Continuous Delivery presents a compelling vision of builds that are automatically deployed and tested until ready for production.
Most teams aren't there yet. Some never want to go that far. Others want to push the envelope further.
This deck presents a model for scoring yourself on the continuum and examples of how companies can decide what parts of CD to adopt first, later and not at all.
Showcase development processes and methods with our content ready Devops PowerPoint Presentation Slide. Focus on rapid application delivery using our visually appealing development and operations PPT visuals. The operating system PowerPoint complete deck comprises self-explanatory and editable PowerPoint templates such as need for DevOps, best practices, criteria for choosing a pilot project, DevOps goals, timeline for DevOps transformation, current state future state, 30-60-90 day plan, roadmap for DevOps, transformation post successful DevOps Implementation, RACI matrix, dashboard to name a few. Users can easily customize all the templates as per their specific project needs. Furthermore, you can also use this IT operations management presentation deck to encourage your team to adopt DevOps culture practices and tools. Demonstrate DevOps goals like Increase automation and standardize the process, reduce cost effort & time to market and so on. Download our system development lifecycle PowerPoint templates to present ways to make improved products faster for greater client satisfaction. Handle deficiencies with our DevOps Powerpoint Presentation Slides. Initiate action to acquire desired assets. https://bit.ly/3y8q8NC
A high level introduction to DevOps. Explains what it is, how popular DevOps has become, why DevOps is popular, how DevOps differs from traditional approaches and some next steps to implementation.
Continuous Delivery presents a compelling vision of builds that are automatically deployed and tested until ready for production.
Most teams aren't there yet. Some never want to go that far. Others want to push the envelope further.
This deck presents a model for scoring yourself on the continuum and examples of how companies can decide what parts of CD to adopt first, later and not at all.
Showcase development processes and methods with our content ready Devops PowerPoint Presentation Slide. Focus on rapid application delivery using our visually appealing development and operations PPT visuals. The operating system PowerPoint complete deck comprises self-explanatory and editable PowerPoint templates such as need for DevOps, best practices, criteria for choosing a pilot project, DevOps goals, timeline for DevOps transformation, current state future state, 30-60-90 day plan, roadmap for DevOps, transformation post successful DevOps Implementation, RACI matrix, dashboard to name a few. Users can easily customize all the templates as per their specific project needs. Furthermore, you can also use this IT operations management presentation deck to encourage your team to adopt DevOps culture practices and tools. Demonstrate DevOps goals like Increase automation and standardize the process, reduce cost effort & time to market and so on. Download our system development lifecycle PowerPoint templates to present ways to make improved products faster for greater client satisfaction. Handle deficiencies with our DevOps Powerpoint Presentation Slides. Initiate action to acquire desired assets. https://bit.ly/3y8q8NC
A high level introduction to DevOps. Explains what it is, how popular DevOps has become, why DevOps is popular, how DevOps differs from traditional approaches and some next steps to implementation.
SRE (service reliability engineer) on big DevOps platform running on the clou...DevClub_lv
SRE (service reliability engineer). The talk is to explain the SRE philosophy and the principles of production engineering and operations in clouds.
(Language – English)
Pavlo is ADOP (Accenture DevOps Platform) Service Reliability Team Lead, SRE practitioner. Has more then 18 years of IT experience in Ops and Dev.
A common microservice architecture anti-pattern is more the merrier. It occurs when an organization team builds an excessively fine-grained architecture, e.g. one service-per-developer. In this talk, you will learn about the criteria that you should consider when deciding service granularity. I'll discuss the downsides of a fine-grained microservice architecture. You will learn how sometimes the solution to a design problem is simply a JAR file.
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailogjuljo
Full day workshop about Microservices Architectures, from the basis to advanced topics like Service Discovery, Load Balancing, Fault Tolerance and Centralized Logging.
Many technologies are involved, like Spring Cloud Netflix, Docker, Cloud Foundry and ELK.
A separate deck describes all the lab exercises.
DevOps provides competitive advantage to businesses through faster time to market by breaking down silos between business, development, testing and operations. They combine the Development and Operations teams leveraging automation of processes to enable rapid release cycles.
Understand the concept of DevOps by employing DevOps Strategy Roadmap Lifecycle PowerPoint Presentation Slides Complete Deck. Describe how DevOps is different from traditional IT with these content-ready PPT themes. The slides also help to discuss DevOps use cases in the business, roadmap, and its lifecycle. Explain the roles, responsibilities, and skills of DevOps engineers by utilizing this visually appealing slide deck. Demonstrate DevOp roadmap for implementation in the organization with the help of a thoroughly researched PPT slideshow. Describe the characteristics of cloud computing, its benefits, and risks with the aid of this PPT layout. Utilize this easy-to-use DevOps transformation strategy PowerPoint slide deck to showcase the difference between cloud and traditional data centers. This ready-to-use PowerPoint layout also discusses the roadmap to integrate cloud computing in business. Highlight the usages of cloud computing and deployment models with the help of visual attention-grabbing DevOps implementation roadmap PowerPoint slides. https://bit.ly/3eFxYYr
The pervasiveness of cloud and containers has led to systems that are much more distributed and dynamic in nature. Highly elastic microservice and serverless architectures mean containers spin up on demand and scale to zero when that demand goes away. In this world, servers are very much cattle, not pets. This shift has exposed deficiencies in some of the tools and practices we used in the world of servers-as-pets. Specifically, there are questions around how we monitor and debug these types of systems at scale. And with the rise of DevOps and product mindset, making data-driven decisions is becoming increasingly important for agile development teams.
In this talk, we discuss a new approach to system monitoring and data collection: the observability pipeline. For organizations that are heavily siloed, this approach can help empower teams when it comes to operating their software. The observability pipeline provides a layer of abstraction that allows you to get operational data such as logs and metrics everywhere it needs to be without impacting developers and the core system. Unlocking this data can also be a huge win for the business with things like auditability, business analytics, and pricing. Lastly, it allows you to change backing data systems easily or test multiple in parallel. With the amount of data and the number of tools modern systems demand these days, we'll see how the observability pipeline becomes just as essential to the operations of a service as the CI/CD pipeline.
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
Why DevOps?
DevOps principles
DevOps concepts
DevOps practices
DevOps people
DevOps controls
DevOps training and further reading
Where do you start with DevOps?
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Shift Left Security - The What, Why and HowDevOps.com
The shift left approach in DevOps moves software testing earlier in its lifecycle to prevent defects early in the software delivery process. How can developers use this approach to ensure security? Josh Thorngren, VP of Marketing at Twistlock, will explain what it means to shift left, and share five steps to ensure a successful transition to a shift left approach with DevOps.
Join this webinar to learn:
Best practices in adopting a successful shift to the left
How ‘shifting left’ promotes security
How developers are the new security guards in protecting company information
Customer case - Dynatrace Monitoring RedefinedMichel Duruel
One of the largest Airline in the world chose Dynatrace, here is the customer case.
Including:
Vision and Goal / Challenges / Requirements / Why Dynatrace is Unique / ROI and TCO / Rollout Status / Solution Screenshots
Dynatrace redefined monitoring with AI powered 3rd Generation APM, User Experience Monitoring & Continuous Improvement, Cloud-native, Full Stack, Auto Everything, End-to-End, Easiest to Implement, Use and Maintain
Mastering Chaos - A Netflix Guide to MicroservicesJosh Evans
QConSF 2016 Abstract:
By embracing the tension between order and chaos and applying a healthy mix of discipline and surrender Netflix reliably operates microservices in the cloud at scale. But every lesson learned and solution developed over the last seven years was born out of pain for us and our customers. Even today we remain vigilant as we evolve our service architecture. For those just starting the microservices journey these lessons and solutions provide a blueprint for success.
In this talk we’ll explore the chaotic and vibrant world of microservices at Netflix. We’ll start with the basics - the anatomy of a microservice, the challenges around distributed systems, and the benefits realized when integrated operational practices and technical solutions are properly leveraged. Then we’ll build on that foundation exploring the cultural, architectural, and operational methods that lead to microservice mastery.
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation application security tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities.
Auto verify, prioritize and triage vulnerability findings in real time with 100% confidence.
Fully automate secure app delivery and deployment, without the need for extra security scans or processes.
Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.
SRE (service reliability engineer) on big DevOps platform running on the clou...DevClub_lv
SRE (service reliability engineer). The talk is to explain the SRE philosophy and the principles of production engineering and operations in clouds.
(Language – English)
Pavlo is ADOP (Accenture DevOps Platform) Service Reliability Team Lead, SRE practitioner. Has more then 18 years of IT experience in Ops and Dev.
A common microservice architecture anti-pattern is more the merrier. It occurs when an organization team builds an excessively fine-grained architecture, e.g. one service-per-developer. In this talk, you will learn about the criteria that you should consider when deciding service granularity. I'll discuss the downsides of a fine-grained microservice architecture. You will learn how sometimes the solution to a design problem is simply a JAR file.
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailogjuljo
Full day workshop about Microservices Architectures, from the basis to advanced topics like Service Discovery, Load Balancing, Fault Tolerance and Centralized Logging.
Many technologies are involved, like Spring Cloud Netflix, Docker, Cloud Foundry and ELK.
A separate deck describes all the lab exercises.
DevOps provides competitive advantage to businesses through faster time to market by breaking down silos between business, development, testing and operations. They combine the Development and Operations teams leveraging automation of processes to enable rapid release cycles.
Understand the concept of DevOps by employing DevOps Strategy Roadmap Lifecycle PowerPoint Presentation Slides Complete Deck. Describe how DevOps is different from traditional IT with these content-ready PPT themes. The slides also help to discuss DevOps use cases in the business, roadmap, and its lifecycle. Explain the roles, responsibilities, and skills of DevOps engineers by utilizing this visually appealing slide deck. Demonstrate DevOp roadmap for implementation in the organization with the help of a thoroughly researched PPT slideshow. Describe the characteristics of cloud computing, its benefits, and risks with the aid of this PPT layout. Utilize this easy-to-use DevOps transformation strategy PowerPoint slide deck to showcase the difference between cloud and traditional data centers. This ready-to-use PowerPoint layout also discusses the roadmap to integrate cloud computing in business. Highlight the usages of cloud computing and deployment models with the help of visual attention-grabbing DevOps implementation roadmap PowerPoint slides. https://bit.ly/3eFxYYr
The pervasiveness of cloud and containers has led to systems that are much more distributed and dynamic in nature. Highly elastic microservice and serverless architectures mean containers spin up on demand and scale to zero when that demand goes away. In this world, servers are very much cattle, not pets. This shift has exposed deficiencies in some of the tools and practices we used in the world of servers-as-pets. Specifically, there are questions around how we monitor and debug these types of systems at scale. And with the rise of DevOps and product mindset, making data-driven decisions is becoming increasingly important for agile development teams.
In this talk, we discuss a new approach to system monitoring and data collection: the observability pipeline. For organizations that are heavily siloed, this approach can help empower teams when it comes to operating their software. The observability pipeline provides a layer of abstraction that allows you to get operational data such as logs and metrics everywhere it needs to be without impacting developers and the core system. Unlocking this data can also be a huge win for the business with things like auditability, business analytics, and pricing. Lastly, it allows you to change backing data systems easily or test multiple in parallel. With the amount of data and the number of tools modern systems demand these days, we'll see how the observability pipeline becomes just as essential to the operations of a service as the CI/CD pipeline.
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
Why DevOps?
DevOps principles
DevOps concepts
DevOps practices
DevOps people
DevOps controls
DevOps training and further reading
Where do you start with DevOps?
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Shift Left Security - The What, Why and HowDevOps.com
The shift left approach in DevOps moves software testing earlier in its lifecycle to prevent defects early in the software delivery process. How can developers use this approach to ensure security? Josh Thorngren, VP of Marketing at Twistlock, will explain what it means to shift left, and share five steps to ensure a successful transition to a shift left approach with DevOps.
Join this webinar to learn:
Best practices in adopting a successful shift to the left
How ‘shifting left’ promotes security
How developers are the new security guards in protecting company information
Customer case - Dynatrace Monitoring RedefinedMichel Duruel
One of the largest Airline in the world chose Dynatrace, here is the customer case.
Including:
Vision and Goal / Challenges / Requirements / Why Dynatrace is Unique / ROI and TCO / Rollout Status / Solution Screenshots
Dynatrace redefined monitoring with AI powered 3rd Generation APM, User Experience Monitoring & Continuous Improvement, Cloud-native, Full Stack, Auto Everything, End-to-End, Easiest to Implement, Use and Maintain
Mastering Chaos - A Netflix Guide to MicroservicesJosh Evans
QConSF 2016 Abstract:
By embracing the tension between order and chaos and applying a healthy mix of discipline and surrender Netflix reliably operates microservices in the cloud at scale. But every lesson learned and solution developed over the last seven years was born out of pain for us and our customers. Even today we remain vigilant as we evolve our service architecture. For those just starting the microservices journey these lessons and solutions provide a blueprint for success.
In this talk we’ll explore the chaotic and vibrant world of microservices at Netflix. We’ll start with the basics - the anatomy of a microservice, the challenges around distributed systems, and the benefits realized when integrated operational practices and technical solutions are properly leveraged. Then we’ll build on that foundation exploring the cultural, architectural, and operational methods that lead to microservice mastery.
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation application security tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities.
Auto verify, prioritize and triage vulnerability findings in real time with 100% confidence.
Fully automate secure app delivery and deployment, without the need for extra security scans or processes.
Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.
VoltDB and Erlang: two very promising beasts, made for the new parallel world, but still lingering in the wings. Not only are they addressing todays challenges but they are using parallel architectures as corner stone of their new and surprising approach to be faster and more productive. What are they good for? Why are we working to team them up?
Erlang promises faster implementation, way better maintenance and 4 times shorter code. VoltDB claims to be two orders of magnitude faster than its competitors. The two share many similarities: both are the result of scientific research and designed from scratch to address the new reality of parallel architectures with full force.
This talk presents the case for Erlang as server language, where it shines, how it looks, and how to get started. It details Erlang's secret sauce: microprocesses, actors, atoms, immutable variables, message passing and pattern matching. (Note: for a longer version of this treatment of Erlang only see: Why Erlang? http://www.slideshare.net/eonblast/why-erlang-gdc-online-2012)
VoltDB's inner workings are explained to understand why it can be so incredibly fast and still better than its NoSQL competitors. The well publicized Node.js benchmark clocking in at 695,000 transactions per second is described and the simple steps to get VoltDB up and running to see the prodigy from up close.
Source examples are presented that show Erlang and VoltDB in action.
The speaker is creator and maintainer of the Erlang VoltDB driver Erlvolt.
Wordnik's technical co-founder Tony Tam describes the reason for going NoSQL. During his talk Tony will discuss the selection criteria, testing + evaluation and successful, zero-downtime migration to MongoDB. Additionally details on Wordnik's speed and stability will be covered as well as how NoSQL technologies have changed the way Wordnik scales.
The guide for design wrapper of tensorflow to build model easily.
All the codes above are available on my github.
https://github.com/NySunShine/fusion-net
PyData Frankfurt - (Efficient) Data Exchange with "Foreign" EcosystemsUwe Korn
As a Data Scientist/Engineer in Python, we focus in our work to solve problems with large amounts of data but still stay in Python. This is where we are the most effective and feel comfortable. Libraries like Pandas and NumPy provide us with efficient interfaces to deal with this data while still getting optimal performance. The main problem appears when we have to deal with systems outside of our comfort ecosystem. We need to write cumbersome and mostly slow conversion code that ingests data from there into our pipeline until we can work efficiently. Using Apache Arrow and Parquet as base technologies, we get a set of tools that eases this interaction and also brings us a huge performance improvement. As part of the talk we will show a basic problem where we take data coming from a Java application through Python into using these tools.
Presentation to a combined meetup of Bay Area Lisp and Bay Area Clojure groups. Presented three Clojure projects at BackType:
Cascalog - Batch processing in Clojure
ElephantDB - Database written in Clojure
Storm - Distributed, fault-tolerant, reliable stream processing and RPC
En esta charla se abordarán los diversos retos que se presentan cuando se requieren diseñar APIs REST usando la JVM. Los retos que se deben afrontar son diversos y cada uno de ellos tiene su contexto y complejidad.
Contrato del API. ¿Cómo no romper el API? ¿Cómo proveer soporte para diversas versiones? ¿Cómo documentar?
Modelo de programación del API. ¿Qué tipo de REST hacer? ¿Qué framework elegir? ¿Qué lineamientos de desarrollo seguir? ¿Debemos crear un cliente del API? ¿Debemos generar clientes del API para dispositivos móviles?
¿Debe ser mi API distribuida? ¿Necesito interactuar con sistemas externos? ¿Cómo debe mi API soportar caídas de sistemas externos? ¿Qué es eso de resiliencia? ¿Debe ser mi API residente por diseño?
¿Debo soportar altas cargas de tráfico en cortos períodos de tiempo? ¿Cómo diseño mi API para que sea escalable? ¿Cómo implemento alta disponibilidad? ¿Debo correr en la nube para escalar automáticamente? ¿Cómo hago escalamiento de mi API si no corro en la nube?
¿Cómo despliego mi API? ¿Debo resolver el aprovisionamiento de recursos que mi API necesita? ¿Qué es eso de Linux Containers? ¿Me sirve Docker para correr mi API? ¿Cómo ejecuto mi API en mi ambiente local?
MLOps for living: Infrastructure-as-Code on AWSAntonChernov9
MLOps is a set of engineering practices for configuring machine learning-enabled systems to finally get the cloud infrastructure under control. Have you ever wondered what’s idempotence and a declarative approach to infrastructure and why environment drift is a thing of the past? 🤯
Srihitha Technologies provides J2EE Online Training in Ameerpet by real time Experts. For more information about J2EE online training in Ameerpet call 9885144200 / 9394799566.
Challenges in Maintaining a High Performance Search Engine Written in Javalucenerevolution
Presented by Simon Willnauer | Apache Lucene - See conference video - http://www.lucidimagination.com/devzone/events/conferences/lucene-revolution-2012
During the last decade Apache Lucene became the de-facto standard in open source search technology. Thousands of applications from Twitter Scale Webservices to Computers playing Jeopardy rely on Lucene, a rock-solid, scaleable and fast information-retrieval library entirely written in Java. Maintaining and improving such a popular software library reveals tough challenges in testing, API design, data-structures, concurrency and optimizations. This talk presents the most demanding technical challenges the Lucene Development Team has solved in the past. It covers a number of areas of software development including concurrency & parallelism, testing infrastructure, data-structures, algorithms, API designs with respect to Garbage Collection, and Memory efficiency and efficient resource utilization. This talk doesn’t require any Apache Lucene or information-retrieval background in general. Knowledge about the Java programming language will certainly be helpful while the problems and techniques presented in this talk aren’t Java specific.
Coding Secure Infrastructure in the Cloud using the PIE frameworkJames Wickett
At National Instruments, we have developed an automation and provisioning framework called PIE (Programmable Infrastructure Environment) that we use daily on our devops team. Similar tools are available such as chef or puppet, but what makes PIE unique is its ability to work in multi-cloud deployments (Azure and AWS) along with multiple node OS types (linux and windows). It uses zookeeper to keep state and track dependencies across nodes and services.
When building PIE we actively considered how to implement it in a Rugged way for a DevOps team. As noted in the deck on slide 68, we are Rugged by Design and Devops by Culture. We see these as intersecting domains that have the ability to impact each other. For more info see ruggeddevops.org
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
5. With more than 30 million streaming members in
the United States, Canada, Latin America, the
United Kingdom, Ireland and the Nordics, Netflix is
the world's leading internet subscription service for
enjoying movies and TV programs streamed over
the internet to PCs, Macs and TV.
Source: http://ir.netflix.com
Tweet @jedberg with feedback!
6. The Netflix Way
• Everything is “built for three”
• Fully automated build tools to test and
make packages
• Fully automated machine image bakery
• Fully automated image deployment
• Independent teams responsible for
both Dev and Ops
Tweet @jedberg with feedback!
9. Automate all the things!
• Application startup
• Configuration
• Code deployment
• System deployment
Tweet @jedberg with feedback!
10. Automation
• Standard base image
• Tools to manage all the systems
• Automated code deployment
Tweet @jedberg with feedback!
11. Shared state should be
stored in a shared service
Data on an instance should
be replicated to other
instances
Tweet @jedberg with feedback!
12. “Build for Three”
We hold a boot camp for new engineers to teach them how
to build for a highly distributed environment.
Tweet @jedberg with feedback!
14. Netflix on AWS
2012 2012 2012
IPv6 IPv6 IPv6
Open Connect
Tweet @jedberg with feedback!
15. Highly aligned, loosely coupled
• Services are built by different teams
who work together to figure out what
each service will provide.
• The service owner publishes an API
that anyone can use.
Tweet @jedberg with feedback!
16. Advantages to a Service
Oriented Architecture
• Easier auto-scaling
• Easier capacity planning
• Identify problematic code-paths more easily
• Narrow in the effects of a change
• More efficient local caching
Tweet @jedberg with feedback!
17. Freedom and Responsibility
• Developers deploy when they want
• They also manage their own capacity
and autoscaling
• And fix anything that breaks at 4am!
Tweet @jedberg with feedback!
18. All systems choices assume
some part will fail at some
point.
Tweet @jedberg with feedback!
19. The Monkey Theory
• Simulate things
that go wrong
• Find things that
are different
Tweet @jedberg with feedback!
20. Execution
Photo from I, Robot, copyright 20th Century Fox
Tweet @jedberg with feedback!
21. Netflix built a global PaaS
• Service Oriented
Architecture
• HTTP/Rest interfaces
between services
Tweet @jedberg with feedback!
22. Netflix PaaS features
• Supports all regions and zones
• Multiple accounts
• Cross region/account replication
• Internationalized, localized and GeoIP routed
• Advanced key management
• Autoscaling with 1000s of instances
• Monitoring and alerting on millions of metrics
Tweet @jedberg with feedback!
23. What AWS Provides
• Instances
• Machine Images
• Elastic IPs
• Load Balancers
• Security groups / Autoscaling groups
• Availability zones and regions
Tweet @jedberg with feedback!
24. Linux Base AMI (CentOS or Ubuntu)
Optional
Java (JDK 6 or 7)
Apache
Appdynamics
App Agent
Monitoring monitoring Tomcat
Log Rotation
to S3 Application war file, base Healthcheck, status
GC and servlet, platform, interface servelets, JMX interface,
Appdynamics thread dump jars for dependent services Servo autoscale
Machine Agent logging
Tweet @jedberg with feedback!
25. The Netflix Platform
Discovery
(Eureka)Entrypoints Circut Breakers (Hystrix)
(Edda)Configuration Cassandra (Priam &
(Archaius) Astyanax & CassJMeter)
Zookeeper (Exhibitor) Cryptex
logging (Blitz4j & Honu) AKMSEvCache
NIWS Proxiesi18n
Geo L10n
Base Open Source
Tweet @jedberg with feedback!
27. N
ov C
D r u ra
e to
c
20
12 A
x sty
Fe an
b S
Tweet @jedberg with feedback!
o er a
M Pr v
ar m ia
C
A e r as
sJ
pr
Ex M
M r hi
b
et
a
y ito
Ju
n A
s rch
Ju A a
l d sg iu
ar
C
A
Open Source at Netflix
M ha
Edda
Blitz4j
ug
Hystrix
on os
ke
Governator
Se y
p Eu
a re
O k
ct
28. Finding things
• Discovery (Eureka)
• Application to instance mapping
• Heartbeat to keep track of health
• Entrypoints (Edda)
• Local database of AWS resources
• NIWS (Netflix Internal Web Service)
• On instance software load balancer
• Handles retry logic
• Geo (Geolocation library)
• Provides IP to Lat/Lon mapping for any service that needs it.
Tweet @jedberg with feedback!
29. Entrypoints (Edda)
• REST API
• GET /REST/v2/instance/$id
• Keeps track of all resources
• Autoscaling groups, EIPs, Instances,
Applications, Clusters, History
Tweet @jedberg with feedback!
30. Entrypoints Exploration
Find all active instances GET /REST/v2/view/instances
Find all instances in a GET /REST/v2/group/clusters
cluster
Show only ASG name, /v2/aws/autoScalingGroups/edda-v123;_pp:
(autoScalingGroupName,instances:
instance ID and health (instanceId,lifecycleState))
Which ASG contains a /v2/aws/autoScalingGroups;instances.instanceId=i-
96f3ca3a
particular instance?
Tweet @jedberg with feedback!
31. Keeping it all Straight
• Configuration (Archaius)
• Global variables (Fast properties)
• Base
• Base system. Prod vs. Test, etc
• Zookeeper (Curator)
• Locks, other similar coordination
• Logging (Blitz4j and Honu)
• Keep track of what happened and store it for
post analysis.
Tweet @jedberg with feedback!
32. Keeping it Secure
• Cryptex
• Service for key management
• High, medium and low value keys
• AKMS (Amazon Key Management System)
• Hands out keys to instances (and dev boxes) so
they don’t have to store the key on the instance
Tweet @jedberg with feedback! For more info, see SEC201: Security Panel
33. Storing it
• Cassandra (Priam, astyanax)
• Configure and access Cassandra
• Provide OO abstractions handle
connection pooling, discovery of hosts
• EVCache (Eccentric Volatile Cache)
• Wrapper for memcached to handle zone
awareness and replication
• Proxies
• Get data out of the datacenter and into
the cloud.
Tweet @jedberg with feedback!
34. Data
What do we do with it all?
Tweet @jedberg with feedback!
35. We store it!
• Cache (memcached)
• Cassandra
• RDS (MySql)
Tweet @jedberg with feedback!
51. Netflix has moved the
granularity from the
instance to the cluster
Tweet @jedberg with feedback!
52. Why Bake?
Traditional:
•launch OS Generic AMI
•install packages Instance
•install app
Netflix:
•launch OS+app
App AMI Instance
Tweet @jedberg with feedback!
53. Getting Baked
Artifactory
Artifactory app bundles
Ivy
snapshot / release
libraries
libraries / apps
Jenkins
Jenkins resolve
resolve test
test publish
publish
sync
sync compile
compile build
build report
report
source
Perforce / /Git
Perforce Git Ant targets Groovy all over
Tweet @jedberg with feedback!
54. Base Image
Baking S3 / EBS
foundation
foundation
AMI
AMI
Linux: CentOS, Fedora, Ubuntu
base
base
AMI
AMI
mount snapshot
Ready
for
Yum // Apt
Yum Apt app
install Bakery
Bakery bake
AWS
RPMs: Apache, Java...
ec2 slave instances
Tweet @jedberg with feedback!
55. App Image
Baking S3 / EBS
base AMI
base AMI
Linux, Apache, Java, Tomcat
app
app
AMI
AMI
mount snapshot
Jenkins // Yum //
Jenkins Yum Ready
Artifactory
Artifactory
to launch!
install Bakery
Bakery
AWS
app bundle
ec2 slave instances
Tweet @jedberg with feedback!
56. Linux Base AMI (CentOS or Ubuntu)
Optional
Java (JDK 6 or 7)
Apache
Appdynamics
App Agent
Monitoring monitoring Tomcat
Log Rotation
to S3 Application war file, base Healthcheck, status
GC and servlet, platform, interface servelets, JMX interface,
Appdynamics thread dump jars for dependent services Servo autoscale
Machine Agent logging
Tweet @jedberg with feedback!
57. Linux Base AMI (CentOS or Ubuntu)
Optional
Java (JDK 6 or 7)
Apache
Appdynamics
App Agent
Monitoring monitoring JBoss
Log Rotation
to S3 Application war file, base Healthcheck, status
GC and servlet, platform, interface servelets, JMX interface,
Appdynamics thread dump jars for dependent services Servo autoscale
Machine Agent logging
Tweet @jedberg with feedback!
58. Linux Base AMI (CentOS or Ubuntu)
Optional
Python
Apache
monitoring
Monitoring Django
Log Rotation
to S3 Application file, base
server, platform, interface
Appdynamics logging libs for dependent services
Machine Agent
Tweet @jedberg with feedback!
59. The Monkey Theory
• Simulate things
that go wrong
• Find things that
are different
Tweet @jedberg with feedback!
60. The simian army
• Chaos -- Kills random instances
• Chaos Gorilla -- Kills zones
• Chaos Kong -- Kills regions
• Latency -- Degrades network and injects faults
• Conformity -- Looks for outliers
• Circus -- Kills and launches instances to maintain zone balance
• Doctor -- Fixes unhealthy resources
• Janitor -- Cleans up unused resources
• Howler -- Yells about bad things like Amazon limit violations
• Security -- Finds security issues and expiring certificates
Tweet @jedberg with feedback! For more info, see ARC301: Intro to Chaos Monkey & the Simian Army
65. Alert Systems
CORE
CORE
Atlas Event
Event
Paging
Paging
Service
Gateway Service
alerting
Gateway
alerting
CORE
CORE
Appdynamics Agent Amazon
Amazon
Agent SES
api
SES
api
CORE
CORE
Agent
Agent
api
api
Other
Other
Team’ss
Team’
Agent
Agent
Tweet @jedberg with feedback!
68. Data Collection Pipeline
Data Processing Pipeline
Text
Tweet @jedberg with feedback! For more info, see BDT303: Data Science with Elastic MapReduce
71. Incident Reviews
Ask the key questions:
• What went wrong?
• How could we have detected it sooner?
• How could we have prevented it?
• How can we prevent this class of
problem in the future?
• How can we improve our behavior for
next time?
Tweet @jedberg with feedback!
72. Best Practices for Data
• Have multiple copies of all data
• Keep those copies in multiple AZs
• Avoid keeping state on a single instance
• Take frequent snapshots of EBS disks
• No secret keys on the instance
Tweet @jedberg with feedback!
73. Netflix autoscaling
2
Deployment
Text
1
Traffic Peak
Tweet @jedberg with feedback!
74. AWS Usage
Dollar amounts have been carefully removed
Tweet @jedberg with feedback!
78. Leveraging Multi-region
• 100% uptime is theoretically possible.
• You have to replicate your data
• This will cost money
Tweet @jedberg with feedback!
79. Circuit Breakers (Hystrix)
Be liberal in what you accept, strict in what you send
Tweet @jedberg with feedback!
80. Just a quick reminder...
• (Some of) Netflix is open source:
• https://github.com/netflix
Tweet @jedberg with feedback!
81. We are sincerely eager to
hear your feedback on this
presentation and on re:Invent.
Please fill out an evaluation
form when you have a
chance.
83. Getting in touch
Email: jedberg@{gmail,netflix}.com
Twitter: @jedberg
Web: www.jedberg.net
Facebook: facebook.com/jedberg
Linkedin: www.linkedin.com/in/jedberg
Tweet @jedberg with feedback!
Editor's Notes
My friends Joe and Carl already told you about Nac and our build system. This allows the devs to take control of their deployment. Each team is responsible for their own deployments and uptime. When something breaks, we have a system that lets us page a team who then gets on and fixes their stuff. Each team is responsible for their own destiny. So how do we stay reliable when we have no control? Information.
Automate as much as you can
The more automated things are, the easier it is to be a sysadmin. Application startup Configuration Code deployment Full system deployment The more automated things are, the easier it is to scale especially in a virtualized environment with auto-scaling And virtualized computing added the last bit, the ability to automate system deployment. (Ok, that ’ s not entirely true, but watch me wave my hands and say it is)
In most places, you have this. Standard image with tools to manage the systems and the deployment.
By building for three, you can reasonably lose one of your instances and still be stable.
replication factor quorum reads / writes
In most systems, you worry about the software and installing it on an OS. At Netflix, the smallest thing we worry about is the instance image, which lives in a cluster. We ’ ve essentially built a platform for doing automated deployment of Java code (and some Python too!)
So, why do we bake custom images instead of just using Puppet or Chef to deploy packages dynamically to launched generic machines? We like to front-load the full machine assembly to build time, instead of waiting until deployment time. We do this because: • More Reliable: less systems that can fail at deploy time right when we need them most. • Faster Launch: means quicker reaction to load increases, e.g. autoscaling up can be more precise. • Single image: produces exactly homogeneous clusters. No file/package version skew across machines in a cluster
OK, back to the build pipeline again. We have a vague “ app bundles ” output in this diagram. Let ’ s delve into how we manage the application bundle artifacts in more detail.
The first step of the baking process is to create the “ base ” image that we will use for baking all app images. This is done once every week or two. We start with a standard Linux distro as a foundation (CentOS now, Ubuntu on the way), and add in our favorite, our custom and customized packages: • Apache, Java (JDK 6 and 7), Tomcat, Perl, Python, provisioning and startup scripts, log management tools, monitoring agents, etc. The end result is a beefed-up OS image that is ready to go, and just needs an app added.
The first step of the baking process is to create the “ base ” image that we will use for baking all app images. This is done once every week or two. We start with a standard Linux distro as a foundation (CentOS now, Ubuntu on the way), and add in our favorite, our custom and customized packages: • Apache, Java (JDK 6 and 7), Tomcat, Perl, Python, provisioning and startup scripts, log management tools, monitoring agents, etc. The end result is a beefed-up OS image that is ready to go, and just needs an app added.
Gateway classifies and routes events based on severity and the systems involved. The gateway currently processes around 48K events a day
(step through) here are some best practices we ’ ve learned over the last year with EC2. Some of these we follow well, and some we need to follow better.
At Netflix we use autoscaling the help manage reliability and cost. Here is one of our clusters scaling up and down. We are tuning for the holidays, so you can see parts where we are doing squeeze tests and adjusting the scaling speed and values.
Amazon will help you as well. One way they do this is by providing zones. Each zone is like an island that is loosely connected to the other zones, but mostly distinct.
So how do you get better than 99.95% uptime? Multiple zones! By spreading your systems out across multiple zones, you should be able to withstand the failure of one zone. In a little bit, I ’ ll go over how reddit and Netflix used a multizone strategy to survive outages.
Amazon, as well as other providers, offer multiple regions as well. Regions are essentially like separate providers with the same featureset. Your data does not get shared across regions
You can contact me in one of these ways, or ask your question now. thank you.