Enterprise security kubernetes

•Download as PPTX, PDF•

0 likes•90 views

The document discusses enterprise security for containers and Kubernetes. It introduces containers and their advantages over virtual machines. It then discusses Docker and Kubernetes, the main tools for managing containers. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. The document outlines some key Kubernetes concepts like pods, services, and replica sets. It emphasizes the importance of enterprise-level security and describes some features of Azure Kubernetes Service (AKS) that provide security, such as private load balancers, virtual networks, and traffic policies for ingress, egress, and east-west traffic. It also discusses mitigating Layer 4 and 7 attacks.

Software

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Enterprise security in the era of containers and
Kubernetes
• Karthikeyan VK
• Twitter: @Karthik3030
• Blogs.karthikeyanvk.in

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
What is a Container?
Windows Containers provide operating system virtualization that allows
multiple isolated applications to be run on a single system.

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Difference between Containers and VMs

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Why Containers ?

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Why Containers?
• Transforming existing applications into cloud Is Hard!
• Building Hybrid Cloud applications Is Hard!
• Think about building solutions that should be deployed in Azure, AWS
& GCP at the same time

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
What is Docker ?
• Docker is an open platform for developing, shipping, and running
applications

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
DEMO !!!

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
What is Kubernetes ?
• Kubernetes is an open-source system for automating deployment, scaling,
and management of containerized applications.
• Orchestrator for Containers

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
What is Kubectl ?
• Kubectl is a command line interface for running commands against
Kubernetes clusters.

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
What is Pod?
• A Kubernetes pod is a group of containers that are deployed together on
the same host.

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
What is Kubernetes Service?
• A Kubernetes Service is an abstraction which defines a logical set of Pods and a
policy by which to access them

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
What is Kubernetes Replica Sets?
• Replica Set ensures how many replica of pod should be running. It can be
considered as a replacement of replication controller.

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Why Enterprise Level Security

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Enterprise Level Security Features in AKS
• Private Load Balancer
• Virtual Network
• L4 & L7 Capabilities
• Control Egress Traffic
• Control Ingress Traffic
• East-West Traffic Policies
• Whitelisting IP Addresses

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
L4 & L7 Security

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
L4 & L7 Security
• L4 denotes TCP/UDP layer, where the network is flooded with packets of
unnecessary data to enable Denial of Service Attack
• L7 Denotes Application layer, where the API call is bombarded with unnecessary
GET, POST.
• Can be mitigated using application gateway or web application firewall of azure.

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Ingress Traffic
• Traffic originating from external network
• Limit the traffic with ingress policies
• Controlled by setting which domain or which ip is allowed inside the network

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Ingress Traffic

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Egress Traffic
• Traffic originating from internal network to Internet
• Limit the traffic with 3rd party firewall

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
East-west Traffic
• Traffic between containers
• Think of one pod or container has been exploited.
• East-West traffic control is very important.

Twitter: @Karthik3030
Blogs.karthikeyanvk.in
Whitelisting IP Addresses
• Control who should access
• Http routing is disabled by default
• Helps in avoiding unnecessary access and port scanning

Search, Observe, Protect with native Elasticsearch capabilities on Azure, regardless of whether you’re targeting Azure as your cloud, hybrid, or multi-cloud. Join the creators of the Elastic Stack and Microsoft product experts to learn best practices around deployment, scaling, and security — from self-hosted VMs to using the fully managed Elasticsearch Service in this demo-heavy session. Also, get a sneak peek at what's next for Elastic on Microsoft Azure.

FAUG Jyväskylä 28.5.2019 - Azure Monitoring

Karl Ots

Microservices are on the cusp of becoming the dominant style of software architecture in the enterprise. The benefits that are realized—increased developer velocity, improved organizational agility, and reduced time-to-market of new services—are a powerful catalyst that is driving this transformation. As practitioners, how do we successfully fit microservices into the models and processes we already have in place? Join Tom Kerkhove, an Azure Architect with many years of experience helping enterprises make this exact transition, for a hands-on experience demonstrating how he helps enterprises make the transition to API-first architectures and microservices in a hybrid, multi-cloud world.

WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem

WSO2

The WSO2 ecosystem consists of several types of identities with different characteristics. Among them are customer identities, open-source community identities and the employee identities. The objective of this project was to design and implement a secure, state of the art identity and access management (IAM) system using WSO2 technology. There are many systems in WSO2 that require authentication, authorization and provisioning. Users have to maintain many complex passwords; administrators have to manage a large number of authorizations and provisioning. Another problem with current architecture is that it is tightly bound to email addresses. If the user changes the email address, his identity will be lost. This session will discuss how we built a state of the art identity and access management program that addresses the above problems using WSO2 Identity Server.

IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...

Tom Kerkhove

The user s identities

Giuliano Latini

Shift Left - How to improve your security with checkov before it’s going to p...

Anton Grübel

Amazon CloudWatch RUM for monitoring applications’ client-side performance

Dhaval Soni

modeveast 2012 Appcelerator Alloy & Cloud Services Presentation

Aaron Saunders

Building serverless integration solutions with Microsoft Azure

BizTalk360

Gearing up for mobile push notifications

Keith Moore

Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...

Dynatrace

Using cloud providers in new light for the brave new API-first world of devel...

Shamasis Bhattacharya

UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...

Karl Ots

As presented on 22th of November 2018 in Prague. Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario.

Bevywise IoT Platform

Ranjith Kumar

Amazon Virtual Private Cloud (VPC) customers can now create IPv6-only subnets...

Dhaval Soni

Starting today, Amazon Virtual Private Cloud (VPC) allows you to create IPv6-only subnets in your dual-stack VPCs and launch EC2 instances built on Nitro System in these subnets. The launch of IPv6-only subnets allows customers to scale their deployments on AWS by not requiring any IPv4 addressing in the subnet. With a /64 IPv6 CIDR assignment to the subnet, it accommodates approximately 18 quintillion IP addresses for applications.

Axway's Journey to the Cloud

Axway

As change agents for data integration, keeping pace and adapting quickly to today’s fast and fluid digital customer compelled Axway’s globally distributed R&D team to move their DevOps to the cloud. See how they leveraged Gitlab and other value stream tooling to drive their digital transformation from an on-premise Internet Service Provider to a Cloud Provider. Follow their Continuous Integration to Continuous Security and Delivery journey to learn how they: - Achieve 26x faster release cycles and 100% developer adoption - Enable collaboration for multiple teams across continents and timezones - Simplified their source code repository administration - Implemented world-class integrations and flexible API-enabled, seamless workflows

apidays LIVE Paris - Serverless security: how to protect what you don't see? ...

apidays

Amazon SQS Announces Server-Side Encryption with Amazon SQS-managed encryptio...

Dhaval Soni

WSO2Con ASIA 2016: Understanding the WSO2 API Management Platform

WSO2

Amazon Lambda & API-GW

Amazon Web Services

Azure container instances

Karthikeyan VK

Azure devspaces

Karthikeyan VK

What's hot

Sumo Logic AWS CloudTrail Application

Ariel Smoliar

Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...

Tom Kerkhove

WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem

WSO2

IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...

Tom Kerkhove

The user s identities

Giuliano Latini

Shift Left - How to improve your security with checkov before it’s going to p...

Anton Grübel

Amazon CloudWatch RUM for monitoring applications’ client-side performance

Dhaval Soni

modeveast 2012 Appcelerator Alloy & Cloud Services Presentation

Aaron Saunders

Building serverless integration solutions with Microsoft Azure

BizTalk360

Gearing up for mobile push notifications

Keith Moore

Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...

Dynatrace

Using cloud providers in new light for the brave new API-first world of devel...

Shamasis Bhattacharya

UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...

Karl Ots

Bevywise IoT Platform

Ranjith Kumar

Amazon Virtual Private Cloud (VPC) customers can now create IPv6-only subnets...

Dhaval Soni

Axway's Journey to the Cloud

Axway

apidays LIVE Paris - Serverless security: how to protect what you don't see? ...

apidays

Amazon SQS Announces Server-Side Encryption with Amazon SQS-managed encryptio...

Dhaval Soni

WSO2Con ASIA 2016: Understanding the WSO2 API Management Platform

WSO2

Amazon Lambda & API-GW

Amazon Web Services

What's hot (20)

Sumo Logic AWS CloudTrail Application

Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...

WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem

IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...

The user s identities

Shift Left - How to improve your security with checkov before it’s going to p...

Amazon CloudWatch RUM for monitoring applications’ client-side performance

modeveast 2012 Appcelerator Alloy & Cloud Services Presentation

Building serverless integration solutions with Microsoft Azure

Gearing up for mobile push notifications

Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...

Using cloud providers in new light for the brave new API-first world of devel...

UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...

Bevywise IoT Platform

Amazon Virtual Private Cloud (VPC) customers can now create IPv6-only subnets...

Axway's Journey to the Cloud

apidays LIVE Paris - Serverless security: how to protect what you don't see? ...

Amazon SQS Announces Server-Side Encryption with Amazon SQS-managed encryptio...

WSO2Con ASIA 2016: Understanding the WSO2 API Management Platform

Amazon Lambda & API-GW

Similar to Enterprise security kubernetes

Azure container instances

Karthikeyan VK

Azure devspaces

Karthikeyan VK

ADDO 2020: "The past, present, and future of cloud native API gateways"

Daniel Bryant

An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer. Join this session to learn about: The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols Strategies for exposing Kubernetes services and APIs at the edge of your system A brief guide to the (potential) future of cloud native API gateways

Attacking and Defending Kubernetes - Nithin Jois

OWASP Hacker Thursday

Service Discovery: From Classic to VPC

Mark Corwin

As SeatGeek's traffic continues to grow, so too has its infrastructure needs. Recent expansion of the operations team has allowed us to replace our existing service discovery solution with Consul, improving our ability to scale and manage an elastic cloud environment. At the same time,we saw this opportunity to migrate from EC2 Classic to VPC and take advantage of AWS's latest offerings. In this talk, we will discuss Consul, the problems it has solved, and adoption issues that surfaced along the way. In addition, we will also highlight our experiences with VPC, including setup, routing, access control, and migration with the extremely useful EC2 ClassicLink. PDF with presenter notes and links can be found here: http://bit.ly/1OH7HC0

Nodeless and serverless kubernetes

Nills Franssens

SFSCON23 - Andrea Alfonsi - Kubernetes for IoT

South Tyrol Free Software Conference

How kubernetes can help you quickly and automatically test and deploy new services While Kubernetes is primarily associated with managing cloud-native applications and microservices, it can also play a role in IoT deployments. Here are a few reasons why Kubernetes is relevant in the context of IoT: 1 Scalability: IoT systems often involve a large number of devices generating massive amounts of data. Kubernetes provides automatic scaling capabilities, allowing IoT applications to scale horizontally by adding or removing instances based on demand. This helps manage the increasing workload efficiently. 2 Resilience and High Availability: IoT applications require high availability to ensure uninterrupted operations. Kubernetes offers features like load balancing, fault tolerance, and self-healing capabilities. It can automatically restart failed containers or replace them with healthy instances, ensuring that IoT services remain available and resilient. 3 Resource Optimization: IoT deployments typically involve a mix of hardware devices with varying capabilities. Kubernetes can optimize resource utilization by efficiently distributing workloads across devices. It allows you to define resource constraints and priorities, ensuring that devices with higher capabilities handle more demanding tasks. 4 Service Discovery and Load Balancing: In an IoT ecosystem, devices and services need to discover and communicate with each other. Kubernetes provides built-in service discovery mechanisms, such as DNS-based service discovery and load balancing, allowing devices to locate and interact with services dynamically. 5 Security and Updates: Security is a crucial aspect of IoT systems, and Kubernetes helps in managing security at scale. It provides features like role-based access control (RBAC), network policies, and secret management to enforce security measures across IoT deployments. Additionally, Kubernetes facilitates rolling updates, allowing for seamless updates and patches without downtime. 6 Flexibility and Portability: Kubernetes abstracts the underlying infrastructure, enabling IoT applications to be deployed consistently across different environments, whether it’s on-premises, in the cloud, or at the edge. This flexibility allows organizations to migrate or distribute their IoT workloads as needed, making it easier to adopt hybrid or multi-cloud strategies

Breaking The Cloud Kill Chain

Puma Security, LLC

Organizations are moving data and applications into public cloud services at a rapid pace. As the public cloud footprint expands, red teams and attackers are reinventing the kill chain in the cloud. Public cloud services provide new, creative ways to discover assets, compromise credentials, move laterally, and exfiltrate data. In this keynote, we explore common techniques from the MITRE ATT&CK Cloud Matrix. For each technique, attendees will analyze misconfigurations, exploitation paths, and common architecture patterns for breaking the kill chain.

GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"

Daniel Bryant

Many engineers are confused about how a cloud-native API gateway relates to Kubernetes Ingress or a Service load balancer. This talk will unravel this confusion. An API gateway is at the core of how APIs are managed, secured and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud-native space. Join the expert to experts Daniel Bryant in uncovering the evolution of API gateways over the past ten years and how the original problems they were solving have shifted in relation to cloud-native technologies and workflow. Current challenges of using an API gateway within Kubernetes: scaling the developer workflow, and supporting multiple architecture styles and protocols In this talk, you'll learn: How the evolution of API gateways looks Strategies for exposing Kubernetes services and APIs at the edge of your system A brief guide to the (potential) future of cloud-native API gateways

From Containerized Application to Secure and Scaling With Kubernetes

Shikha Srivastava

Discuss following: What does it really take to make sure your application is production ready? With new privacy regulations being added, many aspects need to be taken into account when deciding when to deliver your final application is ready for production. Can your application handle multiple users with different levels of access? Can you extend your application to use existing authentication and authorization platforms? Have you invested in using Mutual TLS for communication between components? How do you manage the certificates and passwords used within your product? Is CICD your friend or your enemy when it comes to delivering your product? Have you considered the availability and scalability of the application?

Top 10 real life WebSocket use cases & experiences - Devoxx UK 2015

Rich Cullen

This talk walks you through 10 widely used WebSocket scenarios, providing a detailed topology and deployment overview of them. The presentation discusses the various client technologies, including HTML5, Java, native iOS and Android, and Raspberry Pi and Arduino for the IoT use cases. The use cases range from collaboration scenarios through second screen, and real-time stock quotes all the way to collecting telemetry data from sensors and controlling physical devices over the Web. Most demos come with code samples too. The presentation discusses some of the challenges of real-life WebSocket deployments, including hostile proxies, firewalls, and routers, and offers scalability and security considerations.

IT Camp 19: Top Azure security fails and how to avoid them

Karl Ots

Serverless Security: Doing Security in 100 milliseconds

James Wickett

One Kubernetes to rule them all (ZEUS 2019 Keynote)

Simon Harrer

In 2015, Google open sourced the core of their internal container clustering system under the name Kubernetes. Teams that previously relied upon IaaS and PaaS to run their applications quickly adopted Kubernetes instead. Today, only a few years later, Kubernetes is key to many companies and runs applications with literally billions of users. Kubernetes has become the de facto standard for deploying and running cloud native applications. We’ll give an overview of what Kubernetes is today and share our experiences from using Kubernetes in an ecormmerce and an IoT application. The future of Kubernetes could not look better. The Kubernetes ecosystem is growing, allowing to provision professionally managed databases directly within the cluster, running functions in a serverless-fashion, and even allowing us to host the code, the build pipeline and the application itself on Kubernetes. In the future, there might be only one Kubernetes to rule them all.

Monolithic to microservices migration journey with spring cloud

zeynelkocak

Monolithic to Microservices Migration Journey of iyzico with Spring Cloud

Mustafa Can Tekir

Bringing Docker to the Cloud

Andrew Kennedy

Technical Introduction to Hyperledger Fabric v1.0

Altoros

CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"

Daniel Bryant

Manage your kubernetes cluster with cluster api, azure and git ops

Jorge Arteiro

In this session we are going to Introduce Cluster API, a Kubernetes subproject that allows you to manage Kubernetes clusters lifecycle running anywhere using only Kubernetes YAML files. Let’s see how Azure Arc GitOps approach improves and simplify the day-2 operations of these clusters, where your Git repo is now the source of truth. Do you have problems managing identities and Network connection for your current CI/CD process? You don’t know how to manage multiple Kubernetes clusters in production? Then this talk is for you!

Similar to Enterprise security kubernetes (20)

Azure container instances

Azure devspaces

ADDO 2020: "The past, present, and future of cloud native API gateways"

Attacking and Defending Kubernetes - Nithin Jois

Service Discovery: From Classic to VPC

Nodeless and serverless kubernetes

SFSCON23 - Andrea Alfonsi - Kubernetes for IoT

Breaking The Cloud Kill Chain

GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"

From Containerized Application to Secure and Scaling With Kubernetes

Top 10 real life WebSocket use cases & experiences - Devoxx UK 2015

IT Camp 19: Top Azure security fails and how to avoid them

Serverless Security: Doing Security in 100 milliseconds

One Kubernetes to rule them all (ZEUS 2019 Keynote)

Monolithic to microservices migration journey with spring cloud

Monolithic to Microservices Migration Journey of iyzico with Spring Cloud

Bringing Docker to the Cloud

Technical Introduction to Hyperledger Fabric v1.0

CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"

Manage your kubernetes cluster with cluster api, azure and git ops

More from Karthikeyan VK

GCD ChatGPT.pptx

Karthikeyan VK

AutoGPT is a new AI tool that can automate many of the mundane tasks that take up your time. With AutoGPT, you can focus on the creative and strategic aspects of your work, while the AI takes care of the repetitive and time-consuming tasks. In this talk, we will discuss how AutoGPT can be used to improve your productivity. We will cover a variety of topics, including: How to use AutoGPT to automate your tasks How to integrate AutoGPT into your workflow How to troubleshoot common problems with AutoGPT

DataScience-101

Karthikeyan VK

Discover the fascinating world of data science with this beginner-friendly introduction to the field. This presentation covers key concepts and skills, making it perfect for those who are new to data science or looking to refresh their knowledge. You'll learn about the role of a data scientist, the data science process, and popular tools and techniques used in the industry. Content Overview: Introduction to Data Science Key Components and Terminology Data Types and Sources Data Cleaning and Preprocessing Exploratory Data Analysis Feature Engineering and Selection Machine Learning Algorithms Model Evaluation and Validation Data Visualization Techniques Essential Tools and Libraries Real-World Applications and Use Cases Building a Data Science Career Tags: #DataScience #MachineLearning #BigData #Analytics #DataVisualization #AI #Python #DataEngineering #Statistics

How to become a Software Architect.pptx

Karthikeyan VK

1. Mindset of an Architect 2. Character of an Architect 3. Habits of an Architect 4. Leader in an Architect 5. Skillset of an Architect We will also address the following burning questions in every senior software developer. How to become highly productive. How to see the big picture when architecting solutions How to keep me updated on these changing technologies How to cope with stress in the fast-paced world How to be successful in spite of heavy competition Five simple tools that make you ultra-productive. How to Lead a team without being a manager How to increase your salary How to balance your professional and personal life How not to feel insecure in your office How to overcome the feeling of stagnation in your career How to motivate your team without any fake pep talks How to build a self-motivated team How to learn core concepts faster How to implement what you learned in your project How to overcome procrastination How to overcome the fear of becoming invalid in your company How to ignore politics and still climb the corporate ladder. How to express your ideas to upper management How to build a high-quality team How to position yourself as an architect, so you can get opportunities automatically. How to be an ethical leader How to sell yourself without coming out as a salesperson How to motivate your team to new technologies, even though your project does not facilitate new technologies. How to build your own digital presence. How to become a demon developer. How to write simple architectural documents that can be understood by all stakeholders - a pragmatic approach. 5 Simple tools that make you more productive How to adapt to the new environment and become an architect who has the most influence. How to build a new team from the ground up.

Blockchain workshop 101

Karthikeyan VK

Event Streaming Architecture - Deep Dive

Karthikeyan VK

1. Why Event streaming 2. What is Event streaming 3. What is Transmitting Event Streams 4. What are message brokers 5. Types of message brokers available in market 6. Databases and streams 7. Event Sourcing 8.Command vs Events 9.State, Streams and Immutability 10. Immutable Events 11. Stream Events 12. Stream Joins 13. Demo on Azure Event Hub 14. Visualize data anomalies in real-time events sent to Azure Event Hubs

Anti patterns

Karthikeyan VK

Tips & Tricks to build software architecture document

Karthikeyan VK

How to double your productivity as a developer

Karthikeyan VK

How to be an expert in Debugging .Net Applications

Karthikeyan VK

Cloud Design Patterns

Karthikeyan VK

Pillars of great Azure Architecture

Karthikeyan VK

Monolithic to Microservices - Handson

Karthikeyan VK

Chat bot LUIS

Karthikeyan VK

Cloud design pattern using azure

Karthikeyan VK

Save Azure Cost

Karthikeyan VK

Learning graphql .Net

Karthikeyan VK

Azure Event Grid

Karthikeyan VK

Machine Learning Basics using Azure ML

Karthikeyan VK

Convert monolithic .Net Applications to microservices With Principles

Karthikeyan VK

Cognitive Intelligence using azure search

Karthikeyan VK

More from Karthikeyan VK (20)

GCD ChatGPT.pptx

DataScience-101

How to become a Software Architect.pptx

Blockchain workshop 101

Event Streaming Architecture - Deep Dive

Anti patterns

Tips & Tricks to build software architecture document

How to double your productivity as a developer

How to be an expert in Debugging .Net Applications

Cloud Design Patterns

Pillars of great Azure Architecture

Monolithic to Microservices - Handson

Chat bot LUIS

Cloud design pattern using azure

Save Azure Cost

Learning graphql .Net

Azure Event Grid

Machine Learning Basics using Azure ML

Convert monolithic .Net Applications to microservices With Principles

Cognitive Intelligence using azure search

Recently uploaded

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...

Globus

The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx

rickgrimesss22

Understanding Globus Data Transfers with NetSage

Globus

NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?

BoxLang: Review our Visionary Licenses of 2024

Ortus Solutions, Corp

Corporate Management | Session 3 of 3 | Tendenci AMS

Tendenci - The Open Source AMS (Association Management Software)

Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have. For more Tendenci AMS events, check out www.tendenci.com/events

A Sighting of filterA in Typelevel Rite of Passage

Philip Schwarz

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...

Mind IT Systems

2024 RoOUG Security model for the cloud.pptx

Georgi Kodinov

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Anthony Dahanne

Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ? Venez le découvrir lors de cette session ignite

Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf

Jay Das

Large Language Models and the End of Programming

Matt Welsh

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Natan Silnitsky

In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey. Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience. Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system. Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.

Prosigns: Transforming Business with Tailored Technology Solutions

Prosigns

Unlocking Business Potential: Tailored Technology Solutions by Prosigns Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support. Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth. Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices. AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making. Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency. DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration. Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly. Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business. Join us on a journey of innovation and growth. Let's partner for success with Prosigns.

Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better

XfilesPro

May Marketo Masterclass, London MUG May 22 2024.pdf

Adele Miller

Providing Globus Services to Users of JASMIN for Environmental Data Analysis

Globus

JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.

Into the Box 2024 - Keynote Day 2 Slides.pdf

Ortus Solutions, Corp

A Comprehensive Look at Generative AI in Retail App Testing.pdf

kalichargn70th171

Developing Distributed High-performance Computing Capabilities of an Open Sci...

Globus

COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.

How Recreation Management Software Can Streamline Your Operations.pptx

wottaspaceseo

Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.

Recently uploaded (20)

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx

Understanding Globus Data Transfers with NetSage

BoxLang: Review our Visionary Licenses of 2024

Corporate Management | Session 3 of 3 | Tendenci AMS

A Sighting of filterA in Typelevel Rite of Passage

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...

2024 RoOUG Security model for the cloud.pptx

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf

Large Language Models and the End of Programming

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Prosigns: Transforming Business with Tailored Technology Solutions

Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better

May Marketo Masterclass, London MUG May 22 2024.pdf

Providing Globus Services to Users of JASMIN for Environmental Data Analysis

Into the Box 2024 - Keynote Day 2 Slides.pdf

A Comprehensive Look at Generative AI in Retail App Testing.pdf

Developing Distributed High-performance Computing Capabilities of an Open Sci...

How Recreation Management Software Can Streamline Your Operations.pptx

Enterprise security kubernetes

1. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Enterprise security in the era of containers and Kubernetes • Karthikeyan VK • Twitter: @Karthik3030 • Blogs.karthikeyanvk.in

2. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is a Container? Windows Containers provide operating system virtualization that allows multiple isolated applications to be run on a single system.

3. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Difference between Containers and VMs

4. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Difference between Containers and VMs

5. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Why Containers ?

6. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Why Containers? • Transforming existing applications into cloud Is Hard! • Building Hybrid Cloud applications Is Hard! • Think about building solutions that should be deployed in Azure, AWS & GCP at the same time

7. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Docker ? • Docker is an open platform for developing, shipping, and running applications

8. Twitter: @Karthik3030 Blogs.karthikeyanvk.in DEMO !!!

9. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubernetes ? • Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. • Orchestrator for Containers

10. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubectl ? • Kubectl is a command line interface for running commands against Kubernetes clusters.

11. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Pod? • A Kubernetes pod is a group of containers that are deployed together on the same host.

12. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubernetes Service? • A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by which to access them

13. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubernetes Replica Sets? • Replica Set ensures how many replica of pod should be running. It can be considered as a replacement of replication controller.

14. Twitter: @Karthik3030 Blogs.karthikeyanvk.in DEMO !!!

15. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Why Enterprise Level Security

16. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Enterprise Level Security Features in AKS • Private Load Balancer • Virtual Network • L4 & L7 Capabilities • Control Egress Traffic • Control Ingress Traffic • East-West Traffic Policies • Whitelisting IP Addresses

17. Twitter: @Karthik3030 Blogs.karthikeyanvk.in L4 & L7 Security

18. Twitter: @Karthik3030 Blogs.karthikeyanvk.in L4 & L7 Security • L4 denotes TCP/UDP layer, where the network is flooded with packets of unnecessary data to enable Denial of Service Attack • L7 Denotes Application layer, where the API call is bombarded with unnecessary GET, POST. • Can be mitigated using application gateway or web application firewall of azure.

19. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Ingress Traffic • Traffic originating from external network • Limit the traffic with ingress policies • Controlled by setting which domain or which ip is allowed inside the network

20. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Ingress Traffic

21. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Egress Traffic • Traffic originating from internal network to Internet • Limit the traffic with 3rd party firewall

22. Twitter: @Karthik3030 Blogs.karthikeyanvk.in East-west Traffic • Traffic between containers • Think of one pod or container has been exploited. • East-West traffic control is very important.

23. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Whitelisting IP Addresses • Control who should access • Http routing is disabled by default • Helps in avoiding unnecessary access and port scanning

24. Twitter: @Karthik3030 Blogs.karthikeyanvk.in DEMO !!!

Editor's Notes

https://www.facebook.com/aspiringDotnetArchitects
Containers : Containers include the application and all of its dependencies– but share the kernel with other containers, running as isolated processes in user space on the host operating system. Containers are not tied to any specific infrastructure: they run on any computer, on any infrastructure and in any cloud. Virtual Machines : Virtual Machines include the application, the necessary binaries and libraries, and an entire operating system.

Enterprise security kubernetes

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Enterprise security kubernetes

Similar to Enterprise security kubernetes (20)

More from Karthikeyan VK

More from Karthikeyan VK (20)

Recently uploaded

Recently uploaded (20)

Enterprise security kubernetes

Editor's Notes