library/video/2015-08-18-sean-byrnes
Using OKRs to Drive Results AKA "Secrets To Crushing Your Goals"Heavybit
In this Heavybit Speaker Series presentation you’ll learn:
-How early-stage developer companies can get started on their company-wide OKRs;
-How to use OKRs for alignment and increased progress; and,
- Examples of applying OKRs to the less numbers-driven side of the business.
To watch Kris' complete presentation, head to http://www.heavybit.com/library
Kris Duggan is the CEO and Co-Founder of BetterWorks, an enterprise goals platform trusted by high performing companies to engage, empower and cross-functionally align their workforces. The company's board of directors include investor Kleiner Perkins Caufield Byers' John Doerr and Google's Shona Brown. Prior to BetterWorks, he was the founding CEO of Badgeville.
Creating Killer Trend Stories with Redis Labs' Cameron PeronHeavybit
In this presentation, you’ll learn that good companies hijack trends, while great ones define them. Cam will teach you:
-How to source customer data and stories;
-How to craft trends and pitch journalists during slow news cycles;
-How to reuse your coverage for top-of-funnel, sales and relationship-building.
Don MacLennan: Investing in Customer SuccessHeavybit
Your marketing is generating leads and your inbound sales team is primed to close the deal. The only problem is that customer success is an afterthought in your sales cycle.
In this presentation you’ll learn:
- How to operationalize your sales workflow to increase revenue;
- The signals to help you identify at-risk customers ; and,
- How to build engagement before churn.
Stripe’s Krithika Muthukumar discusses how to make even the minutiae of product launches as engaging and easy to understand for your users as actually using the product itself.
Heavybit is looking for a creative and disciplined Events Manager to plan, organize and promote our SF-based event program. Heavybit has a busy and diverse events program: in the past year we’ve hosted two major conferences as well as nearly 100 educational, corporate and social events. As Events Manager you’ll be responsible for our overall events strategy and schedule. You’ll design the event calendar & formats and oversee the execution of events from small social events through to larger half-day conferences.
In this presentation, Jeff talks about how to use a lean framework for product experimentation & better interaction design. He reviews some of the key principles for lean design and talks about how you can better tailor your product to meet your customers' needs.
Jeff Atwood - How to Talk So Your Community Will Listen and Listen So Your Co...Heavybit
Jeff offers lessons from his experience building Stack Overflow, Stack Exchange, and most recently, Discourse. His talk also focuses on the importance of user feedback in designing a better product experience.
Charity Majors - Bootstrapping an Ops TeamHeavybit
In this Heavybit Speaker Series talk, Charity discusses scaling and hiring an ops team from the ground up. She shares what she looks for in potential hires during the interview process and provides valuable interview techniques.
Looker's Ben Porterfield - Asking The Right QuestionsHeavybit
Ben offers his insight into data analysis with this Heavybit Speaker Series talk. He includes information on the data he finds key to strategic product pivot, the difference between good and bad customer questions, and how to take your data science to the next level. Check out the video of this talk at: http://www.heavybit.com/library/video/2015-02-10-ben-porterfield
Craig Kerstiens is an early member of the Heroku team. He launched the company's Python support among other platform features, ran product and marketing for the Heroku Postgres team, and now runs product for their Ecosystem group which includes add-ons, languages, and API. He blogs frequently about Python, Django and Postgres and curates content for Postgres Weekly and Postgres Guide.
Harrison Metal's Michael Dearing on PricingHeavybit
In this Heavybit Speaker Series Presentation, Harrison Metal's Michael Dearing discusses the finer points of multivariate pricing and go-to-market strategy for developer companies. Former SVP and General Merchandise Manager at eBay and now Harrison Metal founder Michael Dearing has dedicated his life to helping companies productize emerging technologies, build go-to-market strategy, and perfect their product marketing and pricing.
Video available here: http://www.heavybit.com/library/developer-go-to-market/video/2013-07-16-michael-dearing
Slack's Ali Rayl on Scaling Support for User GrowthHeavybit
In this Heavybit Speaker Series Presentation, Ali Rayl talks about building Slack's Support Stack particularly after the company's exponential growth spikes. Ali Rayl is the Director of Quality and Support at Slack where she’s built the team to manage more than 5,000 corporate clients including Stripe, Rdio, Medium, Airbnb, Expedia and Buzzfeed. In the past she was the Director of QA at Songbird — an open-source cross platform music player built on Mozilla’s XULRunner and GStreamer.
Full Video available Here: http://www.heavybit.com/library/developer-operations/video/2014-09-16-ali-rayl
Heavybit member and payment processing company Stripe's manages 106 endpoints, 65 versions and 6 API clients all without breaking things. This presentation was given by Stripe's API lead Amber Feng on designing APIs for engagement and ease-of-use.
Video available here: http://www.heavybit.com/library/developer-technical/video/2014-09-30-amber-feng
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
2. Who am I?
Jérôme Petazzoni (@jpetazzo)
French software engineer living in California
Joined Docker (dotCloud) more than 4 years ago
(I was at Docker before it was cool!)
I have built and scaled the dotCloud PaaS
I learned a few things about running containers
(in production)
2 / 49
3. Outline
Brief intro about Docker and containers
VMs and containers: technical differences
VMs and containers: functional differences
Lean containers
Composing stacks of containers
3 / 49
6. Take any Linux program, and put it in a container
Web apps and services, workers
(Go, Java, Node, PHP, Python, Ruby...)
Data stores: SQL, NoSQL, big data
(Cassandra, ElasticSearch, Hadoop, Mongo, MySQL, PostgreSQL, Redis...)
Other server-y things
(Consul, Etcd, Mesos, RabbitMQ, Zookeeper...)
Command-line tools
(AWS CLI, Ffmpeg...)
Desktop apps
(Chrome, LibreOffice, Skype, Steam...)
6 / 49
7. What about non-Linux programs?
Desktop apps with WINE
(e.g.: Spotify client)
Coming soon: Docker for Windows
(run Windows apps on Windows machines)
Coming soon: Docker for FreeBSD
(port in progress)
Coming eventually: Docker for OS X
(technically possible; but is this useful?)
7 / 49
8. Ship that container easily and efficiently
Docker comes with an image distribution protocol
Distribution server can be hosted by Docker Inc.
(free for public images)
Distribution protocol is public
Open source reference implementation
(used by Docker Inc. for the public registry)
Container images are broken down into layers
When updating and distributing an image,
only ship relevant layers
8 / 49
9. Run those containers anywhere
Containers can run in VMs or in physical machines
Docker is available on all modern Linux variants
Many IAAS providers have server images with Docker
On OS X and Windows dev machines: boot2docker
There are distros dedicated to run Docker containers
(Atomic, CoreOS, RancherOS, Snappy Core...)
Other Docker implementations exist (e.g. Joyent Triton)
9 / 49
11. Containers are portable
VMs can't easily be moved
nested hypervisors (VMs in VMs) exist, but still rare
VM images have to be converted and transferred
(both are slow operations)
The same container can run on any machine
(physical or virtual)
Containers use a stable interface
Intel 64 bits machine code
Linux system calls ABI
11 / 49
12. Containers have low overhead
Normal* process(es) running on top of normal kernel
No device emulation (no extra code path involved in I/O)
Context switch between containers
= context switch between processes
Benchmarks show no difference at all
between containers and bare metal
(after adequate tuning and options have been selected)
Containers have higher density
* There are extra "labels" denoting membership to given
namespaces and control groups. Similar to regular UID.
12 / 49
13. VMs have stronger isolation
Inter-VM communication must happen over the network
(Some hypervisors have custom paths, but non-standard)
VMs can run as non-privileged processes on the host
(Breaking out of a VM will have ~zero security impact)
Containers run on top of a single kernel
(Kernel vulnerability can lead to full scale compromise)
Containers can share files, sockets, FIFOs, memory areas...
(They can communicate with standard UNIX mechanisms)
13 / 49
14. Analogy: brick walls vs. room dividers
Brick walls
sturdy
slow to build
messy to move
Room dividers
fragile
deployed in seconds
moved easily
14 / 49
15. Blurring lines
Intel Clear Containers; Clever Cloud
(stripped down VMs, boot super fast, tiny footprint)
Joyent Triton
(Solaris "branded zones," running Linux binaries securely,
exposing the Docker API)
Ongoing efforts to harden containers
(GRSEC, SELinux, AppArmor)
15 / 49
17. Inside
VMs typically contains* everything they need
(Backups, logging, periodic job execution, remote access...)
Containers are the subject of an epic debate:
machine container
(runs init, cron, ssh, syslog ... and the app)
application container
(runs the app and nothing else;
relies on external mechanisms)
* No pun intended!
17 / 49
18. Creation / deployment
Containers are (typically) created from an image
Updates = update the image, redeploy a new container
"Immutable servers" pattern
VMs can use the same pattern ("golden images"),
but it's heavier to setup
VMs often have a long lifecycle instead
(provisioning→update→update→…→update→disposal)
easily leads to configuration drift
(subtle differences that add up over time)
requires tight configuration management
18 / 49
19. Development process (VMs)
Hypothesis: app broken down in 10 components
Production: 10+ VMs (each component in 1+ VM)
Development: typically 1 VM for whole app
Different components depending on environment
(e.g.: logging, monitoring, service discovery...)
Consequence: prod and dev deployments differ a lot
19 / 49
20. Development process (containers)
Hypothesis: app broken down in 10 components
Production: 10+ containers (across any number of VMs)
Development: 10 containers on 1 dev VM
Re-use the same container images for prod and dev
How do we provide container variants?
20 / 49
21. Bloated containers
Containers have all the software required for production
In dev mode, only essential processes are started
In prod mode, additional processes run as well
Problems:
bigger containers
behavior can differ (because of extra processes)
extra processes duplicated between containers
hard to test those extra processes in isolation
21 / 49
23. Principle
"Do one thing, do it well"
One container for the component itself
One container for logging
One container for monitoring
One container for backups
One container for debugging (when needed)
etc.
23 / 49
24. Implementation (general principles)
Containers can share almost anything, selectively
files
(logs, data at rest, audit)
network stack
(traffic routing and analysis, monitoring)
process space, memory
(process tracing and debugging)
24 / 49
26. Logging (option 1: Docker logging drivers)
Containers write to standard output
Docker has different logging drivers:
writes to local JSON files by default
can send to syslog
Imperfect solution for now, but will be improved.
Preferred in the long run.
26 / 49
27. Logging (option 2: shared log directory)
Containers write regular files to a directory
That directory is shared with another container
dockerrun-d--namemyapp1-v/var/logmyapp:v1.0
In development setup:
dockerrun--volumes-frommyapp1ubuntu
sh-c'tail-F/var/log/*'
In production:
dockerrun-d--volumes-frommyapp1logcollector
27 / 49
28. Logging takeaways
Application can be "dumb" about logging
Log collection and shipping happens in Docker,
or in separate(s) container(s)
Run custom log analyzer without changing app container
(e.g. apachetop)
Migrate logging system without changing app container
28 / 49
29. "Yes, but..."
"What about performance overhead?"
no performance overhead
both containers access files directly
(just like processes running on the same machine)
"What about synchronization issues?"
same as previous answer!
29 / 49
30. Backups (file-based)
Store mutable data on Docker volumes
(same mechanism as for logs)
Share volumes with special-purpose backup containers
Put backup tools in the backup container
(boto, rsync, s3cmd, unison...)
dockerrun--volumes-frommydb1ubuntu
rsync-av/var/lib/backup@remotehost:mydb1/
The whole setup doesn't touch the app (or DB) container
30 / 49
31. Backups (network-based)
Run the backup job (pg_dump, mysqldump, etc.)
from a separate container
Nothing complicated, but with VMs, this is overkill
("this VM does nothing at all; except a few minutes per day!")
Advantages (vs. running in the same container):
nothing to install in the app (or DB) container
if the backup job runs amok, it remains contained (!)
31 / 49
32. Network analysis
Packet capture (tcpdump, ngrep, ntop, etc.)
Low-level metrics (netstat, ss, etc.)
Install required tools in a separate container image
Run a container in the same network namespace
dockerrun-d--nameweb1nginx
dockerrun-ti--netcontainer:web1tcpdump-pnieth0
dockerrun-ti--netcontainer:web1ubuntuss-n--tcp
32 / 49
33. Service discovery
Docker can do linking and generic DNS injection
Your code connects to e.g. redis
(pretending that redisresolves to something)
Docker adds a DNS alias* so that redisresolves
to the right container, or to some external service
In dev, Docker Compose manages service dependencies
In prod, you abstract service discovery from the container
* Really, an entry in the container's /etc/hosts.
33 / 49
34. Service discovery in practice
When service A needs to talk to service B...
1. Start container B on a Docker host
34 / 49
35. Service discovery in practice
When service A needs to talk to service B...
1. Start container B on a Docker host
2. Retrieve host+port allocated for B
35 / 49
36. Service discovery in practice
When service A needs to talk to service B...
1. Start container B on a Docker host
2. Retrieve host+port allocated for B
3. Start ambassador (relaying to this host+port)
36 / 49
37. Service discovery in practice
When service A needs to talk to service B...
1. Start container B on a Docker host
2. Retrieve host+port allocated for B
3. Start ambassador (relaying to this host+port)
4. Start container A linked to ambassador
37 / 49
38. Service discovery in practice
When service A needs to talk to service B...
1. Start container B on a Docker host
2. Retrieve host+port allocated for B
3. Start ambassador (relaying to this host+port)
4. Start container A linked to ambassador
5. Profit!
38 / 49
39. General pattern
Your code runs in the same container in dev and prod
Add "sidekick*" containers for additional tasks
Developers don't have to be bothered about ops
Ops can do their job without messing with devs' code
* Kubernetes sometimes calls them "sidecars."
39 / 49
46. Fair warning
Docker networking is evolving quickly
Docker 1.7 (to be released Real Soon Now) will support:
"networks" as first class objects
multiple networks
overlay driver allowing to span networks across
multiple hosts
networking plugins from ecosystem partners
46 / 49
48. Conclusions
Containers can share more context than VMs
We can use this to decouple complexity
(think "microservices" but for ops/devs separation)
All tasks typically requiring VM access
can be done in separate containers
As a result, deployments are broken down
in smaller, simpler pieces
Complex stacks are expressed with simple YAML files
Docker isn't a "silver bullet" to solve all problems,
but it gives us tools that make our jobs easier
48 / 49