The document discusses how PowerShell can be used to manage Azure resources. It provides examples of using PowerShell to configure Azure subscriptions, manage virtual machines including creation, configuration and storage, manage virtual networks, and automate common Azure tasks. The road to Azure for IT professionals goes through PowerShell according to the document.
Jenkins, jclouds, CloudStack, and CentOS by David Nalleybuildacloud
Setting up continuous integration for a single project can be a pretty daunting task. Doing that for hundreds of projects becomes a challenge of a different magnitude. Not only are their capacity problems, but some tests are destructive to the testing environment, some have esoteric environment demands. See how this is solved in the real world using Jenkins, jclouds, CloudStack to build an on-demand build infrastructure.
About David Nalley
David Nalley is the Vice President, Infrastructure at the Apache Software Foundation and a CloudStack PMC member.
How to protect your application from outages and failures of cloud infrastructures. Planning disaster recovery architecture and use Cloudify for cloud abstraction and monitoring.
Jenkins, jclouds, CloudStack, and CentOS by David Nalleybuildacloud
Setting up continuous integration for a single project can be a pretty daunting task. Doing that for hundreds of projects becomes a challenge of a different magnitude. Not only are their capacity problems, but some tests are destructive to the testing environment, some have esoteric environment demands. See how this is solved in the real world using Jenkins, jclouds, CloudStack to build an on-demand build infrastructure.
About David Nalley
David Nalley is the Vice President, Infrastructure at the Apache Software Foundation and a CloudStack PMC member.
How to protect your application from outages and failures of cloud infrastructures. Planning disaster recovery architecture and use Cloudify for cloud abstraction and monitoring.
[JSDC 2016] Codex: Conditional Modules Strike BackAlex Liu
Netflix runs hundreds of multivariate AB tests a year, many of which help personalize the experience in the UI. This causes an exponential growth in the number of user experiences we serve to members, with each unique experience resulting in a unique JS/CSS bundle. Pre-publishing million of permutations to the CDN for each build of each UI simply does not work at Netflix scale.
Instead, we've taken a novel approach by standing up a brand new Node.js service: Codex. Codex's sole responsibility is to build personalized JS/CSS bundles on the fly for our members as they move through the Netflix user experience. This frees up our UI teams to innovate rapidly on the UI itself, without having to worry about the costs of infrastructure and the complexity of pre-publishing to the CDN.
As we stood up Codex, we learned a ton about building a horizontally scalable Node.js microservice. This talk is the story of how we built, designed, and scaled that service to meet the needs of our 80 million customers.
This talk demonstrates how to develop single page apps with the new angular2 framework and TypeScript. We show the new concepts of angular2 not only in theory, but using a real application. To this end, we develop a real-time angular2 website, for users to to ask and upvote questions during a talk identified by a hash tag. The session chair can ask the most popular questions at the end of the talk.
Dieser Vortrag zeigt, wie man mit dem neuen Angular2 Framework und TypeScript schnelle Single Page Apps entwickelt. Die neuen Konzepte von Angular2 zeigen wir dabei nicht nur in der Theorie, sondern ganz praktisch. Dazu entwickeln wir live eine Real-Time Angular2 App, mit der Zuhörer während eines Vortrags – identifiziert durch einen Hash-Tag - Fragen stellen und gegenseitig upvoten können. Der Session Chair kann so am Ende eines Vortrags die bestbewertesten Fragen an den Speaker stellen.
Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...Rodrigo Fior Kuntzer
Slides da minha palestra no TDC Porto Alegre 2017, dentro da trilha DevOps falei sobre infraestrutura imutável aplicada utilizando KOPS, Packer, Ansible, CloudFormation e Kubernetes
CloudStack - Top 5 Technical Issues and TroubleshootingShapeBlue
Cloudstack Top 5 technical issues and troubleshooting. Cloudstack is a mature product in use by companies world-wide. While being associated with CloudStack development for over 5 years, Abhi has come across some technical issues that once in a while affect the CloudStack deployment. This presentation is an effort to put together top 5 such issues, analyze their symptoms, see them from CloudStack architecture perspective and from the distributed nature of cloud orchestration, then look at ways to avoid them and finally be able to troubleshoot if they occur.
This is the second part of the course about Azure Cloud Security. Mainly, how to use powershell to create an infrastructure with a consistent firewalling.
Building clouds with apache cloudstack apache roadshow 2018ShapeBlue
Talk given at Apache Roadshow, FOSS Backstage, Berlin, June 2018
Apache CloudStack is open source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform. This talk will give an introduction to the technology, its history and its architecture. It will look common use-cases (and some real production deployments) that are seen across both public and private cloud infrastructures and where CloudStack can be completed by other open source technologies.
The talk will also compare and contrast Apache Cloudstack with other IaaS platforms and why he thinks that the technology, combined with the Apache governance model will see CloudStack become the de-facto open source cloud platform. He will run a live demo of the software and talk about ways that people can get involved in the Apache CloudStack project.
Building scalable applications with hazelcastFuad Malikov
Hazelcast is popular open source In-Memory Data Grid that is extremely easy to use. This talk will get you familiar with this technology and will give you the essential skills to start using Hazelcast to build scalable and highly available applications. We’ll talk about in-memory computing and scalability. You will learn about the internals of Hazelcast and distributed data structures to power your application. The session will have a live demo.
We'll try to cover as much ground as time permits and get you familiar with the concepts that differentiate this technology from other NoSQL and IMDG solutions. You’ll walk from this session with a unique toolset to tackle hard and challenging distributed system problems.
Bursting into the public Cloud - Sharing my experience doing it at large scal...Igor Sfiligoi
When compute workflow needs spike well in excess of the capacity of a local compute resource, capacity should be temporarily provisioned from somewhere else to both meet deadlines and to increase scientific output. Public Clouds have become an attractive option due to their ability to be provisioned with minimal advance notice. I have recently helped IceCube expand their resource pool by a few orders of magnitude, first to 380 PFLOP32s for a few hours and later to 170 PFLOP32s for a whole workday. In the process we moved O(50 TB) of data to and from the clouds, showing that networking is not a limiting factor, either. While there was a non-negligible dollar cost involved with each, the effort involved was quite modest. In this session I will explain what was done and how, alongside an overview of why IceCube needs so much compute.
Tuesday, August 6th session of the vBrownBag OpenStack Sack Lunch Series: Couch to OpenStack. We cover Cinder, the Block Storage Service that presents volumes to OpenStack instances. Credit to Ken Pepple for the OpenStack Project Diagram
Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso
Example driven way, on how you can easily control provisioning of resources, stream, record video, clip it and embed it in your web site.
Integration of video workflows with search and indexing processor to leverage a complete end-to-end solution like a video sharing portal
[JSDC 2016] Codex: Conditional Modules Strike BackAlex Liu
Netflix runs hundreds of multivariate AB tests a year, many of which help personalize the experience in the UI. This causes an exponential growth in the number of user experiences we serve to members, with each unique experience resulting in a unique JS/CSS bundle. Pre-publishing million of permutations to the CDN for each build of each UI simply does not work at Netflix scale.
Instead, we've taken a novel approach by standing up a brand new Node.js service: Codex. Codex's sole responsibility is to build personalized JS/CSS bundles on the fly for our members as they move through the Netflix user experience. This frees up our UI teams to innovate rapidly on the UI itself, without having to worry about the costs of infrastructure and the complexity of pre-publishing to the CDN.
As we stood up Codex, we learned a ton about building a horizontally scalable Node.js microservice. This talk is the story of how we built, designed, and scaled that service to meet the needs of our 80 million customers.
This talk demonstrates how to develop single page apps with the new angular2 framework and TypeScript. We show the new concepts of angular2 not only in theory, but using a real application. To this end, we develop a real-time angular2 website, for users to to ask and upvote questions during a talk identified by a hash tag. The session chair can ask the most popular questions at the end of the talk.
Dieser Vortrag zeigt, wie man mit dem neuen Angular2 Framework und TypeScript schnelle Single Page Apps entwickelt. Die neuen Konzepte von Angular2 zeigen wir dabei nicht nur in der Theorie, sondern ganz praktisch. Dazu entwickeln wir live eine Real-Time Angular2 App, mit der Zuhörer während eines Vortrags – identifiziert durch einen Hash-Tag - Fragen stellen und gegenseitig upvoten können. Der Session Chair kann so am Ende eines Vortrags die bestbewertesten Fragen an den Speaker stellen.
Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...Rodrigo Fior Kuntzer
Slides da minha palestra no TDC Porto Alegre 2017, dentro da trilha DevOps falei sobre infraestrutura imutável aplicada utilizando KOPS, Packer, Ansible, CloudFormation e Kubernetes
CloudStack - Top 5 Technical Issues and TroubleshootingShapeBlue
Cloudstack Top 5 technical issues and troubleshooting. Cloudstack is a mature product in use by companies world-wide. While being associated with CloudStack development for over 5 years, Abhi has come across some technical issues that once in a while affect the CloudStack deployment. This presentation is an effort to put together top 5 such issues, analyze their symptoms, see them from CloudStack architecture perspective and from the distributed nature of cloud orchestration, then look at ways to avoid them and finally be able to troubleshoot if they occur.
This is the second part of the course about Azure Cloud Security. Mainly, how to use powershell to create an infrastructure with a consistent firewalling.
Building clouds with apache cloudstack apache roadshow 2018ShapeBlue
Talk given at Apache Roadshow, FOSS Backstage, Berlin, June 2018
Apache CloudStack is open source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform. This talk will give an introduction to the technology, its history and its architecture. It will look common use-cases (and some real production deployments) that are seen across both public and private cloud infrastructures and where CloudStack can be completed by other open source technologies.
The talk will also compare and contrast Apache Cloudstack with other IaaS platforms and why he thinks that the technology, combined with the Apache governance model will see CloudStack become the de-facto open source cloud platform. He will run a live demo of the software and talk about ways that people can get involved in the Apache CloudStack project.
Building scalable applications with hazelcastFuad Malikov
Hazelcast is popular open source In-Memory Data Grid that is extremely easy to use. This talk will get you familiar with this technology and will give you the essential skills to start using Hazelcast to build scalable and highly available applications. We’ll talk about in-memory computing and scalability. You will learn about the internals of Hazelcast and distributed data structures to power your application. The session will have a live demo.
We'll try to cover as much ground as time permits and get you familiar with the concepts that differentiate this technology from other NoSQL and IMDG solutions. You’ll walk from this session with a unique toolset to tackle hard and challenging distributed system problems.
Bursting into the public Cloud - Sharing my experience doing it at large scal...Igor Sfiligoi
When compute workflow needs spike well in excess of the capacity of a local compute resource, capacity should be temporarily provisioned from somewhere else to both meet deadlines and to increase scientific output. Public Clouds have become an attractive option due to their ability to be provisioned with minimal advance notice. I have recently helped IceCube expand their resource pool by a few orders of magnitude, first to 380 PFLOP32s for a few hours and later to 170 PFLOP32s for a whole workday. In the process we moved O(50 TB) of data to and from the clouds, showing that networking is not a limiting factor, either. While there was a non-negligible dollar cost involved with each, the effort involved was quite modest. In this session I will explain what was done and how, alongside an overview of why IceCube needs so much compute.
Tuesday, August 6th session of the vBrownBag OpenStack Sack Lunch Series: Couch to OpenStack. We cover Cinder, the Block Storage Service that presents volumes to OpenStack instances. Credit to Ken Pepple for the OpenStack Project Diagram
Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso
Example driven way, on how you can easily control provisioning of resources, stream, record video, clip it and embed it in your web site.
Integration of video workflows with search and indexing processor to leverage a complete end-to-end solution like a video sharing portal
Kubernetes Story - Day 3: Deploying and Scaling Applications on OpenShiftMihai Criveti
Day 3: OpenShift, CodeReady Containers and Operators https://www.youtube.com/watch?v=0txK3icU2Pg
Experience new tools to build, manage and deploy containerized applications following best practices. Learn how to build containers locally with podman, skopeo and buildah, publish and scan containers for vulnerabilities - and deploy containerized applications locally or on cloud using Kubernetes and OpenShift!
Mihai will take you through the process of:
Day 1 = Build: Building and running container images locally with podman, skopeo and buildah. Building containers for years or just getting started? Check out these new tools that help you build and run containers locally, and how they can help you get started with Kubernetes and OpenShift.
Learn some of the best practices on how you can build containers that run as regular users and how to automate the container build process using buildah. Learn about the Universal Base Image and how you can start your image builds from a known, trusted source.
and then over the next two Fridays the story will evolve as follows...
Day 2 = Publish: Publishing container images to quay.io and scanning containers for vulnerabilities and container best practices
Day 3 = Deploy: Getting started with OpenShift using CodeReady Containers or OKD and deploying containers on a Kubernetes Platform (Red Hat OpenShift / OKD / CRC)
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...VMworld
VMworld 2013
Nan Liu, VMware
Nicholas Weaver, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Hoy SharePoint tiene nuevas modalidades de implementación. Tanto Office, como SP en Azure, se transforman en flexibles formas de generación de Comunidades de Contenido.
VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013Puppet
"VMware vCHS, Puppet, and Project Zombie" by Nicholas Weaver, Cloud Automation Architect, Hybrid Cloud Service, VMware.
Speaker Bio: Nicholas Weaver is the Cloud Automation Architect for VMware's vCloud Hybrid Service (vCHS) platform and the primary architect behind the vCHS automation framework (Project Zombie). He is also a co-creator of the Puppet Labs Razor project and many VMware-specific free tools. He previously worked in the CTO office for EMC, in the EMC field as a vSpecialist, and as a infrastructure engineer in financial, media, and retail companies. Nick loves software-driven control, hacking prototypes together, speaking at user groups, and demonstrating automation innovation to the masses. Nick can be found on Twitter and Github as @lynxbat.
Paul Angus (ShapeBlue) - Push infrastructure with Ansible #DOXLONOutlyer
Ansible is one of the new breed of tools that encompasses configuration management, orchestration and software defined infrastructure. Find out how many companies are spinning up entire environments from source code including vm's, networks, dns, firewalls, load balancers etc.
Video: https://www.youtube.com/watch?v=unPVe2pcego
Join DevOps Exchange London here: http://www.meetup.com/DevOps-Exchange-London
Follow DOXLON on twitter http://www.twitter.com/doxlon
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Tenchi Security
Slides of the talk presented at DEF CON Cloud Village on August 12th, 2022 by Alexandre Sieira. Contains research content from Glaysson Tomaz and Marcelo Lima as well.
Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools.
The timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research.
In this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals.
The objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Alexandre Sieira
Slides of the talk presented at DEF CON Cloud Village on August 12th, 2022 by Alexandre Sieira. Contains research content from Glaysson Tomaz and Marcelo Lima as well.
Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools.
The timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research.
In this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals.
The objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.
Kubernetes - Using Persistent Disks with WordPress and MySQLpratik rathod
Use Kubernetes as a persistent disk to avoid killed services in PHP, WordPress or any web module using Google cloud platform. We use this open source container cluster manager to deploy CMS like WordPress and database server like MySQL.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
Enrique lima azure-it-pro-ps
1. The road to Azure for IT Pros goes through
PowerShell
idea. plan. deliver.
idea. plan. deliver.
Enrique Lima
Principal Consultant
2. idea. plan. deliver.
Who am I?
• Enrique Lima
• enrique@thinkalm.com
• Principal Consultant / Owner
• Microsoft v-TSP BPIO / CoreIO / APPIO
• Microsoft Community Contributor
• Member of the Geekswithblogs.net Community - Influencer
▫ http://geekswithblogs.net/enriquelima
• @enriquelima - twitter.com/enriquelima
• Member of INETA
8. idea. plan. deliver.
Windows
Comprehensive set of services that
enable you to quickly build, deploy and
manage applications across a global
network of Microsoft-managed
datacenters
10. idea. plan. deliver.
Per-hour license in the cloud
idea. plan. deliver.
What about licensing?
Windows
Server
Application License Mobility (SA)
Per-hour license in the cloud (select few)
Microsoft
Applications
Based upon vendor and product
External
Applications
24. idea. plan. deliver.
Simple VM Creation
First Virtual Machine in a NEW Cloud Service (-Location specified)
New-AzureQuickVM -Windows -ServiceName $svc -Name $vm1 -ImageName $wimg -Location $location -Password
$pwd
New Virtual Machine in an Existing Cloud Service (no –Location)
New-AzureQuickVM-Windows -ServiceName $svc -Name $vm2 -ImageName $wimg -Password $pwd
Creating a Linux Virtual Machine in an Existing Cloud Service
New-AzureQuickVM -Linux -ServiceName $svc -Name $vm3 -ImageName $limg -LinuxUser $lu -Password $pwd
25. idea. plan. deliver.
Configuring VM at Provisioning
Create Configuration Object with New-AzureVMConfig
Modify with Add-* cmdlets
Add with New-AzureVM
New-AzureVMConfig -Name $vm1 -InstanceSize Medium -ImageName $img |
Add-AzureProvisioningConfig -Windows -Password $pwd |
Add-AzureDataDisk -CreateNew -DiskLabel 'data' -DiskSizeInGB 10 -LUN 0 |
Add-AzureEndpoint -Name 'web' -PublicPort 80 -LocalPort 80 -Protocol tcp |
New-AzureVM -ServiceName $newSvc -Location $location
39. idea. plan. deliver.
Batch Updates to Running VMs
Remove RDP and Add New Storage Across all Web Front Ends
Get-AzureVM-ServiceName $svc | Where { $_.Name -match 'wfe' } | foreach {
$_ |
Remove-AzureEndpoint -Name 'rdp' |
Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -LUN 1 -DiskLabel 'newstorage' |
Update-AzureVM
}
40. idea. plan. deliver.
Capturing a Virtual Machine as a new Image
Capture Sys-Prepped VM into a new Image (Deletes the Source VM)
Save-AzureVMImage -ServiceName $cloudSvcName -Name 'myvm1'
-NewImageName 'Image Name'
43. idea. plan. deliver.
ON-PREMISES
CONSISTENT
PLATFORM
1
MICROSOFT SERVICE PROVIDER
Modern platform for the world’s apps
44. idea. plan. deliver.
idea. plan. del4iv5er.
Consistent experiences
SERVICE MGMT
PORTAL & API
CONSISTENT
1PLATFORM
WEB SITES SERVICE BUS
Reliable Messaging
Standards Based
Cross Cloud
Fully self-service
Web Application PaaS
Highly Scalable
Dev-ops optimized
Integrated SCC
Fully self-service
VIRTUAL
MACHINES
IaaS - Elastic Tiers
Virtual Networks
Window and Linux
Gallery of apps
Fully self-service
Azure Consistent
Federated Identities
Active Directory
Standards Based
Device Friendly
ON-PREMISES
MICROSOFT SERVICE PROVIDER
45. idea. plan. deliver.
idea. plan. deliver.
Finished Services
Web Sites
Service Management Portal
Controller
(Web farm framework)
Web Farm
Front-end/Workers
(Application Request Routing/Dynamic
Windows Process Activation Service )
High density and scalable
Easy deployment and
administration
Fully self-service
Service Management API
Virtual Machines
Service Provider Foundation API
Offer preconfigured
workloads
Windows and Linux
Fully self-service
Service Bus
Gateway
Reliable Messaging
Standards based
Fully self-service
System Center
(Virtual Machine Manager Component)
Message Broker Service
Windows Server Windows Server
Windows Server
Web Sites Virtual Machines Service Bus
46. idea. plan. deliver.
Future
Services
Customer Service Provider
Service
Bus
R2 w/ Service Provider Foundation
idea. plan. deliver.
Service
Plans
Users Provider
VMs SQL
Web
Sites
Portal
Consumer
Self-Service
Portal
Web Sites
Apps
Database
VMs
Self Service Portal Moves
On-Premises
Common Mgt.
Experience
Cloud-Enabled Services
Move On-Premises
Workloads
Consistent Dev.
Experience
Cloud OS Consistent Experiences
Other
Services
CDN.
Media,, etc.
Caching
Windows Azure
Service
Bus
VMs SQL
Web
Sites
Web Sites
Apps
Database
VMs
Worker
Role
Subscriber
Self-Service
Portal
R2
47. idea. plan. deliver.
idea. plan. deliver.
Service Consumers
Consume infrastructure and apps
from service providers as “off the shelf” solutions
Service Providers
Offer and administer services
that are provided to customers
self-service administration
acquire capacity on demand
empowered operations
predictable costs
get up & running quickly
extreme focus on cost
maximize per-customer profit
hardware efficiency
automate everything
differentiate on SLAs
49. idea. plan. deliver.
Web Sites
Build highly scalable web applications
Iterate with integrated source control
Manage your app with real-time
telemetry
Scale up with one click
Support for .Net, Node.js, PHP, Python
50. idea. plan. deliver.
Service Bus
Messaging service for cloud apps
Guaranteed message delivery
Publish-subscribe messaging patterns
Standard protocols (REST, AMQP, WS*)
Interoperability (.NET, Java/JMS, C/C++)
Now integrated with management portal
51. idea. plan. deliver.
Virtual Machines
Windows Azure-consistent IaaS
- User Experience & API
Virtual Machine Roles
- Portable
- Elastic
- Gallery
- Windows and Linux Support
Virtual Networks
- Site to Site connectivity
- Tenant supplied IP addresses
52. idea. plan. deliver.
Additional Services
Identity
- Active Directory
- ADFS Federation
- Co-administrators
Database Services
- SQL Server
- MySQL
Custom services from provider
Programmatic access to cloud services
- Windows Azure Consistent REST APIs
54. idea. plan. deliver.
Administration
Offer Services to Tenants via
Plans
Provide Add-ons to subscriptions
Manage subscriptions
Administer Services
Extend and customize
55. idea. plan. deliver.
Automation
Optimize and extend services using
runbooks
Powershell workflows
Web-based runbook authoring
Manage runbooks and jobs
Integrates with other systems
including System Center
56. idea. plan. deliver.
Usage and Reporting
Continuous usage metering per
tenant subscription
Per-subscription Billing APIs
IaaS Data Warehouse
Server Inventory Reports
60. idea. plan. deliver.
Credits and Information
• Windows Azure Training Kit
• MVA: What’s New in System Center 2012 R2 Jump Start
Special acknowledgement to:
• David Aiken
• Jeffrey Snover
• Jason Helmick
• Symon Perriman
Resources:
http://msdn.microsoft.com/en-us/library/windowsazure/jj156055.aspx
http://msdn.microsoft.com/en-us/library/windowsazure/jj152841.aspx
Slide Objectives:
Describe the various computing patterns that are good for Cloud Computing
Speaking Points:
There are numerous terms and definitions floating around in the industry for “the cloud”, “cloud computing”, “cloud services”, etc.
Microsoft thinks of the cloud as simply an approach to computing that enables applications to be delivered at scale for a variety of workloads and client devices.
The cloud can help deliver IT as a standardized service…freeing you up to focus on your business
Cover the workloads in the slide
Slide Objectives:
Explain the three established terms in the industry for cloud services
Speaking Points:
With this in mind, it’s important to understand how to talk about our Cloud Services offerings.
There is a lot of confusion in the industry when it comes to the cloud.
It’s important that you understand both what is happening in the industry and how we think about the cloud.
This is the most commonly used taxonomy for differentiating between types of cloud services.
The industry has defined three categories of services:
IaaS – a set of infrastructure level capabilities such as an operating system, network connectivity, etc. that are delivered as pay for use services and can be used to host applications.
PaaS – higher level sets of functionality that are delivered as consumable services for developers who are building applications. PaaS is about abstracting developers from the underlying infrastructure to enable applications to quickly be composed.
SaaS – applications that are delivered using a service delivery model where organizations can simply consume and use the application. Typically an organization would pay for the use of the application or the application could be monetized through ad revenue.
It is important to note that these 3 types of services may exist independently of one another or combined with one another.
SaaS offerings needn’t be developed upon PaaS offerings although solutions built on PaaS offerings are often delivered as SaaS.
PaaS offerings also needn’t expose IaaS and there’s more to PaaS than just running platforms on IaaS.
Slide Objectives:
Explain the differences and relationship between IaaS, PaaS, and SaaS in more detail.
Speaking Points:
Here’s another way to look at the cloud services taxonomy and how this taxonomy maps to the components in an IT infrastructure.
Packaged Software
With packaged software a customer would be responsible for managing the entire stack – ranging from the network connectivity to the applications.
IaaS
With Infrastructure as a Service, the lower levels of the stack are managed by a vendor. Some of these components can be provided by traditional hosters – in fact most of them have moved to having a virtualized offering.
Very few actually provide an OS
The customer is still responsible for managing the OS through the Applications.
For the developer, an obvious benefit with IaaS is that it frees the developer from many concerns when provisioning physical or virtual machines.
This was one of the earliest and primary use cases for Amazon Web Services Elastic Cloud Compute (EC2).
Developers were able to readily provision virtual machines (AMIs) on EC2, develop and test solutions and, often, run the results ‘in production’.
The only requirement was a credit card to pay for the services.
PaaS
With Platform as a Service, everything from the network connectivity through the runtime is provided and managed by the platform vendor.
The Windows Azure best fits in this category today.
In fact because we don’t provide access to the underlying virtualization or operating system today, we’re often referred to as not providing IaaS.
PaaS offerings further reduce the developer burden by additionally supporting the platform runtime and related application services.
With PaaS, the developer can, almost immediately, begin creating the business logic for an application.
Potentially, the increases in productivity are considerable and, because the hardware and operational aspects of the cloud platform are also managed by the cloud platform provider, applications can quickly be taken from an idea to reality very quickly.
SaaS
Finally, with SaaS, a vendor provides the application and abstracts you from all of the underlying components.
Slide Objectives:
Provide a high level summary of Windows Azure and what it enables at a high level
Speaking Points:
What is Azure?
Flexible
Windows Azure is now more flexible then ever before
Windows Azure helped pioneer the concept of Platform as a Service
It provides a rich set of managed services enabling you to compose applications.
We’re now making those services richer.
With the June update we have now have enabled infrastructure as a service.
Including the ability to host and deploy durable virtual machines in the cloud running both Windows and Linux
Open
Some of you maybe surprised to hear Linux at a Microsoft conference.
Our support of Linux is just one example of how we’re embracing openness in a fundamental new way.
With the June release we are supporting more operating systems, more languages, and more open protocols
Releasing all of the Azure SDKs on GitHub under an open source license.
Summary
We believe the end result is truly a unique model
You can now use both platform as a service and infrastructure as a service *together*
You can now use the best of the Microsoft ecosystem and the best of the open source ecosystem *together*
Enabling you to build better and more scalable solutions.
Notes:
Comprehensive set of services that enable you to build, host and scale applications in Microsoft datacenters
Windows Azure is an open and flexible cloud platform that enables you to quickly build, deploy and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool or framework. And you can integrate your public cloud applications with your existing IT environment.
Slide Objectives:
Discuss the instance sizing and costs
Speaking Points:
Slide Objective:
You need an availability set for a 99.95% SLA
Notes:
Without at least two virtual machines performing the same workload grouped into an availability set you get a 99.95% SLA.
Slide Objectives:
Speaking Points:
Windows Azure runs on datacenters around the world
Enabling you to deploy and run applications and infrastructure close to your customers.
Notes:
Windows Azure services such as compute and storage are now available in 8 worldwide datacenters with an additional 24 Content Delivery Network endpoints.
You can’t have a real cloud without a data center.
Slide Objectives:
Discuss Windows Azure Country Availability
Speaking Points:
Windows Azure is now available in over 89 countries and territories.
Anyone within these countries can sign up for a free trial or a paid subscription to use Windows Azure services
Of course you can build and deliver solutions to any of your customers worldwide
Slide Objectives:
Describe the three main feature components of Windows Azure that will be discussed through the rest of the presentation. You should state to the audience you will not be covering Mobile Services or Media Services, so you might want to spend a little more time now to explain these.
Slide Objectives:
Explain how to setup a subscription
Notes:
The .publishsettings file contains your subscription information, the service endpoint, subscription name and certificate. Once downloaded the Import-AzurePublishSettingsFile cmdlet will install the certificate and configure your PowerShell environment.
Slide Objectives:
Use this method if you want to specify a certificate that you have created on your own.
Slide Objectives:
Explain where subscription settings are persisted
Notes:
The subscription XML file supports multiple subscriptions. You can use a single PowerShell session to administer VMs and services across all of your configured subscriptions.
Slide Objectives:
Explain how to switch contexts when scripting against multiple subscriptions
Notes:
Get-AzureSubscription returns all configured subscriptions and Select-AzureSubscription sets the current subscription
Slide Objectives:
Explain how to set the current storage account that the cmdlets will use.
Notes:
Certain cmdlets like New-AzureVM or New-AzureQuickVM require the user to specify the storage account to use. Since each subscription can contain multiple storage accounts the property name to set is CurrentStorageAccount. This allows you to easily change the storage account for the next operation.
Slide Objectives:
To create a VM you either need to start with an Image or Disk and specify the location where to place the VM.
Slide Objectives:
Show three examples that show a key component of using the cmdlets.
Notes:When you specify -Location or -AffinityGroup the cmdlets will attempt to create a new cloud service to deploy the VM to.
If you do not specify either the cmdlets assume the cloud service exists in the current subscription.
Slide Objectives:
With PowerShell you can configure various settings in a batch
Notes:
New New-AzureVMConfig and New-AzureVM to allow a batched creation of a VM.
New-AzureVMConfig returns a configuration object that is then passed to other cmdlets to modify via the PowerShell pipeline.
Finally, it is passed to New-AzureVM where the VM is created with all of the configuration specified.
Slide Objectives:
It is also possible to create multiple configuration objects for multiple VMs and pass them to the New-AzureVM cmdlet as an array.
Slide Objectives:
Another example of batch VM creation: using an array/loop to create multiple VMs
Slide Objectives:
Explain other common settings used to provision a VM
Slide Objectives:
The Add-AzureProvisioningConfig cmdlet supports two parameter sets for Windows.
Notes:
-Windows allows just setting the password of the VM on boot.
-WindowsDomain allows you to specify all of the settings necessary to have the VM join the domain on boot. This scenario only works in a VNET environment where the DNS specified knows how to have the VM find the domain controller.
-DisableAutomaticUpdates allows for disabling automatic updates by default. Available to both parameter sets.
-NoRDPEndpoint does not create the RDP endpoint on creation. Of course you can add this later through PS or the Portal.
-TimeZone allows you to specify the VMs timezone on provisioning.
-Certificates allows you to automatically install certificates on the VM on provisioning. Note: the certificates must already be installed in the cloud service. For an example: http://michaelwasham.com/2012/08/23/deploying-certificates-with-windows-azure-virtual-machines-and-powershell/
Slide Objectives:
The Add-AzureProvisioningConfig cmdlet supports one parameter set for Linux
Notes:
The Linux parameter set requires specifying the user name and also allows for disabling SSH on the Linux VM or just not adding the SSH endpoint.
Additionally, you can deploy SSH certificates as long as they are already in the cloud service.
Slide Objectives:
Deploying into a Virtual Network requires multiple settings.
Notes:
When configuring the VM you must specify the subnet using the Set-AzureSubnet cmdlet.
You can only specify the VNET and DNS settings for a cloud service on the creation of the first VM. If you add a second VM to the cloud service it will inherit the networking settings.
Slide Objectives:
In this example we’re specifying two AD/DNS servers – one that lives on our on-premises environment and the other is a DC that lives in the cloud.
Notes:
You can pass the DNS names when calling New-AzureVM. Also required is the VNET that establishes the hybrid connectivity.
Slide Objectives:
Show different methods of discovering virtual machines
Slide Objectives:
Explain storage options
Slide Objectives:
Show examples of configuring storage
Notes:
The first example creates a new VM with a 10GB disk attached.
The second example gets an existing VM, adds a 10GB disk to it and updates it live.
Slide Objectives:
Explain disk caching defaults and how to modify it
Notes:
By default OS disks have read / write caching enabled and data disks have no caching.
You can use Set-AzureOSDisk or Set-AzureDataDisk to modify these settings at run time. Set-AzureOSDisk requires a reboot.
Slide Objectives:
Demonstrate how to configure network endpoints on a VM
Slide Objectives:
Numerous examples that show how to filer output from the disk and image repository.
Slide Objectives:
Show how you can iterate through a list of VMs (like all VMs that have a name starting with wfe and perform an update such as adding a new disk and removing an endpoint.
Slide Objectives:
Show how to capture a VM
Slide Objectives:
Operations allowed from PowerShell for updating an modifying VNET Settings.