An overview of one of the worlds largest content delivery networks, how it is used for accerlation of websites and applications for dynamic and static content. We will cover recent feature additions including integration of the new AWS WAF and other security features.
Conclusion Code Cafe - Microcks for Mocking and Testing Async APIs (January 2...Lucas Jellema
Microcks is a tool for API Mocking and Testing. In this presentation an overview of the support in Microcks for asynchronous APIs - the event publishing and consuming behavior of services and applications
An overview of one of the worlds largest content delivery networks, how it is used for accerlation of websites and applications for dynamic and static content. We will cover recent feature additions including integration of the new AWS WAF and other security features.
Conclusion Code Cafe - Microcks for Mocking and Testing Async APIs (January 2...Lucas Jellema
Microcks is a tool for API Mocking and Testing. In this presentation an overview of the support in Microcks for asynchronous APIs - the event publishing and consuming behavior of services and applications
Migrating Oracle to Aurora PostgreSQL Utilizing AWS Database Migration Servic...Amazon Web Services
Appriss creates actionable information and insights gained from their data and analytics solutions, their customers are able to more effectively save lives, mitigate fraud, and reduce risk. They call it “knowledge for good”. One of the many challenges facing Appriss was how to migrate a multi-terabyte Oracle database from one of their own data centers into AWS with minimal disruption to their applications and customers while reducing cost and not sacrificing security, availability, and reliability. This session provides an overview and demo of Aurora PostgreSQL and AWS Database Migration Service (DMS) as Appriss discusses their primary drivers for choosing the combination, preparation, challenges faced throughout the process, results, and future plans.
This session will introduce you to Amazon Rekognition, a service that makes it easy to add deep learning image analysis to your applications. Amazon Rekognition is based on the same proven, highly scalable, deep learning technology developed by Amazon’s
Double Redundancy with AWS Direct Connect - Pop-up Loft Tel AvivAmazon Web Services
AWS Direct Connect provides low latency and high performance connectivity to the AWS cloud by allowing the provision of physical fiber from the customer’s location or data center into AWS Direct Connect points of presence. This session covers design considerations around AWS Direct Connect solutions. We will discuss how to design and configure physical and logical redundancy using both physically redundant fibers and logical VPN connectivity, and includes a live demo showing both the configuration and the failure of a doubly redundant connectivity solution. This session is for network engineers/architects, technical professionals, and infrastructure managers who have a working knowledge of Amazon VPC, Amazon EC2, general networking, and routing protocols.
This is the presentation used for the Amazon Web Services 101 event in Seoul.
The video has been produced by Simone Brunozzi, AWS Technology Evangelist, APAC.
You can reach him on Twitter: http://twitter.com/simon
클라우드의 전개 유형별 특징을 살펴보고 클라우드로 전환하기 위해 고려해야 할 사항과 실제 사례를 공유합니다.
목차
1. 클라우드 세상
2. 클라우드 유형
3. 클라우드 도입 전략
4. 고객 사례
5. 요약
대상
- 클라우드에 관심이 있는 분
- 클라우드 전환을 고려하시는 분
- 잠깐 휴식을 취하고 싶은 개발자
Best Practices for Backup and Recovery: Windows Workload on AWS Amazon Web Services
Backing up Windows workloads can be a challenge, and cumbersome for many companies. Backup and recovery for Windows workloads on AWS, however, can be easy. This session will cover best practices for backup and recovery, how to configure Windows workloads to back up to AWS; pitfalls to look out for; and recommended reference architectures.
AWS Business Essentials helps IT business leaders and professionals understand the benefits of cloud computing and how a cloud strategy can help you meet your business objectives. In this course we discuss the advantages of cloud computing for your business and the fundamentals of AWS, including financial benefits. This course also introduces you to successful cloud adoption frameworks so to help you consider the AWS platform within your cloud computing strategy. We have broken this training into 3 parts during the event, in order to complete the training please plan to attend all 3 sessions.
에이슬립은 AI 모델로 수면을 정확하게 분석하여 맞춤형 수면 서비스를 제공하는 SaaS 서비스를 제공합니다. 본 세션에서는 SaaS 서비스 인증 및 권한제어, 사용량 측정 등 필수적인 기능을 AWS 기반 서버리스 서비스를 통해 제공하여 데이터베이스 부하 없이 대규모 트래픽에도 견딜 수 있는 아키텍처를 소개합니다.
매드업은 디지털 마케팅 자동화 솔루션을 개발 및 운영하면서 대용량 데이터를 수집, 가공해서 데이터웨어하우스를 만드는 도전이 있습니다. 본 세션에서는 기존의 Amazon Athena에서 어떻게 Amazon Redshift Serverless를 통해 데이터가 필요한 조직에 정확하게 공급했는지 그 사례와 장단점을 소개합니다.
¿Quiere conocer aspectos fundamentales de AWS o ampliar su experiencia?
Acompáñenos en este webinar en donde podrá adquirir conocimientos acerca de herramientas de administración, productividad, seguridad, identidad y conformidad.
Obtenga más información sobre las soluciones y los productos de la nube de AWS e información general sobre la informática en la nube.
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...Amazon Web Services Korea
CJ프레시웨이는 경영환경과 업무체제의 변화에 발 빠르게 대응하고 비용 절감 효과를 극대화하기 위해 Infra, Application, DataBase 의 Modernization 을 수행하였습니다. 실제 프로젝트 전환 담당자를 통해 ROI 극대화 및 IT 환경 Modernization 에 대한 사례를 자세히 알아보도록 하겠습니다.
Now that you have assembled the delivery team, it's time to gain insights from the methodology and the various tools that AWS uses to help customers migrate their Data Centres to AWS. This session highlights some of the key native AWS tools and services that organisations are using to migrate their DCs into the Cloud.
Speaker: Shane Baldacchino, Solutions Architect, Amazon Web Services
Re-Host or Re-Architect: Understanding the Why and How of Very Different Path...Amazon Web Services
Re-Host or Re-Architect: Understanding the Why and How of Very Different Paths to Cloud Success
This session provides a framework to evaluate the most commonly used migration approaches and helps your organisation choose the right path for each application. Explore the 6 Rs of application migration before diving into the benefits of re-architecting including: faster time to market, more resilient architecture, developing a flexible platform for future development, and innovation.
Greg Sporton, Solutions Architect, Amazon Web Services
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...Amazon Web Services Korea
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기
김일호 솔루션즈 아키텍트 매니저, AWS
AWS Lambda는 서버리스 아키텍처의 핵심 서비스입니다. 본 세션에서는 AWS Lambda에 내부 동작 방식을 소개하고, Lambda Layer, 맞춤형 런타임 등 신규로 소개된 기능 및 사용시 도움이 되는 성능 및 확장을 위한 다양한 팁들을 소개합니다.
A bit of history, frustration-driven development, and why and how we started looking into Puppet at Opera Software. What we're doing, successes, pain points and what we're going to do with Puppet and Config Management next.
Migrating Oracle to Aurora PostgreSQL Utilizing AWS Database Migration Servic...Amazon Web Services
Appriss creates actionable information and insights gained from their data and analytics solutions, their customers are able to more effectively save lives, mitigate fraud, and reduce risk. They call it “knowledge for good”. One of the many challenges facing Appriss was how to migrate a multi-terabyte Oracle database from one of their own data centers into AWS with minimal disruption to their applications and customers while reducing cost and not sacrificing security, availability, and reliability. This session provides an overview and demo of Aurora PostgreSQL and AWS Database Migration Service (DMS) as Appriss discusses their primary drivers for choosing the combination, preparation, challenges faced throughout the process, results, and future plans.
This session will introduce you to Amazon Rekognition, a service that makes it easy to add deep learning image analysis to your applications. Amazon Rekognition is based on the same proven, highly scalable, deep learning technology developed by Amazon’s
Double Redundancy with AWS Direct Connect - Pop-up Loft Tel AvivAmazon Web Services
AWS Direct Connect provides low latency and high performance connectivity to the AWS cloud by allowing the provision of physical fiber from the customer’s location or data center into AWS Direct Connect points of presence. This session covers design considerations around AWS Direct Connect solutions. We will discuss how to design and configure physical and logical redundancy using both physically redundant fibers and logical VPN connectivity, and includes a live demo showing both the configuration and the failure of a doubly redundant connectivity solution. This session is for network engineers/architects, technical professionals, and infrastructure managers who have a working knowledge of Amazon VPC, Amazon EC2, general networking, and routing protocols.
This is the presentation used for the Amazon Web Services 101 event in Seoul.
The video has been produced by Simone Brunozzi, AWS Technology Evangelist, APAC.
You can reach him on Twitter: http://twitter.com/simon
클라우드의 전개 유형별 특징을 살펴보고 클라우드로 전환하기 위해 고려해야 할 사항과 실제 사례를 공유합니다.
목차
1. 클라우드 세상
2. 클라우드 유형
3. 클라우드 도입 전략
4. 고객 사례
5. 요약
대상
- 클라우드에 관심이 있는 분
- 클라우드 전환을 고려하시는 분
- 잠깐 휴식을 취하고 싶은 개발자
Best Practices for Backup and Recovery: Windows Workload on AWS Amazon Web Services
Backing up Windows workloads can be a challenge, and cumbersome for many companies. Backup and recovery for Windows workloads on AWS, however, can be easy. This session will cover best practices for backup and recovery, how to configure Windows workloads to back up to AWS; pitfalls to look out for; and recommended reference architectures.
AWS Business Essentials helps IT business leaders and professionals understand the benefits of cloud computing and how a cloud strategy can help you meet your business objectives. In this course we discuss the advantages of cloud computing for your business and the fundamentals of AWS, including financial benefits. This course also introduces you to successful cloud adoption frameworks so to help you consider the AWS platform within your cloud computing strategy. We have broken this training into 3 parts during the event, in order to complete the training please plan to attend all 3 sessions.
에이슬립은 AI 모델로 수면을 정확하게 분석하여 맞춤형 수면 서비스를 제공하는 SaaS 서비스를 제공합니다. 본 세션에서는 SaaS 서비스 인증 및 권한제어, 사용량 측정 등 필수적인 기능을 AWS 기반 서버리스 서비스를 통해 제공하여 데이터베이스 부하 없이 대규모 트래픽에도 견딜 수 있는 아키텍처를 소개합니다.
매드업은 디지털 마케팅 자동화 솔루션을 개발 및 운영하면서 대용량 데이터를 수집, 가공해서 데이터웨어하우스를 만드는 도전이 있습니다. 본 세션에서는 기존의 Amazon Athena에서 어떻게 Amazon Redshift Serverless를 통해 데이터가 필요한 조직에 정확하게 공급했는지 그 사례와 장단점을 소개합니다.
¿Quiere conocer aspectos fundamentales de AWS o ampliar su experiencia?
Acompáñenos en este webinar en donde podrá adquirir conocimientos acerca de herramientas de administración, productividad, seguridad, identidad y conformidad.
Obtenga más información sobre las soluciones y los productos de la nube de AWS e información general sobre la informática en la nube.
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...Amazon Web Services Korea
CJ프레시웨이는 경영환경과 업무체제의 변화에 발 빠르게 대응하고 비용 절감 효과를 극대화하기 위해 Infra, Application, DataBase 의 Modernization 을 수행하였습니다. 실제 프로젝트 전환 담당자를 통해 ROI 극대화 및 IT 환경 Modernization 에 대한 사례를 자세히 알아보도록 하겠습니다.
Now that you have assembled the delivery team, it's time to gain insights from the methodology and the various tools that AWS uses to help customers migrate their Data Centres to AWS. This session highlights some of the key native AWS tools and services that organisations are using to migrate their DCs into the Cloud.
Speaker: Shane Baldacchino, Solutions Architect, Amazon Web Services
Re-Host or Re-Architect: Understanding the Why and How of Very Different Path...Amazon Web Services
Re-Host or Re-Architect: Understanding the Why and How of Very Different Paths to Cloud Success
This session provides a framework to evaluate the most commonly used migration approaches and helps your organisation choose the right path for each application. Explore the 6 Rs of application migration before diving into the benefits of re-architecting including: faster time to market, more resilient architecture, developing a flexible platform for future development, and innovation.
Greg Sporton, Solutions Architect, Amazon Web Services
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기 - 김일호 솔루션즈 아키텍트 매니저, AWS :: AWS Summit ...Amazon Web Services Korea
AWS Lambda 내부 동작 방식 및 활용 방법 자세히 살펴 보기
김일호 솔루션즈 아키텍트 매니저, AWS
AWS Lambda는 서버리스 아키텍처의 핵심 서비스입니다. 본 세션에서는 AWS Lambda에 내부 동작 방식을 소개하고, Lambda Layer, 맞춤형 런타임 등 신규로 소개된 기능 및 사용시 도움이 되는 성능 및 확장을 위한 다양한 팁들을 소개합니다.
A bit of history, frustration-driven development, and why and how we started looking into Puppet at Opera Software. What we're doing, successes, pain points and what we're going to do with Puppet and Config Management next.
Automating aws infrastructure and code deployments using Ansible @WebEngageVishal Uderani
In this talk , we’ll cover how and why Ansible was leveraged to automate routine management of EC2 instances/EBS/EIP/ELB etc and why the Ansible approach towards automation is key for code and system deployments across 100’s of nodes and how we achieved this at Webengage. We will provide an overview of the deployment process and give a demonstration as an example
Outlines :
How ansible is a straightforward , easy way to manage multiple cloud resources
Intended Audience :
Previous experience with configuration management systems
Previous experience with AWS and Ansible
In this talk, Phil and Michael will talk about how Docker was extended from x86 Linux to Windows, ARM and IBM’s z Systems mainframe and Power platforms. They will cover the work and architecture that makes it possible to run Docker on different CPU architectures and operating systems; How porting Docker to a new OS is different from porting it to new hardware; What it means for a Docker image to be multi-arch (and how are multi-arch images built and maintained); How does Docker correctly deploy and schedule apps on heterogeneous swarms.
Phil and Michael will also demo some of the new features that let Docker Enterprise Edition manage swarms with both x86 Linux and Windows nodes as well as mainframes.
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Yevgeniy Brikman
This is a talk about managing your software and infrastructure-as-code that walks through a real-world example of deploying microservices on AWS using Docker, Terraform, and ECS.
OpenCloudDay 2014: Deploying trusted developer sandboxes in Amazon's cloudNetcetera
This talk describes an automated trusted remote Java development sandbox hosted in the amazon cloud that uses strong encryption for system authentication and file system services. Security-conscious users can trust that their application intellectual property won't be leaked while trusting neither the cloud provider nor the operators who deploy and maintain the cloud-based sandbox service.
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage Linux Containers. Containers use less resources than virtual machines, they boot faster, but they have similar guarantees of portability and repeatability for Linux applications. Those features made Docker and Linux Containers extremely popular for development and testing environments. But what does it take to use Docker and Containers for production workloads?
One-Man Ops with Puppet & Friends.
If you're getting started in Amazon AWS here's 7 tools that will help you be successful, a few tips to make your life easier and some common pitfalls to avoid.
Bare Metal to OpenStack with Razor and ChefMatt Ray
Slides from the OpenStack Spring 2013 Summit workshop presented by Egle Sigler (@eglute) and Matt Ray (@mattray) from Rackspace and Opscode respectively. Please refer to http://anystacker.com/ for additional content.
Build Your Own CaaS (Container as a Service)HungWei Chiu
In this slide, I introduce the kubernetes and show an example what is CaaS and what it can provides.
Besides, I also introduce how to setup a continuous integration and continuous deployment for the CaaS platform.
Running Kubernetes at scale is challenging and you can often end up in situations where you have to debug complex and unexpected issues. This requires understanding in detail how the different components work and interact with each other. Over the last 3 years, Datadog migrated most of its workloads to Kubernetes and now manages dozens of clusters consisting of thousands of nodes each. During this journey, engineers have debugged complex issues with root causes that were sometimes very surprising. In this talk Laurent and Tabitha will share some of these stories, including a favorite: how a complex interaction between familiar Kubernetes components allowed an OOM-killer invocation to trigger the deletion of a namespace.
DNS is one of the Kubernetes core systems and can quickly become a source of issues when you’re running clusters at scale. For over a year at Datadog, we’ve run Kubernetes clusters with thousands of nodes that host workloads generating tens of thousands of DNS queries per second. It wasn’t easy to build an architecture able to handle this load, and we’ve had our share of problems along the way.
This talk starts with a presentation of how Kubernetes DNS works. It then dives into the challenges we’ve faced, which span a variety of topics related to load, connection tracking, upstream servers, rolling updates, resolver implementations, and performance. We then show how our DNS architecture evolved over time to address or mitigate these problems. Finally, we share our solutions for detecting these problems before they happen—and identifying misbehaving clients.
Kube-proxy enables access to Kubernetes services (virtual IPs backed by pods) by configuring client-side load-balancing on nodes. The first implementation relied on a userspace proxy which was not very performant. The second implementation used iptables and is still the one used in most Kubernetes clusters. Recently, the community introduced an alternative based on IPVS. This talk will start with a description of the different modes and how they work. It will then focus on the IPVS implementation, the improvements it brings, the issues we encountered and how we fixed them as well as the remaining challenges and how they could be addressed. Finally, the talk will present alternative solutions based on eBPF such as Cilium.
The Kubernetes audit logs are a rich source of information: all of the calls made to the API server are stored, along with additional metadata such as usernames, timings, and source IPs. They help to answer questions such as “What is overloading my control plane?” or “Which sequence of events led to this problematic situation?”. These questions are hard to answer otherwise—especially in large clusters. At Datadog, we have been running clusters with 1000+ nodes for more than a year and during that time, the audit logs have proved invaluable.
In this presentation, we will first introduce the audit logs, explain how they are configured, and review the type of data they store. Finally, we will describe in detail several scenarios where they have helped us to diagnose complex problems.
Running large Kubernetes clusters is difficult. Datadog has been running large-scale Kubernetes clusters (thousands of nodes) for more than a year and has learned several lessons the hard way.
Laurent Bernaille examines the challenges Datadog faced during this journey. He dives into problems that arise when you run large clusters—and, crucially, how to address them—by providing detailed examples based on Datadog’s experience across different cloud providers. You’ll explore complex runtime and networking issues: at scale you discover complex issues in low-level components that are very rare but happen regularly when you have a large number of nodes.
Additionally, Laurent provides examples of how to improve the architecture of clusters to increase scalability and performance, both on the control plane and the data plane (communication between pods and ingress traffic). If scale can be hard on the control plane, it’s even harder on tools from the ecosystem, which have rarely been tested on very large clusters. He explains several examples of the tools Datadog uses and how it had to improve them to handle its scale. And you’ll leave with practical advice on how to build a good relationship with the community and start contributing back.
Running large Kubernetes clusters is challenging. At large scales, practitioners need to adapt and tune both their architectures and component configurations in specialized ways.
Our organisation has been running large scale Kubernetes clusters (up to 2000 nodes, and growing) for more than a year, and we have learned several lessons the hard way. This talk will dive into complex runtime and networking issues that occur when running Kubernetes in production at scale. We will provide examples of how to improve the architecture of clusters to increase scalability and performance, both on the control plane and the data plane. Further, tools from the greater ecosystem will be examined, as they are rarely tested within the context of very large clusters.
Finally, the talk will also discuss the mutually beneficial relationship we built with the larger Kubernetes community by providing feedback on the tools and contributing both fixes and improvements upstream.
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...Laurent Bernaille
Kubernetes is a very powerful and complicated system, and many users don’t understand the underlying systems. Come learn how your users can abuse container runtimes, overwhelm your control plane, and cause outages - it’s actually quite easy!
In the last year, we have containerized hundreds of applications and deployed them in large scale clusters (more than 1000 nodes). The journey was eventful and we learned a lot along the way. We’ll share stories of our ten favorite Kubernetes foot guns, including the dangers of cargo culting, rolling updates gone wrong, the pitfalls of initContainers, and nightmarish daemonset upgrades. The talk will present solutions we adopted to avoid or work around some these problems and will finally show several improvements we plan deploy in the future.
Similar to the Kubecon talk with the same title with a few new incidents.
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!Laurent Bernaille
Kubernetes is a very powerful and complicated system, and many users don’t understand the underlying systems. Come learn how your users can abuse container runtimes, overwhelm your control plane, and cause outages - it’s actually quite easy!
In the last year, we have containerized hundreds of applications and deployed them in large scale clusters (more than 1000 nodes). The journey was eventful and we learned a lot along the way. We’ll share stories of our ten favorite Kubernetes foot guns, including the dangers of cargo culting, rolling updates gone wrong, the pitfalls of initContainers, and nightmarish daemonset upgrades. The talk will present solutions we adopted to avoid or work around some these problems and will finally show several improvements we plan deploy in the future.
Running large Kubernetes clusters is challenging. This talk focus on how you can optimize your network setup in clusters with 1000-2000 nodes. It discusses standard ingresses solutions and their drawbacks as well as potential solutions
This presentation describes the challenges we faced building, scaling and operating a Kubernetes cluster of more than 1000 nodes to host the Datadog applications
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
Serverless architectures are promising and will play an important role in the coming years but the ecosystem around serverless is still pretty young. We have been operating Lambda based applications for about a year and faced several challenges. In this presentation we share these challenges and propose some solutions to work around them.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
Most tools to recognize the application associated with network connections use well-known signatures as basis for their classification. This approach is very effective in enterprise and campus networks to pinpoint forbidden applications (peer to peer, for instance) or security threats. However, it is easy to use encryption to evade these mechanisms. In particular, Secure Sockets Layer (SSL) libraries such as OpenSSL are widely available and can easily be used to encrypt any type of traffic. In this paper, we propose a method to detect applications in SSL encrypted connections. Our method uses only the size of the first few packets of an SSL connection to recognize the application, which enables an early classification. We test our method on packet traces collected on two campus networks and on manually-encrypted traces. Our results show that we are able to recognize the application in an SSL connection with more than 85% accuracy.
The automatic detection of applications associated with network traffic is an essential step for network security and traffic engineering. Unfortunately, simple port-based classification methods are not always efficient and systematic analysis of packet payloads is too slow. Most recent research proposals use flow statistics to classify traffic flows once they are finished, which limit their applicability for online classification. In this paper, we evaluate the feasibility of application identification at the beginning of a TCP connection. Based on an analysis of packet traces collected on eight different networks, we find that it is possible to distinguish the behavior of an application from the observation of the size and the direction of the first few packets of the TCP connection. We apply three techniques to cluster TCP connections: K-Means, Gaussian Mixture Model and spectral clustering. Resulting clusters are used together with assignment and labeling heuristics to design classifiers. We evaluate these classifiers on different packet traces. Our results show that the first four packets of a TCP connection are sufficient to classify known applications with an accuracy over 90% and to identify new applications as unknown with a probability of 60%.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2. @eurobsdcon
Who am I?
2
Laurent Bernaille @d2si
• Linux background, getting to know OpenBSD
• Cloud enthusiast
• Love discovering, building (and breaking…) new things
@lbernail
3. @eurobsdcon
What is this presentation/demo about?
OpenBSD and AWS
• The first OpenBSD image and the ongoing work
• The integration in the AWS ecosystem
OpenBSD and microservices
• How we can leverage OpenBSD for cloud applications
• Examples and demo
OpenBSD and me
• A recent but interesting journey
4. @eurobsdcon
OpenBSD on AWS
First image by @ajacoutot (December 2015, in 5.9)
• Not straightforward due to Xen support (network, disk in particular)
• Intro: http://blog.d2-si.fr/2016/02/15/openbsd-on-aws/
• Details: https://github.com/ajacoutot/aws-openbsd
• More details: http://www.openbsd.org/papers/bsdcan2016-xen.pdf
=> The image worked, but without EBS (disk) support at first
=> Xen support was not perfect
An AWS hypervisor update broke the AMI (late 2016)
Fixed in 6.1, thanks to Mike Belopuhov and @esdenera
Many improvements in 6.2 (performances)
6. @eurobsdcon
Where does my public key come from?
AWS exposes a metadata web server at http://169.254.169.254
7. @eurobsdcon
OK but how did it get into authorized_keys?
Linux distributions rely on cloud-init
• http://cloudinit.readthedocs.io/
• Origin in ubuntu cloud
• Cloud-init does a lot of things and is very Linux specific
Enters ec2-init by @ajacoutot
• Minimal cloud-init implementation
• https://github.com/ajacoutot/aws-openbsd
When is it run?
• By netstart (very early in the boot process)
8. @eurobsdcon
A quick look at ec2-init
mock_pf open
if [[ $(mock meta-data/instance-id) != $(cat /var/db/ec2-init 2>/dev/null) ]]; then
ec2_instanceid
ec2_pubkey
ec2_hostname
ec2_userdata
ec2_fingerprints
sysclean
fi
mock_pf close
open pf to allow access to metadata server
check if already configured
write instance id to db file to set instance as "configured"
write public key in authorized_keys file
set hostname from AWS metadata
execute userdata (more on that later)
write rc.firsttime script to display ssh fingerprints after boot
clean up instance (remove old ssh keys, logs, dhcp data)
9. @eurobsdcon
What about this ec2-user?
Standard behavior on AWS
• No connection as root
• ec2-user is used for Amazon Linux, Redhat, Fedora, Centos, FreeBSD
• Debian uses "admin" and ubuntu, "ubuntu"
ec2-user has unlimited doas with "nopass"
$ cat /etc/doas.conf
permit nopass ec2-user
10. @eurobsdcon
Let's use this instance
Install terraform
$ pkg_info -Q terraform
terraform-0.9.2
$ doas pkg_add terraform
Terraform?
• Describe infrastructure components and build them
• « puppet » for infrastructure
• Alternatives: cloudformation / heat
OK let's set up something with it
$ doas pkg_add git
$ git clone git@github.com:lbernail/eurobsdcon2017.git
$ terraform init
$ terraform plan
$ terraform apply
11. @eurobsdcon
Under the hood
Bastion
eu-west-1a
Public subnets
Private subnets
eu-west-1b
Public subnets
Private subnets
resource "aws_vpc" "main" {
cidr_block = "10.100.0.0/16"
}
resource "aws_subnet" "public" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = "10.100.1.0/24"
tags { Name = "Main" }
}
resource "aws_instance" "bastion" {
ami = "${var.bastion_ami}"
instance_type = "t2.micro”
subnet_id = "${aws_subnet.public.id}"
vpc_security_group_ids = [ "${aws_security_group.bastion.id}" ]
tags { Name = "bastion" }
}
13. @eurobsdcon 13
Bastion
Public subnets
NAT
GW
Public subnets Public subnets
CAg
(UI)
CS
Let’s create a consul cluster
10.0.128.100
consul0
CS
10.0.129.100
consul1
CS
10.0.130.100
consul2
10.0.128.200
consul-agent
14. @eurobsdcon
A quick intro to consul
From Hashicorp (authors of vagrant, packer, terraform, vault)
Used for microservices
• Service discovery
• Key-value store for configuration
Resilient
• Distributed system
• Built on RAFT
16. @eurobsdcon
OK but how did it all get configured?
Userdata: script to bootstrap AWS instances (executed by ec2-init)
$ ftp -MVo - http://169.254.169.254/latest/user-data
#!/bin/sh
pkg_add consul
cat > /etc/consul.d/config.json <<EOF
{
"bootstrap_expect": 3,
"server": true,
"node_name": "consul0",
"retry_join_ec2" :
{
"tag_key": "ConsulCluster",
"tag_value": "Consul"
}
}
EOF
rcctl enable consul
cat >> /etc/rc.firsttime <<EOF
rcctl start consul
EOF
install consul
this node is a server called consul0
it will wait for 2 other servers to bootstrap cluster
rely on AWS API to discover members
- instances have a "tag"
- instances have a role granting them access to AWS APIs
"enable" writes to /etc/rc.conf.local
but rc parses rc.conf.local very early so consul won't start
=> we use rc.firsttime
17. @eurobsdcon
What can we do with this?
Dynamic VPN configuration with consul-template
• A companion tool to Consul
• Watches for key changes in Consul
• Generates a file from a template
• Optionally executes a command when the file changes
Let's build a VPN gateway
$ cd ../vpn
$ terraform init
$ terraform apply
18. @eurobsdcon 18
Bastion
Public subnets
NAT
GW
Public subnets Public subnets
CAg
(UI)
CS
New architecture
10.0.128.100
consul0
CS
10.0.129.100
consul1
CS
10.0.130.100
consul2
10.0.128.200
consul-agent
VPN
10.0.0.10
19. @eurobsdcon
What is this VPN server? 1/2
$ ftp -MVo - http://169.254.169.254/latest/user-data
#!/bin/sh
rcctl enable ipsec
rcctl enable isakmpd
rcctl set isakmpd flags -K
install -m 0600 /dev/null /etc/ipsec.conf
pkg_add consul
cat > /etc/consul.d/config.json <<EOF
{
"server": false,
"node_name": "vpn",
"retry_join_ec2" :
{
"tag_key": "ConsulCluster",
"tag_value": "Consul"
}
}
EOF
enable ipsec
install consul
configure it as a client
20. @eurobsdcon
What is this VPN server? 2/2
pkg_add consul-template
cat > /etc/consul-template.d/default.conf << EOF
consul {
address = "127.0.0.1:8500"
}
template {
source = "/etc/consul-template.d/ipsec.ctmpl"
destination = "/etc/ipsec.conf"
perms = 0600
command = "ipsecctl -f /etc/ipsec.conf || echo Invalid ipsec configuration"
}
EOF
# Template
cat > /etc/consul-template.d/ipsec.ctmpl << 'EOF'
{{ range tree "vpn" | explode -}}
{{ if and .cidrblock .endpoint .psk -}}
ike esp from 10.0.0.0/16 to {{ .cidrblock }}
peer {{ .endpoint }}
srcid 34.252.210.92
psk "{{ .psk }}"
{{ end -}}
{{ end }}
EOF
install consul-template
use local consul
Template configuration
- template file
- target
- command to execute on change
template file to generate ipsec.conf
21. @eurobsdcon
The template file
{{ range tree "vpn" | explode -}}
{{ if and .cidrblock .endpoint .psk -}}
ike esp from 10.0.0.0/16 to {{ .cidrblock }}
peer {{ .endpoint }}
psk "{{ .psk }}"
srcid 34.252.210.92
{{ end -}}
{{ end }}
get all keys under "vpn"
iterate over them
transform items in maps
if we have values for all necessary keys
generate ipsec configuration
configuration keys
local public IP (injected by terraform)
vpn/
/us/
/cidrblock = 172.30.0.0/16
/endpoint = 32.32.32.32
/psk = demo
ike esp from 10.0.0.0/16 to 172.30.0.0/16
peer 32.32.32.32
psk "demo"
srcid 34.252.210.92
22. @eurobsdcon
Let's look at this
$ consul members
$ rcctl check consul consul_template
$ cat /etc/consul-template.d/ipsec.ctmpl
$ doas cat /etc/ipsec.conf
$ doas ipsecctl -s all
23. @eurobsdcon
Building our VPN
Bastion
Public subnets
NAT
GW
Public subnets Public subnets
CAg
(UI)
CS
10.0.128.100
consul0
CS
10.0.129.100
consul1
CS
10.0.130.100
consul2
10.0.128.200
consul-agent
VPN
10.0.0.10
Ireland, 10.0.0.0/16
Virginia, 172.30.0.0/16
EIP: 34.252.210.92
Demo 172.30.x.y
allow ICMP from 10.0.0.0/16
24. @eurobsdcon
Conclusion and perspectives
What could be improved in this example
• Security of consul: SSL / ACL
My (limited) usage of OpenBSD on AWS
• VPN Gateways
• DNS proxies
• And now consul
• Many potential other use-cases
Look at / Fork the code of this demo on github
https://github.com/lbernail/eurobsdcon2017
Questions ? @lbernail