Slides from Chris Swan's ONUG Academy "Hands-On Container Networks" on May 12, 2015
This hands on session will begin by looking at how Docker modifies a Linux host to enable containers to be connected to a network. It will then go through how applications running in containers can be connected together, and the different options for interconnectivity on a host and between hosts. Finally we will take a look at running network application services inside of containers.
Syllabus
Learn what Docker does to your Linux host on installation.
Connect applications running across multiple containers using configuration metadata and compositing tools.
Understand the different Docker networking modes (host, container, none).
Using Pipework to customise network configuration.
Connecting containers across VMs using Open vSwitch.
Using containers for application network services sush as proxies, load balancers and for TLS termination
Learning Objective 1: Understand how containers relate to the host network, and the consequences that has for services running within containers
Learning Objective 2: Understand the different ways that containers can be networked and internetworked.
Learning Objective 3: Use containers to run network application services.
About the topic:
Containers aren’t a new thing, but the Docker project has made them a hot topic as organisations look at new ways to build, ship and run their applications. This brings new challenges for the network as containers are likely to be ten times as numerous as virtual machines. At the same time there is regulatory pressure to move away from the flat LAN model and deliver greater separation and segregation. This presentation will look at how these two forces are coming together, firstly by examining how containers are networked and some of the new approaches and challenges that come with that. This will be followed by a look at how overlay networks are being deployed to achieve ‘microsegmentation’, and ultimately drive a shift towards application centric networking. Of course these forces will collide, bringing us to contained networks of containers.
AppSec USA 2014 talk by Chris Swan "Implications & Opportunities at the Bleed...Cohesive Networks
AppSec USA 2014 from Cohesive CTO Chris Swan
"Implications & Opportunities at the Bleeding Edge of DevOps"
Ever Onward… as DevOps keeps evolving, this session will show you how the newest DevOps patterns and technologies (e.g. Docker) trends continue to change and morph the opportunities and risks for security. It’s more exciting than scary… once you get over the shock
Chris Swan's presentation on Docker Networking from Container.Camp in London 12 September 2014
A look at how stock Docker does networking, and how containers can be connected together. Introduction to libchan and pipework projects, and a look at container internetworking using Open vSwitch and kernel VXLAN. Docker can also be used as a place to run layer 4-7 network application services like SSL termination, proxying, load balancing, content caching and intrusion detection.
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies.
Deeper Dive in Docker Overlay NetworksDocker, Inc.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay.
Introduction what is container and how to use it. staring from the comparison to virtual machine and also show how to use the persistent storage and port mapping in containers.
In the last part, shows what is kubernetes and what kind of problems kubernetes want to solve and how it solves.
AppSec USA 2014 talk by Chris Swan "Implications & Opportunities at the Bleed...Cohesive Networks
AppSec USA 2014 from Cohesive CTO Chris Swan
"Implications & Opportunities at the Bleeding Edge of DevOps"
Ever Onward… as DevOps keeps evolving, this session will show you how the newest DevOps patterns and technologies (e.g. Docker) trends continue to change and morph the opportunities and risks for security. It’s more exciting than scary… once you get over the shock
Chris Swan's presentation on Docker Networking from Container.Camp in London 12 September 2014
A look at how stock Docker does networking, and how containers can be connected together. Introduction to libchan and pipework projects, and a look at container internetworking using Open vSwitch and kernel VXLAN. Docker can also be used as a place to run layer 4-7 network application services like SSL termination, proxying, load balancing, content caching and intrusion detection.
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies.
Deeper Dive in Docker Overlay NetworksDocker, Inc.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay.
Introduction what is container and how to use it. staring from the comparison to virtual machine and also show how to use the persistent storage and port mapping in containers.
In the last part, shows what is kubernetes and what kind of problems kubernetes want to solve and how it solves.
Ryan Koop's Docker Chicago Meetup Demo March 12 2014Cohesive Networks
CohesiveFT's Director of Products & Marketing, Ryan Koop, presented on how CohesiveFT is incorporating Docker containers in our latest version of the virtual networking appliance, VNS3.
Docker Meetup #2 was held on March 12, 2014 at Mediafly
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
This slidedeck covers overview of Docker Networking as of Docker 1.8, drawbacks of current Docker Networking and goals of Docker Experimental Networking.
Docker Networking in OpenStack: What you need to know nowPLUMgrid
Learn how you bring secure, scalable, available and open software defined networking to Docker containers managed by OpenStack. This session will cover how Docker virtual networks function, how to plumb them into the virtual network fabric and reliably assign information such as IP addresses, virtual interfaces and more. In addition, this session will also cover how to securely wrap Docker containers using security policies and encryption.
We open-sourced LinuxKit in April 2017 at DockerCon in Austin. In this session, we'll take a detailed look at some advanced topics of LinuxKit ranging from the general read-only filesystem setup, multi-arch image support for x86_64 and arm64, custom network configuration, and kernel debugging and testing.
In this slide, I briefly introduce the container and how docker implement it, including the image and container itself. also show how docker setup the networking connectivity by default bridge network.
Deep dive in container service discoveryDocker, Inc.
Service discovery and traffic load-balancing in the container ecosystem relies on different technologies, such as IPVS and iptables, and container orchestrators use different approaches. This talk will present in details how Docker Swarm and Kubernetes achieve this. The talk will continue with a demo showing how applications that are not managed by Kubernetes can take advantage of its native load-balancing. Finally, it will compare these approaches to service-mesh solutions.
Containerd: Building a Container Supervisor by Michael CrosbyDocker, Inc.
Containerd is a container supervisor that allows users to manage the lifecycle of a container as well as interact with the container while it is executing. Containerd was built to fulfill many of the requirements that we expect from a modern supervisor all while staying small and fast. In this talk, we will discuss some of the design decisions that shaped containerd’s architecture that allows it to reattach to running containers if it was killed and how it is designed to start 100s containers in seconds.
This talks shows how to implement the Application-Based Routing in the common Linux Distribution. We use the NDPI to execute the DPI function to category the packet first, use the linux kernel build-it mark to pass the information from user-space to kernel space and then the policy routing system use that mark to route the packet by different destination or interface.
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...Docker, Inc.
In this talk I will cover our experience moving CNET, from an in-house monolith image resizing application, to a containerized open source micro-service. I will detail the planning and development phases of the micro-service, which utilizes Thumbor. I will also cover the testing, deployment and monitoring strategies used in the process. Running in Docker Swarm Mode and delivering millions of image requests a day, the service has greatly improved stability and reduced infrastructure needs by 80%.
When Docker Engine 1.12 features unleashes software architectureAdrien Blind
This slidedeck deals with new features delivered with Docker Engine 1.12, in a larger context of application architecture & security. It has been presented at Voxxed Days Luxembourg 2016
Event: inovex Meetup "Let's talk about docker!"
Speaker: Johannes M. Scheuermann
28.04.2016
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
When it comes to networking inside Kubernetes, selecting the correct networking solution may be one of the most important decisions you may face. This is especially true if you are trying to run a Kubernetes cluster in production.
Therefore it's beneficial to have a good understanding of different CNI options out there and most importantly how these networking options are different from each other.
This presentation goes over packet by packet-level details of how the network plumbing is happening with different CNI plugins including, Flannel, Calico & Cilium.
Docker network performance in the public cloudArjan Schaaf
Presentation from Container Camp London 2015 which compares both the network performance of containers on both AWS and Azure. Included SDN solutions in these tests are Flannel, Weave and Project Calico.
A look at the rev 2.0 software defined networking (SDN) ODCA usage model, the incorporation of network function virtualization, and five new usage scenarios.
Ryan Koop's Docker Chicago Meetup Demo March 12 2014Cohesive Networks
CohesiveFT's Director of Products & Marketing, Ryan Koop, presented on how CohesiveFT is incorporating Docker containers in our latest version of the virtual networking appliance, VNS3.
Docker Meetup #2 was held on March 12, 2014 at Mediafly
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
This slidedeck covers overview of Docker Networking as of Docker 1.8, drawbacks of current Docker Networking and goals of Docker Experimental Networking.
Docker Networking in OpenStack: What you need to know nowPLUMgrid
Learn how you bring secure, scalable, available and open software defined networking to Docker containers managed by OpenStack. This session will cover how Docker virtual networks function, how to plumb them into the virtual network fabric and reliably assign information such as IP addresses, virtual interfaces and more. In addition, this session will also cover how to securely wrap Docker containers using security policies and encryption.
We open-sourced LinuxKit in April 2017 at DockerCon in Austin. In this session, we'll take a detailed look at some advanced topics of LinuxKit ranging from the general read-only filesystem setup, multi-arch image support for x86_64 and arm64, custom network configuration, and kernel debugging and testing.
In this slide, I briefly introduce the container and how docker implement it, including the image and container itself. also show how docker setup the networking connectivity by default bridge network.
Deep dive in container service discoveryDocker, Inc.
Service discovery and traffic load-balancing in the container ecosystem relies on different technologies, such as IPVS and iptables, and container orchestrators use different approaches. This talk will present in details how Docker Swarm and Kubernetes achieve this. The talk will continue with a demo showing how applications that are not managed by Kubernetes can take advantage of its native load-balancing. Finally, it will compare these approaches to service-mesh solutions.
Containerd: Building a Container Supervisor by Michael CrosbyDocker, Inc.
Containerd is a container supervisor that allows users to manage the lifecycle of a container as well as interact with the container while it is executing. Containerd was built to fulfill many of the requirements that we expect from a modern supervisor all while staying small and fast. In this talk, we will discuss some of the design decisions that shaped containerd’s architecture that allows it to reattach to running containers if it was killed and how it is designed to start 100s containers in seconds.
This talks shows how to implement the Application-Based Routing in the common Linux Distribution. We use the NDPI to execute the DPI function to category the packet first, use the linux kernel build-it mark to pass the information from user-space to kernel space and then the policy routing system use that mark to route the packet by different destination or interface.
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...Docker, Inc.
In this talk I will cover our experience moving CNET, from an in-house monolith image resizing application, to a containerized open source micro-service. I will detail the planning and development phases of the micro-service, which utilizes Thumbor. I will also cover the testing, deployment and monitoring strategies used in the process. Running in Docker Swarm Mode and delivering millions of image requests a day, the service has greatly improved stability and reduced infrastructure needs by 80%.
When Docker Engine 1.12 features unleashes software architectureAdrien Blind
This slidedeck deals with new features delivered with Docker Engine 1.12, in a larger context of application architecture & security. It has been presented at Voxxed Days Luxembourg 2016
Event: inovex Meetup "Let's talk about docker!"
Speaker: Johannes M. Scheuermann
28.04.2016
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
When it comes to networking inside Kubernetes, selecting the correct networking solution may be one of the most important decisions you may face. This is especially true if you are trying to run a Kubernetes cluster in production.
Therefore it's beneficial to have a good understanding of different CNI options out there and most importantly how these networking options are different from each other.
This presentation goes over packet by packet-level details of how the network plumbing is happening with different CNI plugins including, Flannel, Calico & Cilium.
Docker network performance in the public cloudArjan Schaaf
Presentation from Container Camp London 2015 which compares both the network performance of containers on both AWS and Azure. Included SDN solutions in these tests are Flannel, Weave and Project Calico.
A look at the rev 2.0 software defined networking (SDN) ODCA usage model, the incorporation of network function virtualization, and five new usage scenarios.
CTO Chris Swan presented at the Chicago Docker user group meetup on July 17, 2014.
For the Docker meetup event info: http://www.meetup.com/Docker-Chicago/events/185954112/
Docker Container Security - A Network ViewNeuVector
A Network View of Docker - You Can't Secure What You Can't See.
Learn critical networking issues and advice for run-time container security
To watch the recorded webinar go to http://neuvector.com/docker-security-webinar
What you will learn in this technical overview:
- Top concerns for deploying containers in production
- Fundamentals of Docker container security
- A sample container exploit using the recently discovered Dirty COW vulnerability
- East-west traffic network issues on AWS and other clouds
- How NACLs, Sec Groups, and flow logs work or don't work with overlay networks
- Visualization and monitoring of containers during run-time.
- Microsegmentation of applications to isolate and protect them.
Devoxx 2016: A Developer's Guide to OCI and runCPhil Estes
A talk given at Devoxx 2016 in Antwerp, Belgium on November 7th, 2016. This talk covers the OCI (Open Container Initiative), status of the runtime and image specifications, and tools like runC and ocitools, as well as components like "riddler" and "netns" for using the OCI components as an application developer.
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Erlang User Conference 2016: Container Networking: A Field ReportSargun Dhillon
Erlang User Conference 2016: Container Networking: A Field Report. This talk speaks to Mesosphere's experience with Erlang, and containers over the past year.
Container Network Interface: Network Plugins for Kubernetes and beyondKubeAcademy
With the rise of modern containers comes new problems to solve – especially in networking. Numerous container SDN solutions have recently entered the market, each best suited for a particular environment. Combined with multiple container runtimes and orchestrators available today, there exists a need for a common layer to allow interoperability between them and the network solutions.
As different environments demand different networking solutions, multiple vendors and viewpoints look to a specification to help guide interoperability. Container Network Interface (CNI) is a specification started by CoreOS with the input from the wider open source community aimed to make network plugins interoperable between container execution engines. It aims to be as common and vendor-neutral as possible to support a wide variety of networking options — from MACVLAN to modern SDNs such as Weave and flannel.
CNI is growing in popularity. It got its start as a network plugin layer for rkt, a container runtime from CoreOS. Today rkt ships with multiple CNI plugins allowing users to take advantage of virtual switching, MACVLAN and IPVLAN as well as multiple IP management strategies, including DHCP. CNI is getting even wider adoption with Kubernetes adding support for it. Kubernetes accelerates development cycles while simplifying operations, and with support for CNI is taking the next step toward a common ground for networking. For continued success toward interoperability, Kubernetes users can come to this session to learn the CNI basics.
This talk will cover the CNI interface, including an example of how to build a simple plugin. It will also show Kubernetes users how CNI can be used to solve their networking challenges and how they can get involved.
KubeCon schedule link: http://sched.co/4VAo
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...PLUMgrid
The Docker container ecosystem is growing very fast and networking has taken an interesting direction with different networking models being introduced and it becomes even more interesting when container orchestration engines like Swarm, Mesos, Kubernetes have to implement networking for Docker containers. At this Meetup, we will talk about the networking capabilities for Docker, networking models like CNM (Container Network Model), how they fit into container orchestration frameworks, what's ready for production and what's in the design/discussion phase expected to be available in near future.
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
A presentation given on Thursday, January 19th, 2017 at the Devops Remote Conf 2017. This talk details the history of the Docker engine architecture, focusing on the split in April 2016 into the containerd and runc layers, and talking through the December 2016 announcement of the *new containerd project and what it will bring for the Docker engine and other consumers.
DockerCon EU 2015: Docker Networking Deep DiveDocker, Inc.
with Jana Radhakrishnan, Lead Software Engineer at Docker, and David Tucker, Product Manager, Docker
Docker Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They can seamlessly communicate with each other wherever they are - thus enabling true distributed applications.
And Networking is pluggable, so you can use any third-party networking driver to power your networks without having to make any changes to your application.
Read more: https://blog.docker.com/2015/11/docker-multi-host-networking-ga/
--
Docker is an open platform for developers and system administrators to build, ship and run distributed applications. With Docker, IT organizations shrink application delivery from months to minutes, frictionlessly move workloads between data centers and the cloud and can achieve up to 20X greater efficiency in their use of computing resources. Inspired by an active community and by transparent, open source innovation, Docker containers have been downloaded more than 700 million times and Docker is used by millions of developers across thousands of the world’s most innovative organizations, including eBay, Baidu, the BBC, Goldman Sachs, Groupon, ING, Yelp, and Spotify. Docker’s rapid adoption has catalyzed an active ecosystem, resulting in more than 180,000 “Dockerized” applications, over 40 Docker-related startups and integration partnerships with AWS, Cloud Foundry, Google, IBM, Microsoft, OpenStack, Rackspace, Red Hat and VMware.
Learn more at www.docker.com
Starting with Docker 1.12, Docker has added features to the core Docker Engine to make multi-host and multi-container orchestration extremely simple to use and accessible to everyone. Docker 1.12 Networking plays a key role in enabling these orchestration features.
In this online meetup, we learned all the new and exciting networking features introduced in Docker 1.12:
Swarm-mode networking
Routing Mesh
Ingress and Internal Load-Balancing
Service Discovery
Encrypted Network Control-Plane and Data-Plane
Multi-host networking without external KV-Store
MACVLAN Driver
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
This presentation reminds Docker networking, exposes Software Defined Network basic paradigms, and then proposes a mixed-up implementation taking benefits of a coupled use of these two technologies. Implementation model proposed could be a good starting point to create multi-tenant PaaS platforms.
As a bonus, OpenStack Neutron internal design is presented.
You can also have a look on our previous presentation related to enterprise patterns for Docker:
http://fr.slideshare.net/ArnaudMAZIN/docker-meetup-paris-enterprise-docker
Bartosz Tkaczewski - Przygód z Dockerem ciąg dalszy
http://www.tsh.io
Docker jest zauważalny już niemal wszędzie. Na prezentacji zobaczysz działające środowisko developerskie, poznasz kilka sztuczek, jak sobie z nim dobrze radzić i efektywnie pracować, zobaczysz też, jak szybko można prosty projekt wzbogacić o zaawansowane stacki aplikacji (na przykładzie ELK). Postaram się również opowiedzieć, jak można sobie z tym potworkiem poradzić na produkcji.
Prezentacja z Uszanowanka Programowanka #16 - http://www.meetup.com/Uszanowanko-Programowanko/events/234826115/
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
Docker Networking presentation at ONS2016.
Docker Macvlan and Ipvlan Networking Drivers Experimental Readme:
github.com/docker/docker/blob/master/experimental/vlan-networks.md
Kernel requirements for Ipvlan mode is v4.2+, Macvlan mode is v3.19.
If using Virtualbox to test with, use NAT mode interfaces unless you have multiple MAC addresses working in your setup. Use the 172.x.x.x subnet and gateway used by the VBox NAT network. Vmware Fusion works out of the box.
Here is a screenshot of a VirtualBox NAT interface:
https://www.dropbox.com/s/w1rf61n18y7q4f1/Screenshot%202016-03-20%2001.55.13.png?dl=0
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
This session covers a bunch of tips and tricks for getting the most out of Docker. The tips were inspired by suggestions, blogs, and presentations and everyday challenges encountered by other Docker Captains but also the members of the Docker community. Come and see the unobvious and unexpected in terms of orchestration, image creation and management, also networking and volumes!
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Workshop Consul .- Service Discovery & Failure DetectionVincent Composieux
This workshop uses a Docker Swarm cluster to deploy a Consul agent and uses Registrator to automatically register Docker containers services into Consul and add a health check on it.
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
On June 10th CFO/COO Dwight Koop presented "Cybersecurity for real life: Using the NIST Framework to protect your critical infrastructure" at CircleCity Con in Indianapolis, IN.
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Cohesive Networks
Defense in depth: practical steps to securing your data and achieving compliance
Presented by Chris Purrington, the VP Sales Europe at Cohesive Networks
Perimeter-based security approaches have not evolved to meet the modern application-focused enterprise. The weaknesses of the perimeter-based approach are on display in the east/west attacks on Sony, Target, and Home Depot exploits where hackers gained access to the perimeter, then ransacked the internal networks with minimal resistance. What can modern enterprises do? A “defense in depth” approach to security at the network layer. Enterprises must strengthen existing core networking hardware and virtualization layer security with added application security. In data centres, physical network isolation is not practical, and logical segmentation can be very difficult without using evolved networking approaches. As data centers became wholly virtualized and blur the line between data center and private cloud, we can finally add and control logical segmentation at the virtualization layer. This “Application Segmentation” provides the most comprehensive security model available today. You can apply application segmentation defense in depth using Cohesive Networks’ VNS3:turret. VNS3:turret creates a cryptographically unique micro-perimeter around each application topology. This presentation will examine how an defense in depth at the application layer can stop the next Sony attack.
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016
LocusView Solutions, a Chicago-based subsidiary of the Gas Technology Institute (GTI), applied the NIST Cybersecurity Framework to pass penetration tests and compliance auditing in 2015.
LocusView provides a SaaS solutions to the natural gas industry, and wanted to go beyond standard regulatory compliance to save money and streamline the audit process.
As organizations spend more time and efforts to fight data breaches and fears of fallout from a data loss, IT teams like LocusView can begin comparing existing cybersecurity practices to the NIST Framework to quickly identify any gaps in pinpointing, assessing, and managing risks in their networks.
The NIST Framework was created for critical infrastructure — banking, aviation, defense — all organizations can easily apply the principles to their operations. While traditional audit-focused standards value policies and checklists, NIST’s risk-based approach focuses on business and customers.
As part of an in-depth audit, LocusView used the NIST Framework to ensure everything from customer data to cloud-based networks are truly secure.
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...Cohesive Networks
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360 presentation 2016
More vital organization data is living outside of a traditional data center in modern organizations, but why haven’t our security practices changed?
The problem starts with the perimeter-heavy, fortify-the-exterior approach. When it fails to stop cybercrime, it can cost upwards of $100M. By focusing on the application, data, and user as the important security layers organizations can both prevent and mitigate attacks.
Application layer network security can improve network performance, security and add control over applications. Software-defined networking (SDN) and network functions virtualization (NFV) have all but eliminated the cost and complexity of adding security at every level.
Organizations can best control all data and network traffic by using secure, encrypted switches at every layer within a network. Monitored access, encryption, and application-specific firewall rules can all but eliminate malicious “east/west” movement inside a network. Learn how upcoming security compliance regulations – like NIST, PCI, and the EU banking standards – are focusing in on security requirements at all layers. 2016 will be a game-changing year for application security.
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Cohesive Networks
Slides from the Chicago AWS user group on May 5th, 2016. Asaf Yigal, Co-Founder and VP Product at Logz.io, presented on using Elasticsearch, Logstash, and Kibana in Amazon Web Services.
"Setting up the increasingly-popular open-source ELK Stack (Elasticsearch, Logstash, and Kibana) on AWS might seem like an easy task, but we have gone through several iterations in our architecture and have made some mistakes in our deployments that have turned out to be common in the industry. In this talk, we will go through what we did and explain what worked and what failed -- and why. We will also provide a complete blueprint of how to set up ELK for production on AWS." ~ @asafyigal
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...Cohesive Networks
By COO & CFO Dwight Koop - Data breaches and cybersecurity costs have brought attention to the dire need for comprehensive, preventative IT security guidelines. Dwight Koop walks through the recent NIST Cybersecurity Framework updates and how it can help businesses in all industry sectors.
Learn more about Cohesive Networks' virtual networking device with our handy comparison guide. See how VNS3 outshines the rest with enhanced capabilities, functionality and interoperability for any public, private or hybrid cloud.
Learn more about Cohesive Networks' virtual networking device with our handy comparison guide. See how VNS3 outshines the rest with enhanced capabilities, functionality and interoperability for any public, private or hybrid cloud.
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks
Get started with VNS3
Learn how to customize your VNS3 device and network setup. This guide will walk you through how to change your username and passwords, set up VNS3 Firewalls, take VNS3 Snapshots for backup and recovery, Upgrade your VNS3 license, configure other routes in your network, enable SNMP support, and even reset factory defaults.
For additional help, please contact Cohesive Networks Support: https://cohesive.net/support/support-contacts
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks
Get started with VNS3 virtual networking devices.Configure VNS3 for the first time from the web-based UI.
Once you log in to VNS3, you can customize your device and network setup, including:
generate clientpacks, peering VNS3 Controllers in a mesh, IPsec configurations with VNS3 Controllers, IPsec configuration with remove devices, client server connection options, overlay client server configurations, and how to review your VNS3 and overlay network configurations.
For additional help, please contact Cohesive Networks Support: https://cohesive.net/support/support-contacts
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks
Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) EC2 public cloud environments. Note: this guide is for AWS customers who are able to launch AMIs outside of VPC (using AWS before 2009)
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) VPC public cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks
Use this VNS3 set up guide to get started in Microsoft Azure public cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks
Use this VNS3 set up guide to get started in CenturyLink Cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration for IBM SoftlayerCohesive Networks
Use this VNS3 set up guide to get started in IBM Cloud and IBM Softlayer environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks
Use this VNS3 set up guide to get started in ElasticHosts public cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks
Use this VNS3 set up guide to get started in Google Cloud and GCE environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks
Welcome to VNS3 version 3.5+
See what's new in the latest public release of VNS3. This guide will walk through the changes to the web-based UI, API, and container plugin system in the new release.
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide Cohesive Networks
Create side by side IPsec tunnels using two or more VNS3 Controllers. Use either NAT-Traversal or Native IPsec methods to configure a secure tunnel you control to endpoints you specify in public, private, or hybrid clouds.
Cohesive networks Support Docs: VNS3 3.5 Upgrade GuideCohesive Networks
Learn how to upgrade previous versions of VNS3 (or older VPN3 versions) to the latest 3.5.x release.
Follow along with upgrade steps to update, transfer configure settings, and secure your old and new VNS3 devices.
Contact our support team for more information on upgrading to the latest 3.5 version of VNS3.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. copyright 2015
Syllabus
2
• Default Docker Network
• Multi container apps
• Networking modes
• Pipework
• Connecting containers across VMs using
Open vSwitch.
• Using containers for application network services such
as proxies, load balancers and for TLS termination
3. copyright 2015
Go at your own pace
3
Detailed instructions (and these slides) are available at:
https://github.com/cpswan/container-networking-tutorial
is.gd/onugcn
12. copyright 2015 12
Start a container and inspect network
Start container
CON1=$(sudo docker run -d cpswan/hello_onug)
Get IP
CON1IP=$(sudo docker inspect
--format='{{.NetworkSettings.IPAddress}}' $CON1)
Show IP and use it
echo $CON1IP && curl $CON1IP:8080
14. copyright 2015 14
Start 2nd container and use it
Start container
CON2=$(sudo docker run -d -p 8080:8080 cpswan/hello_onug)
Connect to the container
curl localhost:8080
15. copyright 2015 15
Take another look at the host network
Show IPs
ip addr
Look at NAT rules
sudo iptables -t nat -L -n
17. copyright 2015 17
A typical 3 tier app
HTTPS (tcp:443)
Web Server
(tcp:4567)
App Server
(tcp:3306)
DB Server
18. copyright 2015 18
Launch a 3 tier app with links
Create the directory for persistent data
sudo mkdir -p /data/mysql
Start the database
sudo docker run -d -p 3306:3306 --name todomvc_db
-v /data/mysql:/var/lib/mysql cpswan/todomvc.mysql
Start the app server
sudo docker run -d -p 4567:4567 --name todomvc_app
--link todomvc_db:db cpswan/todomvc.sinatra
Start the web server
sudo docker run -d -p 443:443 --name todomvc_ssl
--link todomvc_app:app cpswan/todomvc.ssl
19. copyright 2015 19
Look at how the links work
Get a shell in the app container
sudo docker exec -it $(sudo docker ps |
grep sinatra | cut -c1-12) bash
Take a look at the app using ENV variable
head /opt/sinatra-ToDoMVC-docker/app.rb
exit
Source is at:
https://github.com/cpswan/sinatra-ToDoMVC/blob/docker/app.rb
20. copyright 2015 20
Look at how the links work pt.2
Get a shell in the ssl container
sudo docker exec -it $(sudo docker ps |
grep ssl | cut -c1-12) bash
ENV variable has been hard coded into config
tail /etc/nginx/nginx.conf
The launch script uses a template to fetch ENV vars
cat /etc/nginx/upstream.template
exit
Source is at:
https://github.com/cpswan/dockerToDoMVC/blob/master/NginxSSL/start_nginx.sh
21. copyright 2015 21
Another quick look at iptables
Look at NAT rules
sudo iptables -t nat -L -n
Look at DOCKER chain
sudo iptables -L
23. copyright 2015 23
Bring up the demo app again
Restart Docker to clear out containers
sudo service docker restart
Invoke Docker compose (in background)
sudo docker-compose up &
List Docker processes
sudo docker ps
28. copyright 2015 28
--net=container example
Start containers
CON1=$(sudo docker run -d cpswan/todomvc.mysql)
sudo docker run --net=container:$CON1 –d cpswan/hello_onug
Get IP, show IP and use it
CON1IP=$(sudo docker inspect
--format='{{.NetworkSettings.IPAddress}}' $CON1)
echo $CON1IP && curl $CON1IP:8080
33. copyright 2015 33
Connect together some containers
Start another container
CON1=$(sudo docker run --net=none -d cpswan/todomvc.mysql)
Add first container to a bridge
sudo pipework br1 $CON1 192.168.1.1/24
Add second container to a bridge
sudo pipework br1 $CON2 192.168.1.2/24
34. copyright 2015 34
Test connectivity
Shell into first container
sudo docker exec -it $CON1 bash
Show address
ip addr
Connect to second container for Hello World
curl 192.168.1.2:8080
exit
36. copyright 2015 36
Implement ODCA SDN UM #4
http://www.opendatacenteralliance.org/docs/software_defined_networking_master_usage_model_rev2.pdf
37. copyright 2015 37
Launch another instance
1) Return to console.aws.amazon.com
2) Right click on existing instance and Launch More Like This
3) Launch
4) View Instances and get IP addresses
43. copyright 2015 43
Run Network App Svcs
Run container with HAProxy and Nginx:
NAS=$(sudo docker run -d -p 80:80 -p 443:443
-p 4433:4433 cpswan/net-app-svcs)
Add another HelloWorld for it to load balance over
sudo pipework ovsbr0 $(sudo docker run --net=none
-d cpswan/hello_onug) 192.168.2.3/24
Add the NAS container to the OVS bridge
sudo pipework ovsbr0 $NAS 192.168.2.4/24
44. copyright 2015 44
Open up AWS Security Groups
1) Return to console.aws.amazon.com
2) Click on Security Groups, launch-wizard-1, inbound, Edit
3) Add HTTP, HTTPS and Custom TCP Rule for 4433
4) Save
45. copyright 2015 45
Load balancer in action
Browse to http://public_ip
Browse to http://public_ip/haproxy?stats and sign
in with:
Username: us3r
Password: pa55Word
46. copyright 2015 46
TLS termination in action
Browse to https://public_ip
Accept browser security warnings
Bring up certificate information
47. copyright 2015 47
WAF in action
Browse to https://public_ip:4433
Accept browser security warnings
Browse to https://public_dns_address:4433
48. copyright 2015 48
Take a look at config
Get a shell on the NAS container
sudo docker exec -it $NAS bash
Inspect HAProxy config
more /etc/haproxy/haproxy.cfg
Inspect Nginx config
more /etc/nginx/nginx.conf
Source code is at http://is.gd/onugnas
50. copyright 2015
Review
50
• Default Docker Network
• Multi container apps
• Networking modes
• Pipework
• Connecting containers across VMs using
Open vSwitch.
• Using containers for application network services such
as proxies, load balancers and for TLS termination