This talk (delivered at QConLondon 2016) covers the evolution of Coursera's nearline architecture, delves into our latest generation system, and then covers the flagship application of the architecture (evaluating programming assignments).
Amazon ECS at Coursera: A unified execution framework while defending against...Brennan Saeta
Coursera built a unified execution framework called Iguazu powered by Amazon ECS to reliably run batch, scheduled, and near-line jobs at scale. Iguazu addresses Coursera's needs for high efficiency, low maintenance, easy development and deployment, and cost effectiveness. GrID was also built to securely evaluate programming assignments by running untrusted code inside Docker containers on ECS, defending against attacks through limitations, monitoring, and modified ECS agents. The systems have supported thousands of job runs daily while protecting Coursera's platforms.
Combining R With Java For Data Analysis (Devoxx UK 2015 Session)Ryan Cuprak
Java is a general-purpose language and is not particularly well suited for performing statistical analysis. Special languages and software environments have been created by and for statisticians to use. Statisticians think about programming and data analysis much different from Java programmers. These languages and tools make it easy to perform very sophisticated analyses on large data sets easily. Tools, such as R and SAS, contain a large toolbox of statistical tools that are well tested, documented and validated. For data analysis you want to use these tools.
In this session we will provide an overview of how to leverage the power of R from Java. R is the leading open source statistical package/language/environment. The first part of the presentation will provide an overview of R focusing on the differences between R and Java at the language level. We’ll also look at some of the basic and more advanced tests to illustrate the power of R. The second half of the presentation will cover how to integrate R and Java using rJava. We’ll look at leverage R from the new Java EE Batching (JSR 352) to provide robust statistical analysis for enterprise applications.
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Amazon Web Services
With AWS, companies now have the ability to develop and run their applications with speed and flexibility like never before. Working with an infrastructure that can be 100 percent API driven enables businesses to use lean methodologies and realize these benefits. This in turn leads to greater success for those who make use of these practices. In this session, we talk about some key concepts and design patterns for continuous deployment and continuous integration, two elements of lean development of applications and infrastructures.
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...Amazon Web Services
Organizations around the globe are leveraging the cloud to accomplish world-changing missions. This session will address how AWS can help organizations put more money toward their mission and scale outreach and operations to achieve more with less. Hear some of AWS’s most advanced customers on how their organizations handle DevOps, continuous integration and deployment. Learn how these practices allow them to rapidly develop, iterate, test and deploy highly-scalable web applications and core operational systems on AWS. The discussion will focus on best practices, lessons learned, and the specific technologies and services they use.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1stYuc2.
Brennan Saeta covers aspects of Coursera’s architecture that enables them to rapidly build sophisticated features for their learning platform. Saeta discusses also their experience running containers in production, what works, what doesn’t, and why. He briefly touches upon container threat models, and how to architect a defense-in-depth strategy to mitigate both known and unknown vulnerabilities. Filmed at qconlondon.com.
Brennan Saeta is a Lead Infrastructure Engineer, leading the ‘Cour’ (core) group responsible for the development environment, core libraries, and the common infrastructure powering Coursera.
Continuous Integration and Deployment Best Practices on AWSDanilo Poccia
This document discusses best practices for continuous integration and deployment on AWS. It recommends using AWS services like CodeCommit for source code repositories, CodeBuild for continuous integration, CodeDeploy for deployments, and CodePipeline for automated workflows. Continuous integration helps catch bugs early by frequently integrating code changes. Continuous deployment further automates releasing code to production multiple times a day through feature flags and A/B testing, allowing for rapid iteration and feedback from real users.
Continuous Integration and Deployment Best Practices on AWSAmazon Web Services
AWS Summit 2014 Perth - Breakout 6
With AWS companies now have the ability to develop and run their applications with speed and flexibility like never before. Working with an infrastructure that can be 100% API driven enables businesses to use lean methodologies and realize these benefits. This in turn leads to greater success for those who make use of these practices. In this session we'll talk about some key concepts and design patterns for Continuous Deployment and Continuous Integration, two elements of lean development of applications and infrastructures.
Presenter: Adrian White, Solutions Architect, Amazon Web Services
Serverless has gained a lot on popularity recently and changed the way we develop the applications. We no longer need to care about setting up and managing the servers, scalability and deployment is simplified. Serverless is very often referred to as the approach which will let you to shift focus to implementing business logic when writing the code. But where has the complexity moved to now? How performant is Java code in serverless solution? Is serverless good for complex solutions? What are the benefits? During my talk I’d like to answer those questions based on our experiences of working on serverless solution written fully in Java.
Amazon ECS at Coursera: A unified execution framework while defending against...Brennan Saeta
Coursera built a unified execution framework called Iguazu powered by Amazon ECS to reliably run batch, scheduled, and near-line jobs at scale. Iguazu addresses Coursera's needs for high efficiency, low maintenance, easy development and deployment, and cost effectiveness. GrID was also built to securely evaluate programming assignments by running untrusted code inside Docker containers on ECS, defending against attacks through limitations, monitoring, and modified ECS agents. The systems have supported thousands of job runs daily while protecting Coursera's platforms.
Combining R With Java For Data Analysis (Devoxx UK 2015 Session)Ryan Cuprak
Java is a general-purpose language and is not particularly well suited for performing statistical analysis. Special languages and software environments have been created by and for statisticians to use. Statisticians think about programming and data analysis much different from Java programmers. These languages and tools make it easy to perform very sophisticated analyses on large data sets easily. Tools, such as R and SAS, contain a large toolbox of statistical tools that are well tested, documented and validated. For data analysis you want to use these tools.
In this session we will provide an overview of how to leverage the power of R from Java. R is the leading open source statistical package/language/environment. The first part of the presentation will provide an overview of R focusing on the differences between R and Java at the language level. We’ll also look at some of the basic and more advanced tests to illustrate the power of R. The second half of the presentation will cover how to integrate R and Java using rJava. We’ll look at leverage R from the new Java EE Batching (JSR 352) to provide robust statistical analysis for enterprise applications.
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Amazon Web Services
With AWS, companies now have the ability to develop and run their applications with speed and flexibility like never before. Working with an infrastructure that can be 100 percent API driven enables businesses to use lean methodologies and realize these benefits. This in turn leads to greater success for those who make use of these practices. In this session, we talk about some key concepts and design patterns for continuous deployment and continuous integration, two elements of lean development of applications and infrastructures.
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...Amazon Web Services
Organizations around the globe are leveraging the cloud to accomplish world-changing missions. This session will address how AWS can help organizations put more money toward their mission and scale outreach and operations to achieve more with less. Hear some of AWS’s most advanced customers on how their organizations handle DevOps, continuous integration and deployment. Learn how these practices allow them to rapidly develop, iterate, test and deploy highly-scalable web applications and core operational systems on AWS. The discussion will focus on best practices, lessons learned, and the specific technologies and services they use.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1stYuc2.
Brennan Saeta covers aspects of Coursera’s architecture that enables them to rapidly build sophisticated features for their learning platform. Saeta discusses also their experience running containers in production, what works, what doesn’t, and why. He briefly touches upon container threat models, and how to architect a defense-in-depth strategy to mitigate both known and unknown vulnerabilities. Filmed at qconlondon.com.
Brennan Saeta is a Lead Infrastructure Engineer, leading the ‘Cour’ (core) group responsible for the development environment, core libraries, and the common infrastructure powering Coursera.
Continuous Integration and Deployment Best Practices on AWSDanilo Poccia
This document discusses best practices for continuous integration and deployment on AWS. It recommends using AWS services like CodeCommit for source code repositories, CodeBuild for continuous integration, CodeDeploy for deployments, and CodePipeline for automated workflows. Continuous integration helps catch bugs early by frequently integrating code changes. Continuous deployment further automates releasing code to production multiple times a day through feature flags and A/B testing, allowing for rapid iteration and feedback from real users.
Continuous Integration and Deployment Best Practices on AWSAmazon Web Services
AWS Summit 2014 Perth - Breakout 6
With AWS companies now have the ability to develop and run their applications with speed and flexibility like never before. Working with an infrastructure that can be 100% API driven enables businesses to use lean methodologies and realize these benefits. This in turn leads to greater success for those who make use of these practices. In this session we'll talk about some key concepts and design patterns for Continuous Deployment and Continuous Integration, two elements of lean development of applications and infrastructures.
Presenter: Adrian White, Solutions Architect, Amazon Web Services
Serverless has gained a lot on popularity recently and changed the way we develop the applications. We no longer need to care about setting up and managing the servers, scalability and deployment is simplified. Serverless is very often referred to as the approach which will let you to shift focus to implementing business logic when writing the code. But where has the complexity moved to now? How performant is Java code in serverless solution? Is serverless good for complex solutions? What are the benefits? During my talk I’d like to answer those questions based on our experiences of working on serverless solution written fully in Java.
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Amazon Web Services
AWS offers a number of services that help you easily develop, build, deploy and run applications in the cloud. In this session you’ll learn best practices for managing your application lifecycle with these tools with a particular focus on development speed and release agility. Through interactive demonstrations, this session shows you how to get an application running using AWS Elastic Beanstalk, CloudFormation and CodeDeploy. You will also see how advanced techniques such as blue/green deployment, AMI baking, customer resources and in-place deployment reduce deployment friction and rapid change in your environment.
Speaker: Adrian White, Solutions Architect, Amazon Web Services
This document provides an overview of cloud native applications and the cloud native stack. It discusses key concepts like microservices, containerization, composition using Docker and Docker Compose, and orchestration using Kubernetes. It provides examples of building a simple microservices application with these technologies and deploying it on Kubernetes. Overall it serves as a guide to developing and deploying cloud native applications.
A presentation covering three new services from Amazon Web Services: the new Application Load Balancer (ALB), recent updates to the EC2 Container Service (ECS), and the new Kinesis Analytics.
"In recent years, containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources. It is relatively easy to run a few containers on your laptop, but building and maintaining an entire infrastructure to run and manage distributed applications is hard and requires a lot of undifferentiated heavy lifting.
In this session, we discuss some of the core architectural principles underlying Amazon ECS, a highly scalable, high performance service to run and manage distributed applications using the Docker container engine. We walk through a number of patterns used by our customers to run their microservices platforms, to run batch jobs, and for deployments and continuous integration. We explore the advanced scheduling capabilities of Amazon ECS and dive deep into the Amazon ECS Service Scheduler, which optimizes for long-running applications by monitoring container health, restarting failed containers, and load balancing across containers."
This document discusses continuous delivery/deployment strategies on AWS using various services. It begins with an introduction to continuous integration and continuous delivery/deployment. It then covers CD strategies such as blue-green deployments and red-black deployments. The rest of the document discusses various AWS services that can be used for application management like Elastic Beanstalk, OpsWorks, CloudFormation, and EC2 Container Service. It also covers services for application lifecycle management including CodeCommit, CodePipeline, and CodeDeploy.
Keeping consistent environments across your development, test, and production systems can be a complex task. Docker containers offer a way to develop and test your application in the same environment in which it runs in production. You can use tools such as Docker Compose for local testing of applications; Jenkins and AWS CodePipeline for code builds and workflow automation; and Amazon EC2 Container Service (ECS) to manage and scale containers.
AWS DevDay San Francisco, June 21, 2016.
Presenter: Nate Slater, Sr. Manager, Solutions Architecture
Serverless has gained a lot on popularity recently and changed the way we develop the applications. We no longer need to care about setting up and managing the servers, scalability and deployment is simplified. Serverless is very often referred to as the approach which will let you to shift focus to implementing business logic when writing the code. But where has the complexity moved to now? How performant is Java code in serverless solution? Is serverless good for complex solutions? What are the benefits? During my talk I’d like to answer those questions based on our experiences of working on serverless solution written fully in Java.
Amazon API Gateway and AWS Lambda provide a new way of building applications by removing servers from the picture. But what does the removal of servers mean to tasks like deployment, monitoring, and debugging? How should you set up blue-green deployments or set alarms? Come learn all this and more, including how to use AWS services and tools like AWS CodePipeline, AWS CloudFormation, and Amazon CloudWatch to manage your serverless applications at high quality.
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Amazon Web Services
In this session you’ll learn best practices for managing your application lifecycle with these tools with a particular focus on development speed and release agility. Through interactive demonstrations, this session shows you how to get an application running using AWS Elastic Beanstalk, CloudFormation and CodeDeploy. You will also see how advanced techniques such as blue/green deployment, AMI baking, customer resources and in-place deployment reduce deployment friction and rapid change in your environment.
The document discusses using Play Framework, Docker, CircleCI, and AWS together to create an automated microservices build pipeline. Key aspects include using GitHub for source control, CircleCI for continuous integration to build Docker images, pushing images to Docker Hub, and deploying to AWS using ECS for container orchestration. The author demonstrates setting up each part of the pipeline live.
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeployAmazon Web Services
The .NET Platform is undergoing a revolution with a new modularized .NET Framework and CoreCLR, a new cross platform runtime. ASP.NET 5 gives .NET developers the ability to develop and run their applications outside of Windows. In this session we will explore how to develop and deploy ASP.NET 5 applications on Windows with AWS CodeDeploy and Linux with Docker. For Docker we will explore using Docker with both Elastic Beanstalk and EC2 Container Service.
Much has been said about DevOps culture, this webinar talks about exactly what it means to exercise a DevOps methodology inside your organization and takes a more detailed look at Continuous Integration and Continuous Deployment – two of the elements of a successful DevOps framework. With AWS’s API driven infrastructure, running a lean platform becomes possible and the ability to treat ‘Infrastructure as Code’.
Reasons to attend:
Learn how to set up and experience the benefits of 'Continuous Integration' and 'Continuous Deployment' for your Development Environment.
Learn about DevOps best practices and the agility that the AWS Cloud can bring your business.
Learn how business have successfully implemented DevOps methodologies.
Java script nirvana in netbeans [con5679]Ryan Cuprak
This document discusses using NetBeans as an IDE for JavaScript development. It provides an overview of NetBeans' features for JavaScript including syntax highlighting, code completion, debugging, support for frameworks like Angular and Node.js, and mobile development with Apache Cordova. It also demonstrates how to set up and configure NetBeans for common JavaScript tasks like adding libraries, using build tools like Grunt and Gulp, and setting up unit testing with Karma and Jasmine.
As modern, agile architects and developers we need to master several different languages and technologies all at once to build state-of-the-art solutions and yet be 100% productive. We define our development environments using Gradle. We implement our software in Java, Kotlin or another JVM based language. We use Groovy or Scala to test our code at different layers. We construct the build pipelines for our software using a Groovy DSL or JSON. We use YAML and Python to describe the infrastructure and the deployment for our applications. We document our architectures using AsciiDoc and JRuby. Welcome to Babel!
Making the right choices in the multitude of available languages and technologies is not easy. Randomly combining every hip technology out there will surely lead into chaos. What we need is a customized, streamlined tool chain and technology stack that fits the project, your team and the customer’s ecosystem all at once. This code intense, polyglot session is an opinionated journey into the modern era of software industrialization.
Why does DevOps matter? How can you use continuous integration to build your product faster, make it more highly available, and be able to recover from bugs quickly? Let one of our solutions architects walk you through continuous integration and continuous delivery on AWS. This session includes live demos of our tools AWS CodeCommit, AWS CodePipeline, and AWS CodeDeploy.
Speaker: Leo Zhandovsky, Solutions Architect, Amazon Web services
recordings to the Canberra Summit can be found here
https://aws.amazon.com/events/anz/on-demand/canberra-summit/
(CMP406) Amazon ECS at Coursera: A general-purpose microserviceAmazon Web Services
"Coursera has helped millions of students learn computer science through MOOCs ranging from Introduction to Python, to state-of-the-art Functional-Reactive Programming in Scala. Our interactive educational experience relies upon an automated grading platform for programming assignments. But, because anyone can sign up for a course on Coursera for free, our systems must defend against arbitrary code execution.
Come learn how Coursera uses AWS services such as Amazon EC2 Container Service (ECS), and Amazon Virtual Private Cloud (VPC) to power a defense-in-depth strategy to secure our infrastructure against bad actors. We have modified the Amazon ECS Agent to support security layers including kernel privilege de-escalation, and enabling mandatory access control systems. Additionally, we post-process uploaded grading container images to defang binaries.
At the core of automated grading is a general-purpose near-line & batch scheduling and execution microservice built on top of the Amazon ECS APIs. We use this flexible system to power a variety of internal services across the company including data exports for instructors, course announcement emails, data reconciliation jobs, and more.
In this session, we detail aspects of our success from implementing Docker and Amazon ECS in production, providing ideas for your own scheduling, execution and hardening requirements."
Rock Solid Deployment of Web ApplicationsPablo Godel
This document discusses best practices for deploying web applications. It recommends automating deployment using tools like Capistrano, Fabric, or Phing to allow for continuous deployment. It also stresses the importance of monitoring servers and applications during deployment using tools like StatsD, Graphite, Logstash, Graylog, and Kibana. The document provides examples of deployment scripts and emphasizes planning deployment early in the development process.
Introduction to Docker | Docker and Kubernetes TrainingShailendra Chauhan
Learn to build modern infrastructure using docker and Kubernetes containers. Develop and deploy your ASP.NET Core application using Docker. Leverage to learn container technology to build your ASP.NET Core application.
Where is my cache architectural patterns for caching microservices by exampleRafał Leszko
The document discusses various architectural patterns for caching microservices, including embedded caching, embedded distributed caching, client-server caching, cloud caching, sidecar caching, reverse proxy caching, and reverse proxy sidecar caching. It provides examples and descriptions of each pattern, discussing pros and cons. The presentation concludes with a summary matrix comparing the different caching patterns based on factors like whether they are application-aware, support containers, are language-agnostic, support large amounts of data, have security restrictions, and can be deployed to the cloud.
This is a sharing on a seminar held together by Cathay Bank and the AWS User Group in Taiwan. In this sharing, overview of Amazon EMR and AWS Glue is offered and CDK management on those services via practical scenarios is also presented
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Amazon Web Services
AWS offers a number of services that help you easily develop, build, deploy and run applications in the cloud. In this session you’ll learn best practices for managing your application lifecycle with these tools with a particular focus on development speed and release agility. Through interactive demonstrations, this session shows you how to get an application running using AWS Elastic Beanstalk, CloudFormation and CodeDeploy. You will also see how advanced techniques such as blue/green deployment, AMI baking, customer resources and in-place deployment reduce deployment friction and rapid change in your environment.
Speaker: Adrian White, Solutions Architect, Amazon Web Services
This document provides an overview of cloud native applications and the cloud native stack. It discusses key concepts like microservices, containerization, composition using Docker and Docker Compose, and orchestration using Kubernetes. It provides examples of building a simple microservices application with these technologies and deploying it on Kubernetes. Overall it serves as a guide to developing and deploying cloud native applications.
A presentation covering three new services from Amazon Web Services: the new Application Load Balancer (ALB), recent updates to the EC2 Container Service (ECS), and the new Kinesis Analytics.
"In recent years, containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources. It is relatively easy to run a few containers on your laptop, but building and maintaining an entire infrastructure to run and manage distributed applications is hard and requires a lot of undifferentiated heavy lifting.
In this session, we discuss some of the core architectural principles underlying Amazon ECS, a highly scalable, high performance service to run and manage distributed applications using the Docker container engine. We walk through a number of patterns used by our customers to run their microservices platforms, to run batch jobs, and for deployments and continuous integration. We explore the advanced scheduling capabilities of Amazon ECS and dive deep into the Amazon ECS Service Scheduler, which optimizes for long-running applications by monitoring container health, restarting failed containers, and load balancing across containers."
This document discusses continuous delivery/deployment strategies on AWS using various services. It begins with an introduction to continuous integration and continuous delivery/deployment. It then covers CD strategies such as blue-green deployments and red-black deployments. The rest of the document discusses various AWS services that can be used for application management like Elastic Beanstalk, OpsWorks, CloudFormation, and EC2 Container Service. It also covers services for application lifecycle management including CodeCommit, CodePipeline, and CodeDeploy.
Keeping consistent environments across your development, test, and production systems can be a complex task. Docker containers offer a way to develop and test your application in the same environment in which it runs in production. You can use tools such as Docker Compose for local testing of applications; Jenkins and AWS CodePipeline for code builds and workflow automation; and Amazon EC2 Container Service (ECS) to manage and scale containers.
AWS DevDay San Francisco, June 21, 2016.
Presenter: Nate Slater, Sr. Manager, Solutions Architecture
Serverless has gained a lot on popularity recently and changed the way we develop the applications. We no longer need to care about setting up and managing the servers, scalability and deployment is simplified. Serverless is very often referred to as the approach which will let you to shift focus to implementing business logic when writing the code. But where has the complexity moved to now? How performant is Java code in serverless solution? Is serverless good for complex solutions? What are the benefits? During my talk I’d like to answer those questions based on our experiences of working on serverless solution written fully in Java.
Amazon API Gateway and AWS Lambda provide a new way of building applications by removing servers from the picture. But what does the removal of servers mean to tasks like deployment, monitoring, and debugging? How should you set up blue-green deployments or set alarms? Come learn all this and more, including how to use AWS services and tools like AWS CodePipeline, AWS CloudFormation, and Amazon CloudWatch to manage your serverless applications at high quality.
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Amazon Web Services
In this session you’ll learn best practices for managing your application lifecycle with these tools with a particular focus on development speed and release agility. Through interactive demonstrations, this session shows you how to get an application running using AWS Elastic Beanstalk, CloudFormation and CodeDeploy. You will also see how advanced techniques such as blue/green deployment, AMI baking, customer resources and in-place deployment reduce deployment friction and rapid change in your environment.
The document discusses using Play Framework, Docker, CircleCI, and AWS together to create an automated microservices build pipeline. Key aspects include using GitHub for source control, CircleCI for continuous integration to build Docker images, pushing images to Docker Hub, and deploying to AWS using ECS for container orchestration. The author demonstrates setting up each part of the pipeline live.
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeployAmazon Web Services
The .NET Platform is undergoing a revolution with a new modularized .NET Framework and CoreCLR, a new cross platform runtime. ASP.NET 5 gives .NET developers the ability to develop and run their applications outside of Windows. In this session we will explore how to develop and deploy ASP.NET 5 applications on Windows with AWS CodeDeploy and Linux with Docker. For Docker we will explore using Docker with both Elastic Beanstalk and EC2 Container Service.
Much has been said about DevOps culture, this webinar talks about exactly what it means to exercise a DevOps methodology inside your organization and takes a more detailed look at Continuous Integration and Continuous Deployment – two of the elements of a successful DevOps framework. With AWS’s API driven infrastructure, running a lean platform becomes possible and the ability to treat ‘Infrastructure as Code’.
Reasons to attend:
Learn how to set up and experience the benefits of 'Continuous Integration' and 'Continuous Deployment' for your Development Environment.
Learn about DevOps best practices and the agility that the AWS Cloud can bring your business.
Learn how business have successfully implemented DevOps methodologies.
Java script nirvana in netbeans [con5679]Ryan Cuprak
This document discusses using NetBeans as an IDE for JavaScript development. It provides an overview of NetBeans' features for JavaScript including syntax highlighting, code completion, debugging, support for frameworks like Angular and Node.js, and mobile development with Apache Cordova. It also demonstrates how to set up and configure NetBeans for common JavaScript tasks like adding libraries, using build tools like Grunt and Gulp, and setting up unit testing with Karma and Jasmine.
As modern, agile architects and developers we need to master several different languages and technologies all at once to build state-of-the-art solutions and yet be 100% productive. We define our development environments using Gradle. We implement our software in Java, Kotlin or another JVM based language. We use Groovy or Scala to test our code at different layers. We construct the build pipelines for our software using a Groovy DSL or JSON. We use YAML and Python to describe the infrastructure and the deployment for our applications. We document our architectures using AsciiDoc and JRuby. Welcome to Babel!
Making the right choices in the multitude of available languages and technologies is not easy. Randomly combining every hip technology out there will surely lead into chaos. What we need is a customized, streamlined tool chain and technology stack that fits the project, your team and the customer’s ecosystem all at once. This code intense, polyglot session is an opinionated journey into the modern era of software industrialization.
Why does DevOps matter? How can you use continuous integration to build your product faster, make it more highly available, and be able to recover from bugs quickly? Let one of our solutions architects walk you through continuous integration and continuous delivery on AWS. This session includes live demos of our tools AWS CodeCommit, AWS CodePipeline, and AWS CodeDeploy.
Speaker: Leo Zhandovsky, Solutions Architect, Amazon Web services
recordings to the Canberra Summit can be found here
https://aws.amazon.com/events/anz/on-demand/canberra-summit/
(CMP406) Amazon ECS at Coursera: A general-purpose microserviceAmazon Web Services
"Coursera has helped millions of students learn computer science through MOOCs ranging from Introduction to Python, to state-of-the-art Functional-Reactive Programming in Scala. Our interactive educational experience relies upon an automated grading platform for programming assignments. But, because anyone can sign up for a course on Coursera for free, our systems must defend against arbitrary code execution.
Come learn how Coursera uses AWS services such as Amazon EC2 Container Service (ECS), and Amazon Virtual Private Cloud (VPC) to power a defense-in-depth strategy to secure our infrastructure against bad actors. We have modified the Amazon ECS Agent to support security layers including kernel privilege de-escalation, and enabling mandatory access control systems. Additionally, we post-process uploaded grading container images to defang binaries.
At the core of automated grading is a general-purpose near-line & batch scheduling and execution microservice built on top of the Amazon ECS APIs. We use this flexible system to power a variety of internal services across the company including data exports for instructors, course announcement emails, data reconciliation jobs, and more.
In this session, we detail aspects of our success from implementing Docker and Amazon ECS in production, providing ideas for your own scheduling, execution and hardening requirements."
Rock Solid Deployment of Web ApplicationsPablo Godel
This document discusses best practices for deploying web applications. It recommends automating deployment using tools like Capistrano, Fabric, or Phing to allow for continuous deployment. It also stresses the importance of monitoring servers and applications during deployment using tools like StatsD, Graphite, Logstash, Graylog, and Kibana. The document provides examples of deployment scripts and emphasizes planning deployment early in the development process.
Introduction to Docker | Docker and Kubernetes TrainingShailendra Chauhan
Learn to build modern infrastructure using docker and Kubernetes containers. Develop and deploy your ASP.NET Core application using Docker. Leverage to learn container technology to build your ASP.NET Core application.
Where is my cache architectural patterns for caching microservices by exampleRafał Leszko
The document discusses various architectural patterns for caching microservices, including embedded caching, embedded distributed caching, client-server caching, cloud caching, sidecar caching, reverse proxy caching, and reverse proxy sidecar caching. It provides examples and descriptions of each pattern, discussing pros and cons. The presentation concludes with a summary matrix comparing the different caching patterns based on factors like whether they are application-aware, support containers, are language-agnostic, support large amounts of data, have security restrictions, and can be deployed to the cloud.
This is a sharing on a seminar held together by Cathay Bank and the AWS User Group in Taiwan. In this sharing, overview of Amazon EMR and AWS Glue is offered and CDK management on those services via practical scenarios is also presented
This document discusses using various technologies on Google App Engine including JIQL, GaeVFS, RESTlets, scheduled tasks, JRuby on Rails, task queues, XMPP, and Clojure. JIQL emulates a relational database on App Engine's Bigtable datastore. GaeVFS provides a virtual filesystem on Bigtable. RESTlets make RESTful web services easy to implement in Java on App Engine. Scheduled tasks allow for background processing via cron jobs. JRuby on Rails provides a way to run Ruby on Rails applications on App Engine. Task queues allow for asynchronous background processing. XMPP enables instant messaging and peer-to-peer applications. Clojure can also be used
- The document outlines best practices for using containers in continuous delivery solutions with Docker and Amazon ECS, including using containers to provide predictable environments, fast feedback, and quick feature rollouts.
- It demonstrates a development and deployment workflow using AWS CodeCommit for source control, Jenkins for builds and testing, and Amazon ECS for deployment, with CodePipeline automating the workflow.
- Live demos were presented showing building and deploying a Rails application using Docker Compose locally and on Amazon ECS, running tests with Jenkins, and integrating the stages with AWS CodePipeline.
Integration testing is hard, and often teams are tempted to do it in production. Testcontainers allows writing meaningful integration tests spawning Docker containers for databases, queue systems, kv-store, other services. The talk, a blend of slides and live code, will show how we are able to deploy without fear while integrating with a dozen of different datastores. Don't mock your database with fake data anymore, work with real data
Phil Basford - machine learning at scale with aws sage makerAWSCOMSUM
The document discusses a machine learning endpoint architecture experiment conducted using Amazon SageMaker. Key aspects covered include:
- The reference architecture used Amazon SageMaker endpoints running Docker containers with inference engines like XGBoost and TensorFlow.
- An experiment tested endpoint scaling and performance under load using Artillery. It found endpoints automatically scaled to two instances and each could handle high request volumes, but starting a new instance took 7 minutes.
- Analysis of CloudWatch logs determined that instances handled load evenly and autoscaled as needed when an instance terminated.
Machine learning at scale with aws sage makerPhilipBasford
The document discusses machine learning at scale using serverless architectures on AWS, including a reference architecture using Amazon SageMaker, AWS Lambda, and other services, and details of experiments conducted to test performance, scalability, and operational aspects of deploying machine learning models with a serverless approach. It also covers monitoring metrics, deployment strategies, and using AWS services like X-Ray, CloudWatch, and CodePipeline to enable continuous deployment of machine learning models.
Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...DataStax Academy
Presenters, L
Putting together a cloud based web application that allows end users to upload, encode, manage and distribute video media files is not a difficult task these days. Especially with the number of related frameworks and services available, ready to be used or consumed. The situation gets more complex when the expected traffic is in the millions-of-users range, globally distributed, and requiring detailed monitoring for usage. Using this scenario, in this session you will learn how to use the recently updated Datastax C# Cassandra driver, how to deploy a multi-datacenter Cassandra cluster using the Microsoft Azure platform that can be accessed from different programming languages, and how to leverage existing cloud services to perform some of the tasks associated with this use case.
1) Ansible is being used at Backbase to automate the provisioning of different server configurations for testing their Customer Experience Platform (CXP).
2) A REST API and UI allow users to easily provision new environments from available server stacks configured with Ansible for testing.
3) This enables Backbase to implement continuous delivery practices like automated testing of new versions without affecting production environments.
20211202 NADOG Adapting to Covid with Serverless Craeg Strong Ariel PartnersCraeg Strong
This case study describes how we leveraged serverless technology and the AWS serverless application model (SAM) to support the needs of virtual training classes for a major US Federal agency. Our firm was excited to be selected as the main training partner to help a major US Federal government agency roll out Agile and DevOps processes across an organization comprising more than 1500 people. And then the pandemic hit—and what was to have been a series of in-person classes turned 100% virtual! We created a set of fully populated docker images containing all of the test data, plugins, and scenarios required for the student exercises. For our initial implementation, we simply pre-loaded our docker images into elastic beanstalk and then replicated them as many times as needed to provide the necessary number of instances for a given class. While this worked out fine at first, we found a number of shortcomings as we scaled up to more students and more classes. Eventually we came up with a much easier solution using serverless technology: we stood up a single page application that could kickoff tasks using AWS step functions to run docker images in elastic container service, all running under AWS Fargate. This application is a perfect fit for serverless technology and describing our evolution to serverless and SAM may help you gain insights into how these technologies may be beneficial in your situation.
Java in 2019 was predicted to be business as usual by many. We have seen new Java releases coming out as planned, AdoptOpenJDK became the main trustful source of binaries and Oracle fighting for the trademark again by preventing the use of javax as namespace. Everything looks like it would be a silent year for Java. But one thing seems obvious. Java's popularity is not gaining any more traction. New language features keep it up to date but people are getting more selective when it comes to implementation choices. Especially in the age of containers and cloud infrastructures. This talk walks you through the why and how of Java in containers. We will talk about image size and development and deployment processes.
20211202 North America DevOps Group NADOG Adapting to Covid With Serverless C...Craeg Strong
This case study describes how we leveraged serverless technology and the AWS serverless application model (SAM) to support the needs of virtual training classes for a major US Federal agency. Our firm was excited to be selected as the main training partner to help a major US Federal government agency roll out Agile and DevOps processes across an organization comprising more than 1500 people. And then the pandemic hit—and what was to have been a series of in-person classes turned 100% virtual! We created a set of fully populated docker images containing all of the test data, plugins, and scenarios required for the student exercises. For our initial implementation, we simply pre-loaded our docker images into elastic beanstalk and then replicated them as many times as needed to provide the necessary number of instances for a given class. While this worked out fine at first, we found a number of shortcomings as we scaled up to more students and more classes. Eventually we came up with a much easier solution using serverless technology: we stood up a single page application that could kickoff tasks using AWS step functions to run docker images in elastic container service, all running under AWS Fargate. This application is a perfect fit for serverless technology and describing our evolution to serverless and SAM may help you gain insights into how these technologies may be beneficial in your situation.
This document provides an agenda for a presentation that includes topics on .NET Core applications, containerization with Docker, running and scaling apps on Kubernetes, deployments using Helm, canary releases with service mesh (Istio), and demos of these technologies. It discusses .NET Core 2.1 features, containers, Docker, Kubernetes architecture and deployment, using Helm for deployments, Istio architecture and canary releases, and includes demos of setting up and using these technologies.
Java 9 is expected to include several new features and changes, including:
- New collection factory methods like Set.of() and Map.of() that provide immutable collections.
- Enhancements to the Stream API such as takeWhile() and dropWhile().
- Syntax changes like allowing effectively final variables in try-with-resources and @SafeVarargs for private methods.
- The addition of JShell to provide a Java REPL.
- Garbage First (G1) garbage collector becoming the default collector.
- Various performance and logging improvements.
Kerberizing Spark: Spark Summit East talk by Abel Rincon and Jorge Lopez-MallaSpark Summit
Spark had been elected, deservedly, as the main massive parallel processing framework, and HDFS is the one of the most popular Big Data storage technologies. Therefore its combination is one of the most usual Big Data’s use cases. But, what happens with the security? Can these two technologies coexist in a secure environment? Furthermore, with the proliferation of BI technologies adapted to Big Data environments, that demands that several users interacts with the same cluster concurrently, can we continue to ensure that our Big Data environments are still secure? In this lecture, Abel and Jorge will explain which adaptations of Spark´s core they had to perform in order to guarantee the security of multiple concurrent users using a single Spark cluster, which can use any of its cluster managers, without degrading the outstanding Spark’s performance.
Running your dockerized application(s) on AWS Elastic Container ServiceMarco Pas
This document discusses running Dockerized applications on AWS EC2 Container Service (ECS). It covers building Docker images from Spring Boot applications, pushing images to ECR, deploying containers to ECS using Terraform, autoscaling containers based on CPU usage, service discovery using DNS, and monitoring containers using Prometheus. The key aspects covered include creating Docker images, using ECS for container orchestration, infrastructure as code with Terraform, autoscaling, service discovery, logging and monitoring containers.
This document provides an introduction to Node.js, a framework for building scalable server-side applications with asynchronous JavaScript. It discusses what Node.js is, how it uses non-blocking I/O and events to avoid wasting CPU cycles, and how external Node modules help create a full JavaScript stack. Examples are given of using Node modules like Express for building RESTful APIs and Socket.IO for implementing real-time features like chat. Best practices, limitations, debugging techniques and references are also covered.
An overview of our experiments at Industrial Light and Magic to create a fully cloud based pipeline, based on Mesos, Docker and automated with Ansible.
Similar to Docker & ECS: Secure Nearline Execution (20)
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
WhatsApp offers simple, reliable, and private messaging and calling services for free worldwide. With end-to-end encryption, your personal messages and calls are secure, ensuring only you and the recipient can access them. Enjoy voice and video calls to stay connected with loved ones or colleagues. Express yourself using stickers, GIFs, or by sharing moments on Status. WhatsApp Business enables global customer outreach, facilitating sales growth and relationship building through showcasing products and services. Stay connected effortlessly with group chats for planning outings with friends or staying updated on family conversations.
What is Augmented Reality Image Trackingpavan998932
Augmented Reality (AR) Image Tracking is a technology that enables AR applications to recognize and track images in the real world, overlaying digital content onto them. This enhances the user's interaction with their environment by providing additional information and interactive elements directly tied to physical images.
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfUndress Baby
The quest for the best AI face swap solution is marked by an amalgamation of technological prowess and artistic finesse, where cutting-edge algorithms seamlessly replace faces in images or videos with striking realism. Leveraging advanced deep learning techniques, the best AI face swap tools meticulously analyze facial features, lighting conditions, and expressions to execute flawless transformations, ensuring natural-looking results that blur the line between reality and illusion, captivating users with their ingenuity and sophistication.
Web:- https://undressbaby.com/
What is Master Data Management by PiLog Groupaymanquadri279
PiLog Group's Master Data Record Manager (MDRM) is a sophisticated enterprise solution designed to ensure data accuracy, consistency, and governance across various business functions. MDRM integrates advanced data management technologies to cleanse, classify, and standardize master data, thereby enhancing data quality and operational efficiency.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Takashi Kobayashi and Hironori Washizaki, "SWEBOK Guide and Future of SE Education," First International Symposium on the Future of Software Engineering (FUSE), June 3-6, 2024, Okinawa, Japan
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
5. Outline
• Evolution of Coursera’s nearline execution systems
• Next-generation execution framework: Iguazú
• Iguazú application deep dive:
GrID — evaluating programming assignments
6. Key Takeaways
• What is nearline execution, and why it is useful
• Best practices for running containers in production
in the cloud
• Hardening techniques for securely operating
container infrastructure at scale
15. Upgrading to the JVM
• Leverage mature Scala & JVM ecosystems for code
sharing
• JVM much more reliable (no memory leaks)
• New job model: scheduled recurring jobs.
• Named: Saturn
20. Problems with Saturn
• Single master meant naïve implementation ran all
jobs in same JVM
• Huge CPU contention @ top of the hour
• OOM Exceptions & GC issues
36. Failure in Nearline Systems
• Most jobs are non-idempotent
• Iguazú: At most once execution
• Time-bounded delay
• Future: At least once execution
• With caveats
37. Iguazú adoption by the numbers
~100 jobs in
production
>1000 runs
per day
>100 different job
schedules
38. Iguazú Applications
Nearline Jobs
• Pedagogical Instructor
Data Exports
• System Integrations
• Course Migrations
Scheduled Recurring Jobs
• Course Reminders
• System Integrations
• Payment reconciliation
• Course translations
• Housekeeping
• Build artifact archival
• A/B Experiments
39. While containers may help you
on your journey, they are not
themselves a destination.CC-by-2.0 https://www.flickr.com/photos/usoceangov/5369581593
40. Writing an Iguazu Job
class AbReminderJob @Inject() (abClient: AbClient, email: EmailAPI)
extends AbstractJob {
override val reservedCpu = 1024 // 1 CPU core
override val reservedMemory = 1024 // 1 GB RAM
def run(parameters: JsValue) = {
val experiments = abClient.findForgotten()
logger.info(s"Found ${experiments.size} forgotten experiments.")
experiments.foreach { experiment =>
sendReminder(experiment.owners, experiment.description)
}
}
}
41. Writing an Iguazu Job
class AbReminderJob @Inject() (abClient: AbClient, email: EmailAPI)
extends AbstractJob {
override val reservedCpu = 1024 // 1 CPU core
override val reservedMemory = 1024 // 1 GB RAM
def run(parameters: JsValue) = {
val experiments = abClient.findForgotten()
logger.info(s"Found ${experiments.size} forgotten experiments.")
experiments.foreach { experiment =>
sendReminder(experiment.owners, experiment.description)
}
}
}
42. Writing an Iguazu Job
class AbReminderJob @Inject() (abClient: AbClient, email: EmailAPI)
extends AbstractJob {
override val reservedCpu = 1024 // 1 CPU core
override val reservedMemory = 1024 // 1 GB RAM
def run(parameters: JsValue) = {
val experiments = abClient.findForgotten()
logger.info(s"Found ${experiments.size} forgotten experiments.")
experiments.foreach { experiment =>
sendReminder(experiment.owners, experiment.description)
}
}
}
43. Writing an Iguazu Job
class AbReminderJob @Inject() (abClient: AbClient, email: EmailAPI)
extends AbstractJob {
override val reservedCpu = 1024 // 1 CPU core
override val reservedMemory = 1024 // 1 GB RAM
def run(parameters: JsValue) = {
val experiments = abClient.findForgotten()
logger.info(s"Found ${experiments.size} forgotten experiments.")
experiments.foreach { experiment =>
sendReminder(experiment.owners, experiment.description)
}
}
}
44. Writing an Iguazu Job
class AbReminderJob @Inject() (abClient: AbClient, email: EmailAPI)
extends AbstractJob {
override val reservedCpu = 1024 // 1 CPU core
override val reservedMemory = 1024 // 1 GB RAM
def run(parameters: JsValue) = {
val experiments = abClient.findForgotten()
logger.info(s"Found ${experiments.size} forgotten experiments.")
experiments.foreach { experiment =>
sendReminder(experiment.owners, experiment.description)
}
}
}
47. Deploying a new Iguazu Job
• Developer
• merge into master… done
• Jenkins Build Steps
• Compile & package job JAR
• Prepare Docker image
• Pushes image into registry
• Register updated job with
Amazon ECS API
48. Invoking an Iguazú Job
// invoking a job with one function call
// from another service via REST framework RPC
val invocationId = iguazuJobInvocationClient
.create(IguazuJobInvocationRequest(
jobName = "exportQuizGrades",
parameters = quizParams))
56. Solution: GrID
Patrick Hoesly (https://www.flickr.com/photos/zooboing/5665221326/) CC-BY-2.0
• Service + framework for grading
programming assignments
• Builds on Iguazú
• Named for Tron’s “digital frontier”
• Backronym: Grading Inside Docker
63. The Security Challenge
Compiling and running untrusted, arbitrary code on
our cluster in near real time.
Would you like to compile and run C code from random
people on the Internet on your servers?
65. Security Assumptions
• Run arbitrary binaries
• Instructor grading scripts may have vulnerabilities
• ∴ Grading code is untrusted
• Unknown vulnerabilities in Docker and Linux
name-spacing and/or container implementation
66. Security Goals
Prevent submitted code from:
• impacting the evaluation of other submissions.
• disrupting the grading environment (e.g., DoS)
• affecting the rest of the Coursera learning platform
69. CPU CPU CPU CPU
RAM
Alice’s Container
Alice’s
Submission
Grader
Bob’s Container
Bob’s
Submission
Grader
Mallory’s
Container
Mallory’s
Submission
Grader
Kernel
Disk
70. CPU CPU CPU CPU
RAM
Alice’s Container
Alice’s
Submission
Grader
Bob’s Container
Bob’s
Submission
Grader
Mallory’s
Container
Mallory’s
Submission
Grader
Kernel
Disk
71. CPU cgroups CPU cgroups
RAM — cgroups
Alice’s Container
Alice’s
Submission
Grader
Bob’s Container
Bob’s
Submission
Grader
Mallory’s
Container
Mallory’s
Submission
Grader
Kernel
Disk
72. CPU cgroups CPU cgroups
RAM — cgroups
Alice’s Container
Alice’s
Submission
Grader
Bob’s Container
Bob’s
Submission
Grader
Mallory’s
Container
Mallory’s
Submission
Grader
Kernel
Disk
78. Attacks: Network attacks
Attacks:
• Bitcoin mining
• DoS attacks on other systems
• Access Amazon S3 and other AWS APIs
Defense:
• Deny network access
79. Docker Network Modes
NetworkDisabled too restrictive
• Some graders require local loopback
• Feature also deprecated
--net=none + deny net_admin + audit
network
• Isolation via Docker creating an
independent network stack for each
container
github.com/coursera/amazon-ecs-agent
83. Defense in Depth
• Mandatory Access Control (App Armor)
• Allows auditing or denying access to a
variety of subsystems
• Drop capabilities from bounding set
• No need for NET_BIND_SERVICE,
CAP_FOWNER, MKNOD
• Deny root within container
84. Deny Root Escalations
• We modify instructor grader images
before allowing them to be run
• Clears setuid
• Inserts C wrapper to drop privileges from
root and redirect stdin/stdout/stderr
• Run cleaning job on another Iguazú
cluster
• Run Docker in Docker!
• Docker 1.10 adds User Namespaces
85. If all else fails…
• Utilizes VPC security measures to
further restrict network access
• No public internet access
• Security group to restrict
inbound/outbound access
• Network flow logs for auditing
• Separate AWS account
• Run in an Auto Scaling group
• Regularly terminate all grading EC2
instances
86. Other Security Measures
• Utilize AWS CloudTrail for audit logs
• Third-party security monitoring
(Threat Stack)
• No one should log in, so any TTY is an alert
• Penetration testing by third-party red
team (Synack)
87. Lessons Learned - GrID
• Building a platform for code
execution is hard!
• Carefully monitor disk usage
• Run the latest kernels
• Latest security patches
• btrfs wedging on older kernels
• Default Ubuntu 14.04 kernel not new
enough!
- General platform, not just for single course types .
- Advance pedagogy
- Transformative education?
Let me paint a picture for you. It's the wild wild west of 2012 silicon valley. Like gold miners from yesteryear, the weight of hopes, dreams and promises of affordable high quality education pushed a small team of mostly Stanford undergrads to build a platform for global learning.
Everyone was working around the clock, and we needed to get something shipped quickly. We started with a stateless PHP-based monolith backed by a sharded array of MySQL servers. This architecture enabled the small team to quickly build out the fundamental features of the learning platform. We built forums, video lectures, in video-quizzes, assessments, and more in this architecture. Thanks to some good engineering, it scaled beautifully and had great availability.
But then, we started getting these weird feature requests that we couldn't effectively build in this monolithic architecture.
Since joining Coursera, I've learned a few things. One of which is that instructors are humans. Another, is that procrastination is a global phenomenon. Instructors would upload their video lectures hours before they needed to be released. We needed to quickly optimize them for distribution across the internet and to our low-bandwidth users. However, our webtier was not well suited for this long-running job.
Additionally, as we built our platform, we wrote a function that would compute a user's grade as they progressed through the course. However, as courses ended, we needed to re-compute everyone's grades in order to issue certificates of completion. We had no way of doing this effectively within a web request.
Finally, a key promise of MOOCs is pedagogical innovation derived from large learner behavior datasets. Our early instructional teams were begging us to release data on their own courses
The PHP monolith had a lot of really useful code. We had a sharded database abstraction, common data models, and libraries such as the grade computation function. We had so many new features to build, so we wanted to avoid re-writing all of that.
So, we did the easy-expedient thing, ...
Copy of online serving codebase polling a queue.
Restarts required due to memory leaks in PHP runtime.
Code updates were infrequent and painful.
Already in 2012, we realized the need to move off of PHP. After many lengthy debates on the comparitive merits of static types, concurrency, and performance, and after experimenting with toy Python, Go, and Java services, we eventually settled on Scala for our primary server-side technology. By 2013, we began completely re-architecting the learning platform from the ground up.
As part of this migration, we re-built our nearline execution framework in Scala.
Code sharing:
- JARs
- Packages
- DI-abstractions, such as Guice Modules
... Now, as part of the migration, we changed the mental model for running a job. We realized that running some code on a regular cadence is a useful building block for platform features. Developers would write their jobs, and schedule them to run on a regular, recurring basis.
As we moved to a modern, Scala, microservices-based architecture, we invested heavily in the tool-chain, from common libraries to automated deployment.
We still were aggressively under-resourced, so we wanted to re-use as much of that as possible.
As a result, Saturn is just another HTTP microservice, that serves no HTTP requests. When the server boots up, it forks a background thread to run the jobs. These jobs can easily interact with the other microservices in our architecture, just like any other microservice.
For high availability, we always run at minimum 3 replicas of every service across 3 availability zones. While this works fine for the other microservices where each incoming request is sent to one replica, this is a big problem for Saturn. We do not want
... Now the conventional wisdom is that if you have a problem, and then you introduce zookeeper, you now have 2 problems. While zookeeper may be seen as an architecture anti-pattern, Saturn had much bigger issues.
Key point: minimal amount of work required to get their job done. Abstract away not just VMs / instances / clusters / etc., but also difficulties of code sharing & scheduling & deployment.
Most important feature: great developer workflow. Developers care about the product features they need to ship. They don’t care if underneath the hood it’s running on containers, VMs or bare metal, so long as there is:
- Easy development
- Automated deployment
- Reliable runtime
Nearline execution, or almost immediate execution of non-interactive jobs that interact with online serving systems.
Now, I want to talk about an important implementation detail. In particular, why do we put this queue here right in the middle of a nice, clean, normal microservice? We do not need to have a queue for communication between the two halves of Iguazu. It could be a simple function call; when a request comes in, we could have the Iguazu microservice immediately turn around and schedule with the ECS API before responding.
Recall, the big problem with Saturn is that at the top of the hour, dozens of jobs would kick off, and we’d exhaust all available resources. But, a nearline system is intentionally not an online system. In an online system, requests must be served immediately. But ia nearline architecture, the framework and scheduler is allowed to delay the execution of the jobs. We leverage a Queue to buffer up the bursty nature of incoming jobs. As a result, a nearline system can be provisioned at less than peak capacity. In fact, a nearline cluster can be provisioned on a gradient between peak capacity and average capacity, allowing a tradeoff between latency and cost.
When moving to a cloud-native architecture, you will be brainwashed into using autoscaling. There is a good reason for that. This is because autoscaling is a really good practice for online, latency-sensitive microservices.
Even more important than saving money, Autoscaling enforces immutable infrastructure, and high degrees of automation resulting in a modern, flexible and highly available architecture. Those benefits translate over to nearline environments. We autoscale not just the control plane, but the worker pool as well.
However, autoscaling a cluster with long running jobs is much more challenging than low latency API servers. While scaling up is easy, scaling down safely is harder. You don’t want to terminate an EC2 instance that’s running a non-idempotent job! To solve this problem, we don’t use the default Amazon ECS scheduler. Instead, Iguazu has its own scheduler that is integrated with the Amazon Autoscaling API to avoid scheduling new jobs on instances scheduled for termination.
Unfortunately, while we can work to avoid premature terminations, the reality is that jobs will fail to complete. The hardware could fail, power could go out, it could try and use too much memory, and there may be bugs. When designing distributed systems, you must architect for failure right from the start.
In our experience, many of these nearline jobs make API calls, and have a large number of side effects (e.g. sending emails). Re-running a failed job could have serious consequences.
Coursera is a very data-informed company; we always look to numbers to track our progress and validate our successes. Coursera developers have authored over an order of magnitude more jobs than in any of our previous systems. Developers take advantage of scheduled recurring jobs, and many jobs have multiple different schedules associated with them. As a result, we’re constantly running jobs on our cluster.
While numbers can tell a very insightful story, I think in this context they are too difficult to interpret appropriately. I find it more illustrative to look at how we use Iguazu to truly understand how ubiquitously applicable nearline architectures can be.
When you decide to build a new website, you almost never start with int main(). We always build on top of higher-level frameworks; there’s no need to re-write HTTP parsing libraries, cookie libraries, or database connection pools. The same principles apply to containers and nearline jobs. Saying “I’m using containers to build my app” is like saying “I’m using HTTP to build my app”. While it’s a great foundation, often a higher level of abstractions results in increased developer productivity. So, while containers may be an integral component of your architecture, or even necessary to the solution, they are not sufficient! Good architects should think about even higher levels of abstraction.
While Iguazu can invoke and run arbitrary containers, in practice almost all jobs use the most important feature of Igauzu: the developer-optimized higher level framework. This is what a toy job looks like. Let’s break it down.
The Hollywood principle says, “Don’t call me, I’ll call you.” Normally, you hear about it in the context of IoC frameworks, dependency injection, and UI or app toolkits. But it absolutely applies to distributed systems as well. Thinking back to Cascade (the initial PHP framework), if a developer wanted to test their new job, they must create a new queue, reconfigure their local copy of Cascade to talk to their new private queue, insert the job information into the queue, and wait for their job to eventually be run.
At Coursera, we practice a DevOps (or actually NoOps) approach. All developers deploy their own code hundreds of times a week via automated tools and custom webapp tools.
Now, back in 2012, we totally laughed at PHP for it's horribly unreliable runtime full of memory leaks. But in Iguazu, we're actually worse. We don't just throw away the whole process, we throw away the whole file system, and the rest of the container. But, actually, this is a really good idea.
Longer-running, resource intensive jobs tend to leave a disproportionate amount of garbage in their wake. It's common to use temporary files on disk & a variety of other resources, such as temporary files as part of our pedagogical data exports. By allocating a new container instance from the container image, the system ensures a consistent environment and freeing developers from file bookkeeping in the same way a garbage collector frees developers from memory management.
PHP was on to something after all!!!
Now, I'd like to delve into the flagship application of Iguazu: Evaluating programming assignments.
Procrastination is a global phenomenon. We regularly see an order of magnitude increase in submission rates right before assignment deadlines. We needed an elastic service backed by a shared pool of resources to efficiently evaluate programming assignments in a cost effective manner.
Our online serving environment benefits greatly from immutable infrastructure and high degrees of automation to radically reduce operations and maintenance overhead. We wanted to apply these same lessons to evaluating programming assignments.
For pedagogical reasons, we would like to provide feedback as quickly as possible. Ideally, we are able to execute fast graders and turn around their scores within 60 seconds at the 90th percentile.
… Thanks to Iguazu, the GrID service itself is only ~1k LoC.
Because we’re operating on a shared pool of resources, we need to bake security into the infrastructure. This also has the added benefit of making the system robust to less byzantine occurrences. But, what does “Secure Infrastructure” even mean?
… By a show of hands, who of you would like to run arbitrary C code from random people on the internet on your servers?
While you may think this insane security challenge only applies to these crazies from Coursera, it turns out that this applies far more broadly.
Most Dockerfiles start with “from ubuntu”, or “from redis” or ”from jane-doe-on-github”. That one little innocent-looking line pulls in effectively arbitrary binaries & code to run on your container infrastructure. What this means is that: in practice, if you have container-based infrastructure at your organization, you should prepare to defend against arbitrary code running within your containers.
Now, containers are very new, and security is sometimes very impenetrable. So, let’s instead talk about something that’s old, and much more straight forward. Babies. The first picture I have of a gaggle of small children is something along the lines of this picture. Each one warmly swaddled in their own … tub, happy as can be. When I initially thought of grading programming assignments, I had a similar image. Each submission happly running along within their own container. Reality will quickly disabuse of these foolish notions.
https://www.google.com/search?espv=2&biw=2560&bih=1468&tbm=isch&sa=1&q=babies+hospital+&oq=babies+hospital+&gs_l=img.3..0j0i30j0i5i30l3j0i8i30l5.4194.4194.0.4783.1.1.0.0.0.0.74.74.1.1.0....0...1c.1.64.img..0.1.74.mKcYVszmBgo#imgrc=BRbfAc8Wi9uf2M%3A
Once we have all of these systems configured, graders can run happily within the containers.
Now, some of you functional programmers may have picked up on something: grading is an idempotent operation. But as it turns out, with GrID, its even better. Because we have hermetically sealed the grading containers, we have transformed messy business of evaluating programming assignments into effectively a pure function in the functional programming sense. It has almost zero extra input from the outside world! Containers are really cool!
If you ignore all the name-spacing and container mumbo-jumbo, at the core processes running within containers are just linux processes, and so the standard security techniques apply.
Now, there are a number of unknown vulnerabilities not included in this defense.
Baby monitor graphics?
Public Domain: https://www.flickr.com/photos/mustangjoe/20437315996/in/photolist-x8YA2b-4CHj67-8Cjveb-bC2UPc-ibCEkV-aswFR8-gmv5Vj-4r5sPk-4CHiyy-92qQGf-28i54x-5LfUcS-opNLAM-7QTwNd-d7HmTA-efZc4Y-brT6Uv-d7Hnfd-5sARbG-5vvzmv-aqn5Li-DTWCYi-7XMsUo-8m1fUK-uj58iZ-D2nADa-78SpzZ-6BJGaL-4BrcEY-ne6BDJ-9FhXQ6-9QALSm-4EP8Hb-6h14wn-5nTnpt-7groVi-4EP8VW-8Qv9zx-6bCq1k-a7E8EJ-adFoNW-5Rp7Pb-s8otHi-7xSqsJ-4JZiUA-qW6wFZ-7XJdzg-jiYBq5-9hJ5Vo-ySx3Uo