Presentation for the London Mesos Users Meetup, 11 May 2016.
An overview of the current state of the art in container networking, with lessons learned over the last 12 months or so deploying Project Calico in the real world.
Simplifying and Securing your OpenShift Network with Project CalicoAndrew Randall
OpenShift Commons Webinar presented on March 2 2017
OpenShift networking works great out of the box, right? So why would you consider anything else? This briefing examines an alternative approach that has benefits for many scenarios – from tightly securing a few high value AWS instances to scaling a large private cloud deployment. Come learn about how how Calico differs from traditional solutions like OpenShift SDN, and see how Calico has now been integrated with Kubernetes and OpenShift to provide a smooth deployment experience, and lessons learned across hundreds of enterprise users.
This was presented at the "Microservices for Enterprises" meetup, March 31, 2016 in Palo Alto, California.
We review the experience of deploying Project Calico in enterprise container environments, and compare/contrast with traditional virtual networking approaches.
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
Traditional overlay networks using VXLAN are more complicated to setup and diagnose than is necessary for the majority of data centers. Calico offers an alternative Layer 3 solution - aside from simplicity, this also offers benefits in terms of improved scale and security.
These are the Calico slides from the SDN Switzerland meetup on 13/11/2015,
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
Slide presentation from the April 16th, 2015 Downtown NY Tech Meetup hosted at Control Group and presented by Christopher Liljenstolpe from Project Calico (www.projectcalico.org)
Project Calico is a scale-out networking fabric for bare metal, container, VM, and hybrid environments. Project Calico leverages the same networking techniques used to scale out the Internet to present a highly scaleable, L3 network for those environments without the use of tunnels, overlays, or other complex constructs. We'll also do a demo of a Calico enabled Docker environment, and have plenty of time for q&a during and after.
About Christopher Liljenstolpe
Christopher is the original architect of Project Calico and one of the project's evangelists. In his day job, he's the director of solutions architecture at Metaswitch Networks. Prior to Calico/Metaswitch, he's designed and run some bio-informatics OpenStack clusters, done some SDN architecture work at Big Switch Networks, Run architecture at two large carriers (Telstra - AS1221, and Cable & Wireless/iMCI - AS3561) and been the IP CTO for Alcatel in Asia. He's also run networks in Antarctica (hint, bend radius becomes REALLY important at -50C), and been foolish enough to do a stint as a wg co-chair in the IETF. Occasionally you can have the (mis-)fortune of hearing him speak at conferences and the like.
Simplifying and Securing your OpenShift Network with Project CalicoAndrew Randall
OpenShift Commons Webinar presented on March 2 2017
OpenShift networking works great out of the box, right? So why would you consider anything else? This briefing examines an alternative approach that has benefits for many scenarios – from tightly securing a few high value AWS instances to scaling a large private cloud deployment. Come learn about how how Calico differs from traditional solutions like OpenShift SDN, and see how Calico has now been integrated with Kubernetes and OpenShift to provide a smooth deployment experience, and lessons learned across hundreds of enterprise users.
This was presented at the "Microservices for Enterprises" meetup, March 31, 2016 in Palo Alto, California.
We review the experience of deploying Project Calico in enterprise container environments, and compare/contrast with traditional virtual networking approaches.
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
Traditional overlay networks using VXLAN are more complicated to setup and diagnose than is necessary for the majority of data centers. Calico offers an alternative Layer 3 solution - aside from simplicity, this also offers benefits in terms of improved scale and security.
These are the Calico slides from the SDN Switzerland meetup on 13/11/2015,
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
Slide presentation from the April 16th, 2015 Downtown NY Tech Meetup hosted at Control Group and presented by Christopher Liljenstolpe from Project Calico (www.projectcalico.org)
Project Calico is a scale-out networking fabric for bare metal, container, VM, and hybrid environments. Project Calico leverages the same networking techniques used to scale out the Internet to present a highly scaleable, L3 network for those environments without the use of tunnels, overlays, or other complex constructs. We'll also do a demo of a Calico enabled Docker environment, and have plenty of time for q&a during and after.
About Christopher Liljenstolpe
Christopher is the original architect of Project Calico and one of the project's evangelists. In his day job, he's the director of solutions architecture at Metaswitch Networks. Prior to Calico/Metaswitch, he's designed and run some bio-informatics OpenStack clusters, done some SDN architecture work at Big Switch Networks, Run architecture at two large carriers (Telstra - AS1221, and Cable & Wireless/iMCI - AS3561) and been the IP CTO for Alcatel in Asia. He's also run networks in Antarctica (hint, bend radius becomes REALLY important at -50C), and been foolish enough to do a stint as a wg co-chair in the IETF. Occasionally you can have the (mis-)fortune of hearing him speak at conferences and the like.
KubeCon EU 2016: Secure, Cloud-Native Networking with Project CalicoKubeAcademy
Why does the network matter and why does it need to be simple (the 3am test)? Why should we build networks that scale to the extremes and how can we do that with proven technologies? Finally, how can we secure microservices, why should we bother, and what does this mean for developers and operators?
Sched Link: http://sched.co/6BUR
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
Deep dive into container networking for Docker EE (Enterprise Edition) using open source Contiv networking solution. Talk + demo of Docker EE Swarm mode + Contiv.
Video recording of the talk is at the Cisco Live web site. www.ciscolive.com
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...Cloud Native Day Tel Aviv
Kuryr is a new project, started by Gal Sagie, that makes Neutron networking available to containers networking used in Docker / Kubernetes and others.
Kuryr aims at bridging the gap between containers orchestration engines and models to OpenStack networking abstraction and expose Neutron flexibility/features and advanced services to containers networking.
Overlay/Underlay - Betting on Container NetworkingLee Calcote
Presented at Rackspace Austin (downtown) on July 27th, 2016.
An inherent to component to any distributed application, networking is one of the most complicated and expansive infrastructure technologies. Container networking needs to be developer-friendly. Application-driven and portable. With developers busily adopting container technologies, the time has come for network engineers and operators to prepare for the unique challenges brought on by cloud native applications. What container networking specifications bring to the table and how to leverage them.
Calico provides secure network connectivity for containers and virtual machine workloads.
Calico creates and manages a flat layer 3 network, assigning each workload a fully routable IP address. Workloads can communicate without IP encapsulation or network address translation for bare metal performance, easier troubleshooting, and better interoperability. In environments that require an overlay, Calico uses IP-in-IP tunneling or can work with other overlay networking such as flannel.
Calico also provides dynamic enforcement of network security rules. Using Calico’s simple policy language, you can achieve fine-grained control over communications between containers, virtual machine workloads, and bare metal host endpoints.
Proven in production at scale, Calico features integrations with Kubernetes, OpenShift, Docker, Mesos, DC/OS, and OpenStack.
Docker network performance in the public cloudArjan Schaaf
Presentation from Container Camp London 2015 which compares both the network performance of containers on both AWS and Azure. Included SDN solutions in these tests are Flannel, Weave and Project Calico.
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...Cloud Native Day Tel Aviv
OpenDaylight is the largest open source SDN controller. OpenDaylight's Netvirt project provides an alternative mechanism and architecture for provisioning networks using Neutron. OpenDaylight Netvirt is an active project with dozens of contributors worldwide and serves as the basis of numerous commercial products and services.
This talk aims to provide a technical overview of the OpenDaylight Netvirt project and its integration with Neutron.
Topics will include:
* Neutron/OpenDaylight architectural overview
* openstack/networking_odl v2 architecture and new features
* OpenDaylight Netvirt's networking deep dive
* Advantages of OpenDaylight Netvirt
This talk targets people interested in using or developing OpenDaylight for OpenStack.
Introduction to the Container Network Interface (CNI)Weaveworks
CNI, the Container Network Interface, is a standard API between container runtimes and container network implementations. These slides are from the Cloud Native Computing Foundation's Webinar, and explain what CNI is, how you use it, and what lies ahead on the roadmap.
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
In the OpenStack ecosystem, containers were introduced as first class citizens recently with the project Magnum and the networking for containers has also evolved since then. Project Kuryr makes networking available to containers through Neutron. This all brings together how Neutron networking benefits containers like it does virtual machines. However, to make Neutron, Kuryr and Magnum cover all the use cases for containers, nested containers inside Nova VMs require networking to work as seamlessly as it works for virtual machines or bare metal containers. In this session, we will talk about Magnum, Kuryr, Neutron integration and how the problem of nested container networking has been solved in the OpenStack community, it's architecture, the design, current status and next steps.
Here is the slide deck presented at our March 16, 2016 Kubernetes meetup by Aniket Daptari, Sr. Product Manager of Cloud Networking, Juniper Networks. It covers OpenContrail with Kubernetes. Sponsored by StackPointCloud and Concur.
"Less is More"
Talk given at the Open Networking Users Group at Columbia University, New York, May 15, 2015
Summary of what is wrong with OpenStack networking today, the complexity of overlays and the simplicity that can be achieved with a pure Layer 3 routed model, as embodied by Project Calico
How we built Packet's bare metal cloud platformPacket
Overview on Packet's approach to bare metal server and network automation for our public cloud. Presented at the Downtech NY Tech meetup on May 19th, 2016
KubeCon EU 2016: Secure, Cloud-Native Networking with Project CalicoKubeAcademy
Why does the network matter and why does it need to be simple (the 3am test)? Why should we build networks that scale to the extremes and how can we do that with proven technologies? Finally, how can we secure microservices, why should we bother, and what does this mean for developers and operators?
Sched Link: http://sched.co/6BUR
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
Deep dive into container networking for Docker EE (Enterprise Edition) using open source Contiv networking solution. Talk + demo of Docker EE Swarm mode + Contiv.
Video recording of the talk is at the Cisco Live web site. www.ciscolive.com
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...Cloud Native Day Tel Aviv
Kuryr is a new project, started by Gal Sagie, that makes Neutron networking available to containers networking used in Docker / Kubernetes and others.
Kuryr aims at bridging the gap between containers orchestration engines and models to OpenStack networking abstraction and expose Neutron flexibility/features and advanced services to containers networking.
Overlay/Underlay - Betting on Container NetworkingLee Calcote
Presented at Rackspace Austin (downtown) on July 27th, 2016.
An inherent to component to any distributed application, networking is one of the most complicated and expansive infrastructure technologies. Container networking needs to be developer-friendly. Application-driven and portable. With developers busily adopting container technologies, the time has come for network engineers and operators to prepare for the unique challenges brought on by cloud native applications. What container networking specifications bring to the table and how to leverage them.
Calico provides secure network connectivity for containers and virtual machine workloads.
Calico creates and manages a flat layer 3 network, assigning each workload a fully routable IP address. Workloads can communicate without IP encapsulation or network address translation for bare metal performance, easier troubleshooting, and better interoperability. In environments that require an overlay, Calico uses IP-in-IP tunneling or can work with other overlay networking such as flannel.
Calico also provides dynamic enforcement of network security rules. Using Calico’s simple policy language, you can achieve fine-grained control over communications between containers, virtual machine workloads, and bare metal host endpoints.
Proven in production at scale, Calico features integrations with Kubernetes, OpenShift, Docker, Mesos, DC/OS, and OpenStack.
Docker network performance in the public cloudArjan Schaaf
Presentation from Container Camp London 2015 which compares both the network performance of containers on both AWS and Azure. Included SDN solutions in these tests are Flannel, Weave and Project Calico.
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...Cloud Native Day Tel Aviv
OpenDaylight is the largest open source SDN controller. OpenDaylight's Netvirt project provides an alternative mechanism and architecture for provisioning networks using Neutron. OpenDaylight Netvirt is an active project with dozens of contributors worldwide and serves as the basis of numerous commercial products and services.
This talk aims to provide a technical overview of the OpenDaylight Netvirt project and its integration with Neutron.
Topics will include:
* Neutron/OpenDaylight architectural overview
* openstack/networking_odl v2 architecture and new features
* OpenDaylight Netvirt's networking deep dive
* Advantages of OpenDaylight Netvirt
This talk targets people interested in using or developing OpenDaylight for OpenStack.
Introduction to the Container Network Interface (CNI)Weaveworks
CNI, the Container Network Interface, is a standard API between container runtimes and container network implementations. These slides are from the Cloud Native Computing Foundation's Webinar, and explain what CNI is, how you use it, and what lies ahead on the roadmap.
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
In the OpenStack ecosystem, containers were introduced as first class citizens recently with the project Magnum and the networking for containers has also evolved since then. Project Kuryr makes networking available to containers through Neutron. This all brings together how Neutron networking benefits containers like it does virtual machines. However, to make Neutron, Kuryr and Magnum cover all the use cases for containers, nested containers inside Nova VMs require networking to work as seamlessly as it works for virtual machines or bare metal containers. In this session, we will talk about Magnum, Kuryr, Neutron integration and how the problem of nested container networking has been solved in the OpenStack community, it's architecture, the design, current status and next steps.
Here is the slide deck presented at our March 16, 2016 Kubernetes meetup by Aniket Daptari, Sr. Product Manager of Cloud Networking, Juniper Networks. It covers OpenContrail with Kubernetes. Sponsored by StackPointCloud and Concur.
"Less is More"
Talk given at the Open Networking Users Group at Columbia University, New York, May 15, 2015
Summary of what is wrong with OpenStack networking today, the complexity of overlays and the simplicity that can be achieved with a pure Layer 3 routed model, as embodied by Project Calico
How we built Packet's bare metal cloud platformPacket
Overview on Packet's approach to bare metal server and network automation for our public cloud. Presented at the Downtech NY Tech meetup on May 19th, 2016
Container Network Interface: Network Plugins for Kubernetes and beyondKubeAcademy
With the rise of modern containers comes new problems to solve – especially in networking. Numerous container SDN solutions have recently entered the market, each best suited for a particular environment. Combined with multiple container runtimes and orchestrators available today, there exists a need for a common layer to allow interoperability between them and the network solutions.
As different environments demand different networking solutions, multiple vendors and viewpoints look to a specification to help guide interoperability. Container Network Interface (CNI) is a specification started by CoreOS with the input from the wider open source community aimed to make network plugins interoperable between container execution engines. It aims to be as common and vendor-neutral as possible to support a wide variety of networking options — from MACVLAN to modern SDNs such as Weave and flannel.
CNI is growing in popularity. It got its start as a network plugin layer for rkt, a container runtime from CoreOS. Today rkt ships with multiple CNI plugins allowing users to take advantage of virtual switching, MACVLAN and IPVLAN as well as multiple IP management strategies, including DHCP. CNI is getting even wider adoption with Kubernetes adding support for it. Kubernetes accelerates development cycles while simplifying operations, and with support for CNI is taking the next step toward a common ground for networking. For continued success toward interoperability, Kubernetes users can come to this session to learn the CNI basics.
This talk will cover the CNI interface, including an example of how to build a simple plugin. It will also show Kubernetes users how CNI can be used to solve their networking challenges and how they can get involved.
KubeCon schedule link: http://sched.co/4VAo
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeOmar Al-Safi
In this talk, we will leverage all cloud native stacks and tools to build Camel Quarkus routes natively using GraalVM native-image on Tekton pipeline and deploy these routes to Kubernetes cluster with Knative installed. We will dive into the following topics in the talk: - Introduction to Camel - Introduction to Camel Quarkus - Introduction to GraalVM Native Image - Introduction to Tekon - Introduction to Knative - Demo shows how to deploy end to end a Camel Quarkus route which include the following steps: - Look at whole deployment pipeline for Cloud Native Camel Quarkus routes - Build Camel Quarkus routes with GraalVM native-image on Tekton pipeline. - Deploy Camel Quarkus routes to Kubernetes cluster with Knative Targeted Audience: Users with basic Camel knowledge
We all need friends and Akka just found KubernetesFabio Tiriticco
We all feel alone sometimes. Akka got along well with the VM crew ever since it was born, but new friends and fresh ideas are always necessary. Which is why lately Akka loves spending time with Kubernetes! Maybe the reason why they like each other so much is their sharing of core values such as transparent scalability and resilience.
How do these two technologies compare from a Reactive standpoint? Does one supersede the other? In fact, their powers can be combined to design distributed systems all the way from application code to cloud instance.
Akka and Kubernetes: Reactive From Code To CloudLightbend
In this webinar with special guest Fabio Tiriticco, we will explore how Akka is the perfect companion to Kubernetes, providing the application level requirements needed to successfully deploy and manage your cloud-native services with technologies built specifically for cloud-native applications, like Kubernetes.
CA Performance Manager Agility by using Docker Containers for Network Manag...CA Technologies
Everything is moving more quickly as companies try to achieve first-mover advantage by leveraging their network and offering advanced services. Join the experts at CA technologies to learn how using Docker containers can help expedite your testing and delivery of new network and product offerings.
For more information, please visit http://cainc.to/Nv2VOe
Everyone Loves Docker Containers Before They Understand Docker Containers - A...ITCamp
Each year the IT world offers a hype-word. The last decade has all been about mobile, cloud, Big Data and IoT. In the context of cloud apps however, monolithic applications have little to offer in terms of HA and DR and their deployment process is mostly an error-prone operation. Curious enough, even though container have been around for many years, the hype word nowadays is containers (along with microservices), and that’s probably because of Docker, who made containers really easy to use.
Throughout this talk, I will cover the importance of containers and what Azure has to offer in terms of containers, namely Azure Container Services. And because deploying a single container isn’t part of the real world scenarios, I will also show you how you can manage (aka orchestrate) an application in the real world. Don’t be fooled by the title though! This session will not be exclusively about Docker, it will be about containers, about Docker images, about orchestrating containerized applications, about Azure Container Service, about deploying ASP.NET Core Applications to Docker Containers in Azure and about configuring release pipelines in Visual Studio Team Services and taking advantage of Docker containers.
Project “The Interceptor”: Owning anti-drone systems with nanodronesPriyanka Aash
"Antidrone system industries have arised. Due to several, and even classic, vulnerabilities in communication systems now used by drones , anti-drone systems are able to take down those drone by means of well documented attacks.
Drone/antidrone competition has already been set into the scene. This talk provides a new vision about drone protection against anti-drone systems, presenting ""The Interceptor Project"", a hand-sized nano drone based on single-core tiniest Linux Board: Vocore2.
This Linux board manages a WiFi (side/hidden) bidirectional channel communication that cannot be deauthenticated and it is replay-resistant, keeping all 802.11 hacking capabilities and standard utilities as any other WiFi hacker drone, with only the built-in adapter of the tiny Vocore2. Also, a ""just in case"", fallback control by SDR is implemented taking advantage of all the goods that SDR radio gives. All embedded into a hand-sized aircraft to make detection and mitigation a real and new pain, with a very low budget: About $70."
Reactive Programming With Akka - Lessons LearnedDaniel Sawano
This presentation was given by Daniel Deogun and Daniel Sawano at the 33rd Degree Conference, Krakow, 2014.
When mentioning Akka, most of us think of a framework allowing one to design high performant, scalable, and fault tolerant systems. But the question is, how can one utilize the power of reactive programming when surrounded by legacy?
In this talk, we will share our insights and experiences from developing high performance systems with Akka. Despite that Akka APIs are more favorable in Scala, we have chosen and successfully used Akka’s Java APIs. A strategy that may have significant impact on the business and the success of a project. In addition, we will present how domain specific requirements influences your design options, the traps we have walked into, and how everyone may benefit from Akka regardless of green or brown field development.
A Primer on FPGAs - Field Programmable Gate ArraysTaylor Riggan
A focus on the use of FPGAs by cloud service providers. Includes Microsoft Azure Catapult, Google Tensor Processors, and Amazon EC2 F1 instances. Also includes background info on how to get started with FPGAs
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Patrick Chanezon
In two years, Docker hit the sweet spot for devs and ops, with tools for building, shipping, and running distributed apps architected as a set of collaborating microservices packaged as Linux containers. One area of the Docker ecosystem that saw a lot of innovation in the past year is container orchestration systems. This session compares and contrasts various Docker orchestration systems (Swarm, Machine, and Compose), the batteries included with Docker itself, Mesos, Kubernetes, CoreOS/Fleet, Deis, Cloud Foundry, and Tutum. It includes a demo of how to deploy a Java 8 app with MongoDB on several of these systems. The goal of the session is to give you a framework to help evaluate how these systems can meet your particular requirements.
Demo code at https://github.com/chanezon/docker-tips/blob/master/orchestration-networking/README.md
Slides from our Q3 meetup held in Montreal on September 27th 2017 at the Cloud.ca Center.
Video recording can be seen at: https://www.youtube.com/watch?v=_1btwHW39ms&list=PLSsQodeQD6LPyqrvvczcC5mkOOnPt469o
From ATT&CKcon 3.0
By Jared Stroud, Lacework
Adversaries target common cloud misconfigurations in container-focused workflows for initial access. Whether this is Docker or Kubernetes environments, Lacework Labs has identified adversaries attempting to deploy malicious container images (T1610) , mine Cryptocurrency (T1496), and deploy C2 agents. Defenders new to the container space may be unaware of the built-in capabilities popular container runtime engines have that can help defend against rogue containers being deployed into their environment. Attendees will walk away with an understanding of what these attack patterns look like based on honeypot data Lacework has gathered over the past year, as well as techniques on how to defend their own container focused workloads.
Similar to Container Networking: the Gotchas (Mesos London Meetup 11 May 2016) (20)
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
1. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Networking in a Containerized Data
Center: the Gotchas!
MESOS LONDON MEETUP
Andy Randall | @andrew_randall May 11, 2016
6. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
The original “container approach” to networking
All containers on a machine share the same IP address
Gotcha #1:
WWW1
WWW2
80
80
Proxy
8080
8081
Still most container deployments use this method!
7. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
World is moving to “IP per container”
Container Network
Interface (CNI)
Container
Network Model
(libnetwork, 0.19)
net-modules (Mesos 0.26)
(future: CNI?)
8. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
We’ve solved “IP per VM” before…
VM
1
VM
2
VM
3
Virtual Switch
9. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
We’ve solved “IP per VM” before…
VM
1
VM
2
VM
3
Virtual Switch
VM
1
VM
2
VM
3
Virtual Switch
10. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Consequences for containers (gotcha #2): Scale
Hundreds of servers, low churn Millions of containers, high churn
11. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
pHost 1
Virtual Switch /
encapsulation
vNIC
pNIC
vNIC
VM1
Consequences for containers (gotcha #3): Layering
Packets are double encap’d!
Container
A
Container
B
Container
C
Virtual Switch / encapsulation
veth0 veth1 veth2
pHost 2
Virtual Switch /
encapsulation
VM2
Container
D
Container
E
Container
F
Virtual Switch / encapsulation
pNIC
vNIC vNIC
veth0 veth1 veth2
Physical Switch
12. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Consequences for containers (gotcha #4): walled gardens
Legacy App
pHost 1
Virtual Switch /
encapsulation
vNIC
pNIC
vNIC
VM1
Container
A
Container
B
Container
C
Virtual Switch / encapsulation
veth0 veth1 veth2
Physical Switch
13. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
“Any intelligent fool can
make things bigger, more
complex… It takes a
touch of genius – and a
lot of courage – to move
in the opposite direction.”
14. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
A Saner Approach: just route IP from the container
pHost 1
Virtual underlay
vNIC
pNIC
vNIC
VM1
Container
A
Container
B
Container
C
Linux kernel routing (no encapsulation)
veth0 veth1 veth2
pHost 2
Virtual Underlay
VM2
Container
D
Container
E
Container
F
Linux kernel routing (no encapsulation)
pNIC
vNIC vNIC
veth0 veth1 veth2
Physical Underlay
15. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Variant: 1 vm per host, no virtual underlay, straight-up IP
pHost 1 pNIC
vNIC
VM1
Container
A
Container
B
Container
C
Linux kernel routing (no encapsulation)
veth0 veth1 veth2
pHost 2
VM2
Container
D
Container
E
Container
F
Linux kernel routing (no encapsulation)
pNIC
vNIC
veth0 veth1 veth2
Physical Underlay
16. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Results: bare metal performance from virtual networks
0
1
2
3
4
5
6
7
8
9
10
Bare metal Calico OVS+VXLAN
Throughput Gbps
0
20
40
60
80
100
120
Bare metal Calico OVS+VXLAN
CPU % per Gbps
Source: https://www.projectcalico.org/calico-dataplane-performance/
17. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Some container frameworks still assume port mapping
E.g. Marathon load balancer service (but being fixed…)
Some PaaS’s not yet supporting IP per container
But several moving to build on Kubernetes, and will likely pick it up
Gotcha #5: IP per container not yet universally supported
18. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
You can easily get your configuration wrong and get sub-
optimal performance, e.g.
select wrong Flannel back-end for your fabric
turn off AWS src-dest IP checks
get MTU size wrong for the underlay…
Gotcha #6: running on public cloud
19. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Consequences of MTU size…
0
50
100
150
200
250
300
t2.micro m4.xlarge
qperf bandwidth
Bare Metal Calico
20. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Consequences of MTU size…
0
50
100
150
200
250
300
t2.micro m4.xlarge
qperf bandwidth
Bare Metal Calico (MTU=1440) Calico (MTU=8980)
21. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Suppose we assign a /24 per Kubernetes node (=> 254 pods)
Run 10 VMs per server, each with a Kubernetes node
40 servers per rack
20 racks per data center
4 data centers
=> now need a /15 for the rack, a /10 space for the data center,
and the entire 10/8 rfc1918 range to cover 4 data centers.
… and hope your business doesn’t expand to need a 5th data
center!
Gotcha #7: IP addresses aren’t infinite
22. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
DC/OS / Mesos – multiple ways to network your container
Net-modules – but only supports Mesos containerizer
Docker networking – but then not fully integrated e.g. into MesosDNS
CNI – possible future, but not here today
Roll-your-own orchestrator-network co-ordination – the approach some of
our users have taken
Kubernetes
CNI fairly stable
Fine-grained policy being added – will move from alpha (annotation—
based) to beta (first-class citizen API) in 1.3
Docker
Swarm / Docker Datacenter still early; libnetwork evolution? policy?
Gotcha #8: orchestration platforms support still evolving
23. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
Docker libnetwork provides limited functionality / visibility to
plug-ins
E.g. network name you specify as a user is NOT passed to the
underlying SDN
Consequences:
Diagnostics hard to correlate
Hard to enable ”side loaded” commands referring to networks created
on Docker command line (e.g. Calico advanced policy)
Hard to network between Docker virtual network domain and non-
containerized workloads
Gotcha #9: Docker libnetwork is “special”
24. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
“Can you write a function that tells me when all nodes have
caught up to the global state?”
Sure…
Gotcha #10: at cloud scale, nothing ever converges
function is_converged()
return false
25. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
The Future of Cloud Networking
Flat routed IP networking with
fine-grained policy
Broad set of overlay options
De facto industry standard for policy-driven networking for cloud native applications
26. @projectcalico Project Calico is sponsored by Tigera, Inc. | www.tigera.io
https://www.projectcalico.org/calico-dcos-demo-security-
speed-and-no-more-port-forwarding/
Check it out – Calico is in the Mesosphere Universe!
All the containers can talk to one another
Things like Kubeproxy will allow a single service VIP to access the containers inside the virtual network
But some legacy apps need direct access to the containers, and there’s no on/off-ramp possible