We had wonderful 2 hours workshop about oVirt. I showed basic usages, the architecture and some advanced parts (scheduling, qos, quotas declaration and more) that user can use by playing with ovirt live usb stick (https://www.ovirt.org/download/ovirt-live).
Thanks for all participates ! It was pleasure to be part of Fossasia.
Fell free to contact me any time - Yaniv Bronhaim - ybronhei@redhat.com
This document provides an introduction and overview of oVirt, an open source virtualization solution. It discusses that oVirt uses KVM as a hypervisor and provides an oVirt Engine web management tool similar to vCenter. It also describes additional oVirt features like live migration, high availability, live snapshots, and support for standards like OVF, VDI, and authentication. The presenter is Roozbeh Shafiee, a cloud architect from innfinision Cloud Solutions.
Simone Tiraboschi, Senior Software Engineer presso Red Hat, presenta oVirt, che, secondo Red Hat, è la risposta open-source alle esigenze di virtualizzazione in ambito enterprise. oVirt è una piattaforma di virtualizzazione con molteplici funzionalità; è basata su KVM, fornisce una semplice interfaccia WEB di amministrazione ed un accesso programmatico via API. Garantisce alta affidabilità.
oVirt and OpenStack look kind of similar from a distance. But they cater to different use-cases. That said, they do have some common needs. How can they work together? And when is it better to use one over the other?
El broker UDS Enterprise se integra con oVirt (a partir de la versión 3.2).
UDS Enterprise se suministra como virtual appliance y se aloja en la plataforma Open Source oVirt (KVM) sobre la que se van a desplegar los escritorios virtuales.
FOSSAsia 2016 - Shared storage management in the virtualization worldLiron Aravot
This document discusses storage management in oVirt virtualization. It introduces oVirt, which manages virtualization resources including storage. It explains oVirt storage concepts like images, storage domains, and storage pools. It then covers shared storage management, describing the Storage Pool Manager which performs shared storage operations and can be a single point of failure, and the Storage Domain Manager architecture which separates metadata and data operations for better load balancing without single points of failure.
The document discusses OpenStack Swift, an open source object/blob store. It provides information on Swift's architecture and deployment in production environments. Several companies that use Swift in production are mentioned, including Netmagic and CDAC India in India, as well as Rackspace, HP Cloud, Wikipedia, Disney, Anynines, Spillgames, MercadoLibre, ConCur and others globally. The document also provides relevant links for learning more about Swift.
In this session, we’ll focus exclusively on OpenStack Swift, OpenStack’s object store capability. We’ll review the architecture, use cases, deployment strategies and common obstacles as we “open up the covers” on this exciting element of the OpenStack architecture.
This document provides an introduction and overview of oVirt, an open source virtualization solution. It discusses that oVirt uses KVM as a hypervisor and provides an oVirt Engine web management tool similar to vCenter. It also describes additional oVirt features like live migration, high availability, live snapshots, and support for standards like OVF, VDI, and authentication. The presenter is Roozbeh Shafiee, a cloud architect from innfinision Cloud Solutions.
Simone Tiraboschi, Senior Software Engineer presso Red Hat, presenta oVirt, che, secondo Red Hat, è la risposta open-source alle esigenze di virtualizzazione in ambito enterprise. oVirt è una piattaforma di virtualizzazione con molteplici funzionalità; è basata su KVM, fornisce una semplice interfaccia WEB di amministrazione ed un accesso programmatico via API. Garantisce alta affidabilità.
oVirt and OpenStack look kind of similar from a distance. But they cater to different use-cases. That said, they do have some common needs. How can they work together? And when is it better to use one over the other?
El broker UDS Enterprise se integra con oVirt (a partir de la versión 3.2).
UDS Enterprise se suministra como virtual appliance y se aloja en la plataforma Open Source oVirt (KVM) sobre la que se van a desplegar los escritorios virtuales.
FOSSAsia 2016 - Shared storage management in the virtualization worldLiron Aravot
This document discusses storage management in oVirt virtualization. It introduces oVirt, which manages virtualization resources including storage. It explains oVirt storage concepts like images, storage domains, and storage pools. It then covers shared storage management, describing the Storage Pool Manager which performs shared storage operations and can be a single point of failure, and the Storage Domain Manager architecture which separates metadata and data operations for better load balancing without single points of failure.
The document discusses OpenStack Swift, an open source object/blob store. It provides information on Swift's architecture and deployment in production environments. Several companies that use Swift in production are mentioned, including Netmagic and CDAC India in India, as well as Rackspace, HP Cloud, Wikipedia, Disney, Anynines, Spillgames, MercadoLibre, ConCur and others globally. The document also provides relevant links for learning more about Swift.
In this session, we’ll focus exclusively on OpenStack Swift, OpenStack’s object store capability. We’ll review the architecture, use cases, deployment strategies and common obstacles as we “open up the covers” on this exciting element of the OpenStack architecture.
Fossasia 16 Integrating oVirt, Foreman and Katello to empower your data-centerYaniv Bronhaim
The document discusses integrating oVirt, Foreman, and Katello to manage physical and virtual infrastructure. Foreman can be used to provision bare metal hosts, while Katello allows viewing errata (update) information for hosts and virtual machines. oVirt's upgrade manager can then directly upgrade host content based on the available errata.
Open vStorage Meetup - Santa Clara 04/16wim_provoost
This document introduces Open vStorage, an open-source software-defined block storage solution for OpenStack. It combines the performance benefits of SAN storage with the scalability and low-cost of object storage. Open vStorage converts object storage into block storage for virtual machines, addressing limitations of using object storage directly through Cinder. It provides a unified storage platform for both block and object storage within OpenStack. The document also provides information on getting started with Open vStorage.
Turning object storage into vm storagewim_provoost
Object Storage is today the standard to build scale-out storage. But due to technical hurdles it is impossible to run Virtual Machines directly from an Object Store. Open vStorage is the layer between the hypervisor and Object Store and turns the Object Store into a high performance, distributed, VM-centric storage platform.
The document discusses how EMC Isilon scale-out NAS storage improves Hadoop resiliency and operational efficiency. It analyzes the impact of DataNode and TaskTracker failures on Hadoop jobs. EMC Isilon provides high availability, independent scalability of storage and compute, data protection features, and support for multiple Hadoop distributions and protocols like HDFS, NFS, SMB. This allows using existing data for analysis without replication and reduces time-to-results for Hadoop jobs.
Deploying and managing gluster using ovirt - fudcon2015Ramesh Nachimuthu
The document discusses deploying and managing the distributed file system Gluster using the virtualization management platform oVirt. It provides an overview of oVirt and Gluster, their integration, and features supported. Gluster management in oVirt allows creating and managing Gluster clusters, volumes, bricks and options. Upcoming releases will include a Gluster dashboard, disk management for brick creation, snapshot support, and geo-replication. The presentation aims to demonstrate how oVirt can be used to deploy and administer Gluster environments.
Turning OpenStack Swift into a VM storage platformOpenStack_Online
Open vStorage is an open source software that transforms object storage like OpenStack Swift into block storage for virtual machines (VMs). It acts as a middleware layer between the hypervisor and object store, presenting block storage to the hypervisor while storing data in the object store as time-based containers. This allows VMs to leverage the scalability and low cost of object storage. Open vStorage provides caching to improve performance and integrates with OpenStack through the Cinder volume plugin to enable common functions like snapshots. It provides a single, scalable storage platform for both VM block storage and image/backup object storage.
Data is being generated at rates never before encountered. The explosion of data threatens to consume all of our IT resources: People, budget, power, cooling and data center floor space. Are your systems coping with your data now? Will they continue to deliver as the stress on data centers increases and IT budgets dwindle?
Imagine if you could be ahead of the data explosion by being proactive about your storage instead of reactive. Now you can be, with NetApp's approach to the designs and deployment of storage systems. With it, you can take advantage of NetApp's latest storage enhancements and take control of your storage. This will allow you to focus on gathering more insights from your data and deliver more value to your business.
NetApp's most advanced storage solutions are NetApp Virtualization & scale out. By taking control of your existing storage platform with either solution, you get:
• Immortal Storage system
• Infinite scalability
• Best possible ROI from existing environment
Even the best system administrator cannot always avoids any and
every disaster that may plague his data center, but he should have a
contingency plan to recover from one - and an administrator that
manages his virtual data centers with oVirt is of course no different.
This session will cover the new features introduced in oVirt 3.5.0 to
handle such scenarios and will showcase how stringing together a set
of building blocks can produce a well rounded solution for disaster
scenarios.
The demand for managing a large amount of data in a scalable yet reliable and cost-effective way has became more and more relevant in this day and age. Ceph, a software-defined storage, provides an original solution for this problem and guarantees a resilient and self-healing way for managing large amount of data up to the Exabyte level. In this session I will talk about a new feature introduced in oVirt 3.6 which provides the ability to integrate with Red Hat Ceph storage using Cinder, a storage service used mainly for OpenStack. This integration reveals new opportunities and tools for storage management in a scalable and virtualized way and also opens the door for interesting future integrations with other storage providers.
In this session I will describe how oVirt, an open source virtualization management platform, has extended and elevated its storage virtualization management capabilities by integrating with Cinder, a storage service, to manage resources from the Ceph Storage. oVirt 3.6 revolutionize the way it manages virtualized storage to be much more scalable and flexible, and opens the door for future integrations with well known storage providers such as NetApp, EMC, HP and more.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Fossasia 16 Integrating oVirt, Foreman and Katello to empower your data-centerYaniv Bronhaim
The document discusses integrating oVirt, Foreman, and Katello to manage physical and virtual infrastructure. Foreman can be used to provision bare metal hosts, while Katello allows viewing errata (update) information for hosts and virtual machines. oVirt's upgrade manager can then directly upgrade host content based on the available errata.
Open vStorage Meetup - Santa Clara 04/16wim_provoost
This document introduces Open vStorage, an open-source software-defined block storage solution for OpenStack. It combines the performance benefits of SAN storage with the scalability and low-cost of object storage. Open vStorage converts object storage into block storage for virtual machines, addressing limitations of using object storage directly through Cinder. It provides a unified storage platform for both block and object storage within OpenStack. The document also provides information on getting started with Open vStorage.
Turning object storage into vm storagewim_provoost
Object Storage is today the standard to build scale-out storage. But due to technical hurdles it is impossible to run Virtual Machines directly from an Object Store. Open vStorage is the layer between the hypervisor and Object Store and turns the Object Store into a high performance, distributed, VM-centric storage platform.
The document discusses how EMC Isilon scale-out NAS storage improves Hadoop resiliency and operational efficiency. It analyzes the impact of DataNode and TaskTracker failures on Hadoop jobs. EMC Isilon provides high availability, independent scalability of storage and compute, data protection features, and support for multiple Hadoop distributions and protocols like HDFS, NFS, SMB. This allows using existing data for analysis without replication and reduces time-to-results for Hadoop jobs.
Deploying and managing gluster using ovirt - fudcon2015Ramesh Nachimuthu
The document discusses deploying and managing the distributed file system Gluster using the virtualization management platform oVirt. It provides an overview of oVirt and Gluster, their integration, and features supported. Gluster management in oVirt allows creating and managing Gluster clusters, volumes, bricks and options. Upcoming releases will include a Gluster dashboard, disk management for brick creation, snapshot support, and geo-replication. The presentation aims to demonstrate how oVirt can be used to deploy and administer Gluster environments.
Turning OpenStack Swift into a VM storage platformOpenStack_Online
Open vStorage is an open source software that transforms object storage like OpenStack Swift into block storage for virtual machines (VMs). It acts as a middleware layer between the hypervisor and object store, presenting block storage to the hypervisor while storing data in the object store as time-based containers. This allows VMs to leverage the scalability and low cost of object storage. Open vStorage provides caching to improve performance and integrates with OpenStack through the Cinder volume plugin to enable common functions like snapshots. It provides a single, scalable storage platform for both VM block storage and image/backup object storage.
Data is being generated at rates never before encountered. The explosion of data threatens to consume all of our IT resources: People, budget, power, cooling and data center floor space. Are your systems coping with your data now? Will they continue to deliver as the stress on data centers increases and IT budgets dwindle?
Imagine if you could be ahead of the data explosion by being proactive about your storage instead of reactive. Now you can be, with NetApp's approach to the designs and deployment of storage systems. With it, you can take advantage of NetApp's latest storage enhancements and take control of your storage. This will allow you to focus on gathering more insights from your data and deliver more value to your business.
NetApp's most advanced storage solutions are NetApp Virtualization & scale out. By taking control of your existing storage platform with either solution, you get:
• Immortal Storage system
• Infinite scalability
• Best possible ROI from existing environment
Even the best system administrator cannot always avoids any and
every disaster that may plague his data center, but he should have a
contingency plan to recover from one - and an administrator that
manages his virtual data centers with oVirt is of course no different.
This session will cover the new features introduced in oVirt 3.5.0 to
handle such scenarios and will showcase how stringing together a set
of building blocks can produce a well rounded solution for disaster
scenarios.
The demand for managing a large amount of data in a scalable yet reliable and cost-effective way has became more and more relevant in this day and age. Ceph, a software-defined storage, provides an original solution for this problem and guarantees a resilient and self-healing way for managing large amount of data up to the Exabyte level. In this session I will talk about a new feature introduced in oVirt 3.6 which provides the ability to integrate with Red Hat Ceph storage using Cinder, a storage service used mainly for OpenStack. This integration reveals new opportunities and tools for storage management in a scalable and virtualized way and also opens the door for interesting future integrations with other storage providers.
In this session I will describe how oVirt, an open source virtualization management platform, has extended and elevated its storage virtualization management capabilities by integrating with Cinder, a storage service, to manage resources from the Ceph Storage. oVirt 3.6 revolutionize the way it manages virtualized storage to be much more scalable and flexible, and opens the door for future integrations with well known storage providers such as NetApp, EMC, HP and more.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Introduction of Cybersecurity with OSS at Code Europe 2024
Fossasia 16 - oVirt overview
1. FOSSASIA, March 2016
The oVirt Way
General Product
Overview
Senior Software Engineer,
Maintainer @ RHEV
Red Hat IL
March 2016, FOSSASIA, Singapore
Yaniv Bronhaim
2. FOSSASIA, March 2016
The oVirt
● Open source
● What is oVirt
● Utilizing Virt and KVM features
● Architecture
● Road-map
● Ovirt 4.0 and beyond
3. FOSSASIA, March 2016
Open Source:
● It's not just for Linux
● It may or may not have support
● You don't have to be an expert to use it
● You have full access to the source code
● You're probably already using it
4. FOSSASIA, March 2016
Provide an open source alternative
to vCenter/vSphere/Xen
Large scale, centralized
management for server and
desktop virtualization
Based on leading performance,
scalability and security
infrastructure technologies
Focus on ease of use/deployment
What is oVirt?
7. 8FOSSASIA, March 2016
Kenrel-based Virtual Machine
● Included in Linux kernel since 2006
● Runs Linux, Windows and other
operating system guests
● Advanced features
– Live migration
– Memory page sharing
– Thin provisioning
– PCI Pass-through
● KVM architecture provides high
“feature-velocity” – leverages the
power of Linux
10. Live snapshot
Task Management
Async Operations
Live Migration
Overcommit
CPU, Memory, I/O
Hotplug
External Providers
Hosted
Engine + HA engine
Live Storage Migration
SSO
NUMA
SPICE
Memory
Ballooning
PCI pass through
QuotaImport Storage
Domain
VIRT V2VProgress Live
Processes
Iscsi , NFS
Management
Network Interfaces
Management
Cinder
User Roles
Fence Kdump support PPC Support
Foreman Hosts
Provisioning
Host Upgrade
Manager
Expose Errata
Information
SRIOV Support
11. 12FOSSASIA, March 2016
The oVirt's Entities
Data Centers
GuestVM
Storage
Linux Hypervisors
GuestVM
Virtual ClustersNetwork
12. 13FOSSASIA, March 2016
● What makes up a Hypervisor?
– OS FedoraRed Hat Enterprise LinuxCentOsUbuntu
– VDSM
● Hardware Management
● Memory Manager
● Storage Manipulations
● Resource Management
● Scheduling
● Access Control
● Power Management
● Memory Manager
● Device Model (emulation)
● Virtual Machine Monitor
Linux as a Hypervisor?
13. FOSSASIA, March 2016
oVirt Node
● Standalone hypervisor
– Small footprint < 100MB
● Customized 'spin' of Fedora +
KVM
● 'Just enough' Fedora to run virtual
machines
● Runs on all RHEL hardware
with Intel VT/AMD-V CPUs
– Easy to install, configure and upgrade
● PXE boot, USB boot, CD or Hard
drive
● Node 4.0 new generation
14. 15FOSSASIA, March 2016
● What makes up a cluster?
– Group – Migration domain
– Share Specification
– Share Storage Array
– Network Cluster
● Provides Migration Abilities
Cluster Of Hypervisors
15. 16FOSSASIA, March 2016
● What is a VM
– User level process
– Controls part of the hypervisor hardware
– Attached to storage disk
– Exposes VDI access control
Guest Virtual Machine
18. 19FOSSASIA, March 2016
Live Migration
• Dynamically move virtual machines
between hosts
● No service interruption
● Applications continue to run
• Migrate even I/O intensive workloads
such as databases
• Perform hardware maintenance
without application downtime
• Dynamically balance workloads
between host systems
19. 20FOSSASIA, March 2016
• Build a highly available enterprise
infrastructure
• Continually monitor host systems and
virtual machines
• Automatically restart virtual machines in
case of host failure
● Restart virtual machine on another
node in the cluster
• Use live migration to “fail-back” a VM to
it's original host when the server is
restored
High Availability
20. 21FOSSASIA, March 2016
System Scheduler
• Dynamically balance
workloads in the data center.
• Automatically live migrate
virtual machines based on
resources
• Define custom policies for
distribution of virtual machines
Maintain consistent resource usage across the
enterprise data center
21. 22FOSSASIA, March 2016
Power Saver
Define policies to optimize workload on a fewer number of servers during “off-
peak” hours
Turn off servers – Saving money
23. FOSSASIA, March 2016
libvirt
VDSM
Host | Node
libvirt
VDSM
Host | Node
Linux/Windows
client
Linux/Windows
client
Shared Storage
FC/iSCSI/NFS
Shared Storage
FC/iSCSI/NFS
Linux VMLinux VM Win VMWin VM
oVirt
Engine
Java
oVirt
Engine
Java
SDK/CLI
Python
SDK/CLI
Python
R
E
S
T
R
E
S
T
ADAD
IPAIPA
Local StorageLocal Storage
Guest agentGuest agent Guest agentGuest agent
Admin Portal
GWT
Admin Portal
GWT
User Portal
GWT
User Portal
GWT
PostgresPostgres
oVirt High Level Architecture
SPICE
25. FOSSASIA, March 2016
virto-serial
Guest AgentGuest Agent
QEMU/KVMQEMU/KVM
Host
Config &
Monitor
Host
Config &
Monitor
Storage
Config &
Monitor
Storage
Config &
Monitor
Network
Config &
Monitor
Network
Config &
Monitor
VM
Config &
Monitor
VM
Config &
Monitor
Auto
Register
Auto
Register
KSMKSM
Zoom In To The Hypervisor's Components
libvirtlibvirt
hookshooks
VDSM
26. FOSSASIA, March 2016
Zoom In To The VM Components
SSOSSO
Virtio-
net
Virtio-
net
Virtio-
block
Virtio-
block
Spice
driver
Spice
driver
USBUSB guest
Agent
guest
Agent
balloonballoon
29. FOSSASIA, March 2016
Simplicity
● Installation
– yum install -y ovirt-engine; engine-setup
● http://www.ovirt.org/Build_and_Install_Engine_RPM
● http://www.ovirt.org/OVirt_Engine_Development_Environment
● oVirt-Host-Deploy process
● oVirt Node
● Varied user interaction mechanisms
– Python CLI, Python/Java SDK
● Configuration - One place, single utility
30. FOSSASIA, March 2016
Stability
● Involvement of big companies
– RHEV is based on oVirt
– IBM, Netapp, Cisco etc.
● Release schedule
– Feature freeze
– Stabilization periods
– Test days
● Continues Integration
– Jenkins jobs – Available upstream
● Active users community
43. FOSSASIA, March 2016
Virtual Desktop Infrastructure
Centralized management,
security and policy enforcement
Virtual desktops with user
experience of a physical PC
Multiple monitors
HD quality video
Bi-directional audio/video for
VoIP or video-conferencing
Smartcard support
USB support
Industry leading density of virtual
desktops/server
61. FOSSASIA, March 2016
Notification Service
● oVirt allows registration to certain audit events
● The notification service
sends emails per audit
message to relevant
users
● Also monitors engine
itself
62. FOSSASIA, March 2016
Hooks
● “Hook” mechanism for customization
– Allows administrator to define scripts to modify VM operation
● eg. Add extra options such as CPU pinning, watchdog device,
direct LUN access, etc
– Allows oVirt to be extended for new KVM features before full
integration is done
– An easy way to test a new kvm/libvirt/linux feature
63. FOSSASIA, March 2016
Hooks
● Hook scripts are called at specific VM lifecycle events
● VDSM (management agent) Start
● Before VM start
● After VM start
● Before VM migration in/out
● After VM migration in/out
● Before and After VM Pause
● Before and After VM Continue
● Before and After VM Hibernate
● Before and After VM resume from hibernate
● On VM stop
● On VDSM Stop
● Hooks can modify a virtual machines XML definition before VM start
● Hooks can run system commands – eg. Apply firewall rule to VM
65. FOSSASIA, March 2016
UI-Plugin: oVirt Monitoring sub-tab
More info at: https://labs.ovido.at/monitoring/wiki/ovirt-monitoring-ui-plugin
66. FOSSASIA, March 2016
Also in oVirt but not here
● Gluster Support
● Hot plug
– Cpu, memory, nics
● Shared disks
● PPC support
● Integration with:
– Foreman, Glance,
Neutron, Cinder ..
● Live snapshot with
ram
● Numa
● Live storage
Migration
● Upgrade Manager
● Events
● Network Broker
67. FOSSASIA, March 2016
Getting oVirt
● Obtain from oVirt website -
– http://www.ovirt.org/Download
● Fedora And oVirt repositories
(resources.ovirt.org)
● Live USB - http://wiki.ovirt.org/wiki/OVirt_Live
● Build from source
68. FOSSASIA, March 2016
How To Contribute
● Website and Repository:
– http://gerrit.ovirt.org/
– http://www.ovirt.org
– http://www.ovirt.org/wiki
Join the community
- Find bugs, File Them, Correct Them.
- Translate, Write Documentation.
- Design Interfaces, Develop new features
- Share your experiences.
Everyone can make a difference.
● Mailing lists:
● http://lists.ovirt.org/mailman/listinfo
● IRC:
● #ovirt on OFTC
WE WILL INDRODUCE THE PRODUCT
-
ITS ADVANDAGES FEATURES USAGES
-
FROM MY EXPERIENCE
-
WHO USES VIRTUALIZATION MANGMENT PRODUCTS? FAMILIAR WITH ALTERNATIVES
WE WILL INDRODUCE THE PRODUCT
-
ITS ADVANDAGES FEATURES USAGES
-
FROM MY EXPERIENCE
-
WHO USES VIRTUALIZATION MANGMENT PRODUCTS? FAMILIAR WITH ALTERNATIVES
HOW DO WE MANAGE PYSICAL SERVERS LIKE CYCLE?
-
Bare metal in real life
-
The open source solution – Foreman
-
Empower your data-center with Virtualization
-
Managing Virtualization infrastructures with oVirt
-
Integrating the power of oVirt and Foreman
OUR GOAL IS TO LEAD IN SCALE, MANAGMENT, PERFORMENCE USER FRIENDLY
-
ALTERNATIVE
-
FEATURE REACH – EVERYONE CAN REGUEST
-
BASE KVM
OVIRT 8 YEARS OLD PROJECT
-
CONTRIBUTERS IN THE INDESTRY
-
SHIPPED WITH FEDORA AND SUPPORT UBUNTO
-
THE RED HAT CHANNELS SHIPS IT AS RHEV
OLD 2011, BUT STILL SHOWS THE ROAD
-
SECOND AFTER VMWARE ON MANAGEMENT ANALYSES (OVIRT)
-
HYPER V AND CITRIX
-
DON&apos;T BELEIVE IT, TRY YOURSELF
STACK OF PROJECTS
-
ENGINE – THE MANAGEMENT ITSELF
-
VDSM – VIRTUAL DESKTOP SYSTEM MANAGER – THE HYPERVISOR
HISTORY – AVI KIVITI 8 YEARS AGO
-
STARTED IN QEMRANET WHICH ACQUIRED LATER BY REDHAT
-
NO NEED FOR SPECIFIC OS , OR USER SPACE MECHANIZEM
-
SOME OF YOU, LINUX NINJAS MIGHT SAY THAT WHY NOT TO USE COMMAND LINE
* MANY ASPECTS – STORAGE, NETWORK VM LIFE CYCLE QOS AND MANY MORE
THIS IS THE ADMIN CONSOLE
-
WEB BASED UI
-
HANDLES ALL THE MANAGED ENTITIES
-
DC, CLUSTER, HOSTS, VMS, NET, STORAGE,
-
WE WILL DECLARE EACH ENTITY TOGETHER AND SEE WHAT OPTIONS WE HAVE
MAIN ACTORS IN OVIRT
-
Data Center
-
Guest = VM
-
Storage Pool (NFS, Iscsi, Fiber channel)
Network Devices
Hypervisor = Host = Server
Cluster (NEXT SLIDE)
What makes up a hypervisor ?
Hardware management
Device drivers
I/O Stack
Resource Management
Scheduling
Access Control
Power Management
Memory Manager
Device Model (emulation)
Virtual Machine Monitor
EASY, SMALL AND COMPACTIC OS FOR HOST TO SERVE ONLY AS HYPERVISOR.
-
JUST PUT THE DISK AND ENGINE WILL RECOGNIZE THE HOST FOR YOU.
What makes up a cluster?
Group of hosts\hypervisors
Same specification for all hypervisors in cluster
Share same storage array
Ability to reach communication to each entity inside the cluster
Provides migration abilities
What is a VM
User level process
-
Controls part of the hypervisor hardware
-
Attached to storage disk
-
Exposes VDI access control
MANGE DATACENTER – USE ONE OF THE HOST AS OUR HYPERVISOR
-
AFTER OVIRT INITIALIZED THE HOST WE CAN START USE IT TO MANAGE VMS ABOVE
THIS SHOWS MULTIPLY DATACENTER
-
AND AS YOU SEE, IT CAN INCLUDE MANY DC, CLUSTER AND VM AND DO THE CORELLATION BETWEEN ALL THE ENTITIES
-
LETS SEE BIT OF THE FEATURES YOU GET BY USING OVIRT
IF WE GET BACK TO LIVE MIGRATION -
WE MOVE THE VM WITHOUT ANY INTEVENTION
-
APPLICATIONS STILL RUN
-
ITS DYNAMICLY , THE VM PROCESS JUST START IN THE SECOND CHOICE
SET OF RULES ON SPECIFIC VM TO ALLOW HIGH AVALIABILITY
-
IN SCENERIOS AS HIGH LOAD ON HOST , FALL BACK ON FAILURES
-
AUTOMATICALLY RESTART VM IF SOMETHING GET STUCK
DO USAGES MANIPULATION BASED ON RESOURCES
-
DYNAMICLY BALANCE BASED ON POLICIES
WE CAN EVEN DEFINE POLICY FOR THE PICK HOURS. LIKE MONDAY MORNING EVENT WHEN ALL EMPLOYERS OPEN THEIR DESKTOP AT THE SAME TIME
-
IN SOME PLACES THEY STILL KEEP COMING AT 8 :)
MORE AUTHENTICATION OPTIONS – OPEN LDAP , RHDS
-
WILL GET INSIDE THE ENGINE, VDSM AND THE VM
THE ENGINE FIRST TAKES CARE FOR AUTHENTICATION AND THE INVENTORY AS ABSTRACT REASPOSIBILITY
-
THEN EACH USER HAVE ITS OWN HOSTS THAT BEING MANIPULATED
-
ABOVE IT WE HAVE THE NETWORK AND STORAGE MANIPULATIONS
-
AND THEN THE SPECIFIC CONFIGURATION FOR VIRT, LOAD BALANCING AND HA
WHAT VDSM DOES
-
VM CUT IT DIRECTLY TO THE GUEST
-
KSM - Kernel SamePage Merging
identical memory pages amongst different processes or virtualized guests.
-
DUPLICATE PAGES
WHAT HAPPENS INSIDE THE VM – THE GUEST
-
VIRT-IO DRIVERS
BALOON – MANAGING MEMORY EXTEND
-
SINGEL SIGH ON
INSTALLING PHASE – SHORT AND SIMPLE
-
YOU CAN EVEN TRY IT WITH ALLINONE SETUP OR OUR LIVE CD
-
USERS INTERFACE THAT WE ARE ABOIUT TO SEE AND ANALYZE
-
USER OVIRT NODE
-
EASY CONFIGURATION
THE WAY WE DEVELOP AND COLLABORATE WITH OUR CUSTOMERS AND SUPPORTERS
-
RELEASES
-
CI
-
ACTIVE USERS
SO HOW DOES IT LOOK ?
-
ADMIN CONSOLE
-
Search driven
-
Tree view
-
Components (DC, Cluster, Host)
-
Networks
Storage pool
SO HOW DOES IT LOOK ?
-
ADMIN CONSOLE
-
Search driven
-
Tree view
-
Components (DC, Cluster, Host)
-
Networks
Storage pool
SO HOW DOES IT LOOK ?
-
ADMIN CONSOLE
-
Search driven
-
Tree view
-
Components (DC, Cluster, Host)
-
Networks
Storage pool
SO HOW DOES IT LOOK ?
-
ADMIN CONSOLE
-
Search driven
-
Tree view
-
Components (DC, Cluster, Host)
-
Networks
Storage pool
SO HOW DOES IT LOOK ?
-
ADMIN CONSOLE
-
Search driven
-
Tree view
-
Components (DC, Cluster, Host)
-
Networks
Storage pool
SO HOW DOES IT LOOK ?
-
ADMIN CONSOLE
-
Search driven
-
Tree view
-
Components (DC, Cluster, Host)
-
Networks
Storage pool
WILL TALK ABOUT IT IN MY NEXT SESSION ON 4:30
NO LINUX KNOWLEDGE IS REQUIRED
SO HOW DOES IT LOOK ?
-
ADMIN CONSOLE
-
Search driven
-
Tree view
-
Components (DC, Cluster, Host)
-
Networks
Storage pool
- VDI –GIVE THE USER THE EXPERIENCE SUCH AS PYSICAL HARDWARE
-
SPICE PROTOCOL ALLOWS MULTI-MONITOR, High Quality Videos, bi directional VIDEO AUDIO (WEB CAMS + MICROPHONE)
-
SPICE FULLY INTEGRATED WITH OVIRT
-
USES ACTIVEX FOR WIN
-
XPI PLUGIN FOR FIREFOX – WEB INTERFACE
SEARCH IS A MUST WHEN MANAGING THOUSANDS OF VMS
-
AUTO COMPLETION
NETWRKING IN VIRT INCLUDE PLATFORM AND Vms NETWORK
-
HERE WE LOOK AT THE HOST PHYSICAL NETWORK LAYOUT
THE INTERFACES AND BRIDGES
BASIC NETWORK KNOWELGE REQUIRED. NO NEED FOR LINUX KNOWELEGE
LAB MANAGER/ QA MANAGER CAN CREATE VMS or TEMPLATES AND DELEGATE ACCESS TO THEM
-
NO HOST/STORAGE?NETWORK DEFINITION
DATA WAREHOUSE FOR ALL OVIRT INFORMATION
-
STATES, FEEDS, TRENDS, SPECIFIC VIEWS
-
HERE WE COMPARE RHEL GUEST VS WINDOWS GUESS IN TERM OF TIME
MANIPULATIONS AND EXTRA OPTIONS
-
HELPS FOR TESTING
-
EXAMPLE: VM STATS, FAKE CPUS
-
Examples in next slide
YOU CAN CHANGE THE FORM OF THE VM BY CHANGE THE XML CONTECT
JAVA SCRIPT CODE TO ADD LOGIC SCREENS AND TABS FOR THE ADMINISTRATOR PORTAL
-
SEARCH ON GOOGLE FOR EXAMPLES
-
FOREMAN PLUGIN
JSON RPC FOR THE COMUNICATION BETWEEN THE HYPERVISOR AND THE ENGINE
-
IMPORT STORAGE DOMAIN AFTER FAILURE IN DB
-
STILL AIMING TO MATURE SCALE
AS I MENTIONED, OVIRT IS AVAILABLE IN FEDORA REPOS, YOU CAN DOWNLOAD IT, OR USE THE LIVE USB
-
I ALSO ENCOURAGE TO GET THE SOURCE FROM GERRIT AND START CONTRIBUTING IF ITS CLOSE TO YOU
NEXT VERSION
DONT TRUST ME THAT ITS SO GOOD AS I SAY, D/L IT AND TRY YOUSELF.
MY NEXT SESSION IN AN HOUR ABOUT INTEGRATION BETWEEN OVIRT AND FOREMAN WHICH PROVIDES BARE METAL PROVISIONING
ILL EXPLAIN WHAT IS BARE METAL AND HOW THE INTEGRATION PROCESS IS BEING DONE