This document summarizes ABN AMRO Bank's efforts to move from COBOL to containerized applications using Kubernetes. It discusses the creation of their "Stratus" platform to provide easy-to-use platforms, reusable software components, and portability across clouds at an enterprise level with security. Stratus provides a managed container platform on AWS with Docker image pipelines and security tools. Their roadmap involves developing minimum viable products to improve platform governance, training, and compliance as code. An example use case with the "SMILE team" developing Java microservices on EKS is provided, along with lessons learned around focus, governance, automation, and iteration with a holistic platform capabilities approach rather than tooling.
Why modern cloud infrastructure require automationGerald Crescione
Modern Cloud Infrastructures require automation and call for Infrastructure as Code. But mastering Infrastructure as Code is complex. Here's why a CI/CD can help
The good, the bad, and the ugly of migrating hundreds of legacy applications ...Josef Adersberger
Wir haben bei der Allianz innerhalb von 17 Monaten eine Container Plattform in der Public Cloud aufgebaut und in einem ersten Schritt 144 Java Legacy Anwendungen cloud-ready gemacht und dorthin migriert. Im Vortrag zeigen wir, was dabei unsere Erfolgsrezepte und größten Hindernisse waren. Es geht dabei unter anderen darum, wie man eine große Anwendungslandschaft auf ihre Cloud-Readiness hin analysiert und wie man eine industrialisierte Migration von Anwendungen auf eine Cloud Plattform etabliert.
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...VMware Tanzu
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud Platform (Pivotal Cloud-Native Workshop: Milan)
Fabio Marinelli
7 February 2018
Why modern cloud infrastructure require automationGerald Crescione
Modern Cloud Infrastructures require automation and call for Infrastructure as Code. But mastering Infrastructure as Code is complex. Here's why a CI/CD can help
The good, the bad, and the ugly of migrating hundreds of legacy applications ...Josef Adersberger
Wir haben bei der Allianz innerhalb von 17 Monaten eine Container Plattform in der Public Cloud aufgebaut und in einem ersten Schritt 144 Java Legacy Anwendungen cloud-ready gemacht und dorthin migriert. Im Vortrag zeigen wir, was dabei unsere Erfolgsrezepte und größten Hindernisse waren. Es geht dabei unter anderen darum, wie man eine große Anwendungslandschaft auf ihre Cloud-Readiness hin analysiert und wie man eine industrialisierte Migration von Anwendungen auf eine Cloud Plattform etabliert.
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...VMware Tanzu
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud Platform (Pivotal Cloud-Native Workshop: Milan)
Fabio Marinelli
7 February 2018
Serverless security - how to protect what you don't see?Sqreen
Protecting serverless is a new topic. This presentation aims at showing what new security challenges it brings, and how CISO and security teams should approach it.
The serverless space evolves fast and there is no convergence on best practices yet. The switch to a serverless architecture involves several changes, for instance developers doing much more ops with serverless, deploying 20 times more services than previously...
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...Anders Lundsgård
Public presentation about Scania's Cloud migration. Why Scania goes for public cloud and how we organize and utilize cloud computing. New content are slides 18-20 that shows how we separate 'Migration projects' from 'Greenfield projects'.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAmazon Web Services
Willbros, a leading infrastructure contractor serving the oil and gas industry, leverages Amazon Web Services (AWS) and Trend Micro Deep Security to quickly design and deploy agile, secure cloud solutions to protect their vital data. Moving to AWS allows organizations to leave their infrastructure behind and start fresh – architecting for flexibility and scalability. However, bottlenecks are created when traditional on-premises security approaches and tools are used. Learn how Willbros unleashed innovation in the energy industry by taking a greenfield approach to security in AWS. Attend this practical webinar by AWS, Trend Micro and Willbros to learn how you can design a flexible, agile architecture that meets compliance requirements and protects your most valuable asset – your data. Jason Cradit from Willbros will share their experience on how they achieved building robust and secure pipeline management systems in the cloud.
Topics will include:
• Identify and select the AWS services and configurations required to build secure applications in the AWS Cloud
• Identify and select the Trend Micro services that complement AWS' broad set of security features
• Architect a secure application using a combination of AWS services, Trend Micro services, and configurations
• How to protect workloads from attacks, without hampering performance
Who Should Attend:
• Solutions Architects, IT Operations Professionals, Dev-Ops Engineers, and System Integrators
AWS, Google Cloud, Azure, and every other public and private cloud come with their individual sets of strengths and weaknesses, but they have one thing in common: they make it easy and fast for enterprises to spin up Kubernetes clusters. Meanwhile, development and application teams make their own cloud choices, often on a per-project basis. This leads to a fragmented landscape of differently architected Kubernetes stacks, managed by separate teams and with separate toolchains for development, operations, and security.
These slides, based on the webinar hosted by leading IT research firm Enterprise Management Associates (EMA) and Red Hat, explain how to optimally harness Kubernetes as the catalyst for IT transformation.
From legacy to Azure Service Fabric in 360h. Odessa.Stas Lebedenko
We all heard talks about fancy microservice architecture projects and it seems like overkill to use this architecture in your small/medium sized project. Moreover, you can have some really nasty stuff like old fashioned WCF services or more recent ASP.NET Web API, along with no time to rewrite it? Fear no more, there is a way to migrate fast and effective to Azure Service Fabric.
You can set up a proper foundation for your project reliability and scalability in the coming years. I will share my experience and talk about benefits/pitfalls you might encounter.
Stanislav Lebedenko
Cloud Native Machine Learning is a guide to bringing your experimental machine learning code to production using serverless capabilities from major cloud providers. You’ll start with best practices for your datasets, learning to bring VACUUM data-quality principles to your projects, and ensure that your datasets can be reproducibly sampled. Next, you’ll learn to implement machine learning models with PyTorch, discovering how to scale up your models in the cloud and how to use PyTorch Lightning for distributed ML training. Finally, you’ll tune and engineer your serverless machine learning pipeline for scalability, elasticity, and ease of monitoring with the built-in notification tools of your cloud platform. When you’re done, you’ll have the tools to easily bridge the gap between ML models and a fully functioning production system.
Learn more about the book here: http://mng.bz/em9w
Automating security compliance for physical, virtual, cloud, and container en...Lucy Huh Kerner
In this slide deck of my 2017 Red Hat Summit talk, you'll learn how to easily provision a security-compliant host and quickly detect and remediate security and compliance issues in physical, virtual, cloud, and container environments. We’ll discuss possible compliance challenges and show how a combination of Red Hat CloudForms, Red Hat Satellite, and Ansible Tower by Red Hat can help you quickly achieve compliance, automate security , and complete remediation. You’ll learn how you can integrate Red Hat CloudForms with Red Hat Satellite and Ansible Tower by Red Hat, as well as use the OpenSCAP integration in Red Hat Satellite, to perform audit scans and remediations at the push of a button on your systems and automate security to ensure compliance against various profiles, such as:
The U.S. Government Configuration Baseline (USGCB).
The Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG).
The Centralized Supercomputing Facility (CSCF) baseline.
The U.S. Government Commercial Cloud Services (C2S) baseline.
The Certified Cloud and Service Provider (CCSP) baseline.
Center for Internet Security (CIS) Benchmarks.
The Payment Card Industry Data Security Standard (PCI DSS) Custom policies.
You'll also learn how you can use the control and policy engine in Red Hat CloudForms to detect and fix vulnerabilities, such as Shellshock, and learn how to do proactive security and automated risk management with Red Hat Insights.
To see the video replay of this talk, please visit: https://www.youtube.com/watch?v=8V1iDgOTWFA&t=1s
Internet of Things and Edge Compute at Chick-fil-ABrian Chambers
My presentation at QConNY 2017 about the Internet of Things and Edge Compute architecture / strategy at Chick-fil-A. I discuss using a cloud-native approach to computing at the Edge, and discuss the services that are part of our architecture to enable data collection and control of "things" in our restaurants.
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...VMware Tanzu
SpringOne Platform 2016
Speakers: Thomas Fredell; Chief Product Officer, Merrill & Ashish Pagey; Architecture Team Lead, Merrill
Come learn how Merrill Corporation is solving real business challenges and transforming their business directly from Merill's product and architecture leaders. By partnering with Pivotal and Microsoft Merill can rapidly deliver software as Java microservices deployed to Pivotal Cloud Foundry running on Microsoft Azure.
Infrastructure as Code principles and practicesOpenSense Labs
To pioneer the new practices for their large scale, highly reliable IT infrastructure, organisations are provisioning and changing systems to promise a transformation in its infrastructure with IaC.
Application Security in the Cloud - Best PracticesRightScale
RightScale Webinar: May 20, 2010 – This webinar presents security implementation for applications running in the Amazon Web Services (AWS) environment with the RightScale management platform, using best practices developed by HyperStratus. See the archived video at http://vimeo.com/rightscale/application-security-in-the-cloud-best-practices.
Presentation about Cloud Security at Scania 2019. At the yearly auto:CODE we.CONECT conference in Berlin.
What needs have drive the Cloud movement and how to further improve agility with empowered feature teams that securely work autonomous in AWS Cloud.
Serverless security - how to protect what you don't see?Sqreen
Protecting serverless is a new topic. This presentation aims at showing what new security challenges it brings, and how CISO and security teams should approach it.
The serverless space evolves fast and there is no convergence on best practices yet. The switch to a serverless architecture involves several changes, for instance developers doing much more ops with serverless, deploying 20 times more services than previously...
The Cloud Journey in an Enterprise - IDC Multicloud - Stockholm November 20, ...Anders Lundsgård
Public presentation about Scania's Cloud migration. Why Scania goes for public cloud and how we organize and utilize cloud computing. New content are slides 18-20 that shows how we separate 'Migration projects' from 'Greenfield projects'.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAmazon Web Services
Willbros, a leading infrastructure contractor serving the oil and gas industry, leverages Amazon Web Services (AWS) and Trend Micro Deep Security to quickly design and deploy agile, secure cloud solutions to protect their vital data. Moving to AWS allows organizations to leave their infrastructure behind and start fresh – architecting for flexibility and scalability. However, bottlenecks are created when traditional on-premises security approaches and tools are used. Learn how Willbros unleashed innovation in the energy industry by taking a greenfield approach to security in AWS. Attend this practical webinar by AWS, Trend Micro and Willbros to learn how you can design a flexible, agile architecture that meets compliance requirements and protects your most valuable asset – your data. Jason Cradit from Willbros will share their experience on how they achieved building robust and secure pipeline management systems in the cloud.
Topics will include:
• Identify and select the AWS services and configurations required to build secure applications in the AWS Cloud
• Identify and select the Trend Micro services that complement AWS' broad set of security features
• Architect a secure application using a combination of AWS services, Trend Micro services, and configurations
• How to protect workloads from attacks, without hampering performance
Who Should Attend:
• Solutions Architects, IT Operations Professionals, Dev-Ops Engineers, and System Integrators
AWS, Google Cloud, Azure, and every other public and private cloud come with their individual sets of strengths and weaknesses, but they have one thing in common: they make it easy and fast for enterprises to spin up Kubernetes clusters. Meanwhile, development and application teams make their own cloud choices, often on a per-project basis. This leads to a fragmented landscape of differently architected Kubernetes stacks, managed by separate teams and with separate toolchains for development, operations, and security.
These slides, based on the webinar hosted by leading IT research firm Enterprise Management Associates (EMA) and Red Hat, explain how to optimally harness Kubernetes as the catalyst for IT transformation.
From legacy to Azure Service Fabric in 360h. Odessa.Stas Lebedenko
We all heard talks about fancy microservice architecture projects and it seems like overkill to use this architecture in your small/medium sized project. Moreover, you can have some really nasty stuff like old fashioned WCF services or more recent ASP.NET Web API, along with no time to rewrite it? Fear no more, there is a way to migrate fast and effective to Azure Service Fabric.
You can set up a proper foundation for your project reliability and scalability in the coming years. I will share my experience and talk about benefits/pitfalls you might encounter.
Stanislav Lebedenko
Cloud Native Machine Learning is a guide to bringing your experimental machine learning code to production using serverless capabilities from major cloud providers. You’ll start with best practices for your datasets, learning to bring VACUUM data-quality principles to your projects, and ensure that your datasets can be reproducibly sampled. Next, you’ll learn to implement machine learning models with PyTorch, discovering how to scale up your models in the cloud and how to use PyTorch Lightning for distributed ML training. Finally, you’ll tune and engineer your serverless machine learning pipeline for scalability, elasticity, and ease of monitoring with the built-in notification tools of your cloud platform. When you’re done, you’ll have the tools to easily bridge the gap between ML models and a fully functioning production system.
Learn more about the book here: http://mng.bz/em9w
Automating security compliance for physical, virtual, cloud, and container en...Lucy Huh Kerner
In this slide deck of my 2017 Red Hat Summit talk, you'll learn how to easily provision a security-compliant host and quickly detect and remediate security and compliance issues in physical, virtual, cloud, and container environments. We’ll discuss possible compliance challenges and show how a combination of Red Hat CloudForms, Red Hat Satellite, and Ansible Tower by Red Hat can help you quickly achieve compliance, automate security , and complete remediation. You’ll learn how you can integrate Red Hat CloudForms with Red Hat Satellite and Ansible Tower by Red Hat, as well as use the OpenSCAP integration in Red Hat Satellite, to perform audit scans and remediations at the push of a button on your systems and automate security to ensure compliance against various profiles, such as:
The U.S. Government Configuration Baseline (USGCB).
The Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG).
The Centralized Supercomputing Facility (CSCF) baseline.
The U.S. Government Commercial Cloud Services (C2S) baseline.
The Certified Cloud and Service Provider (CCSP) baseline.
Center for Internet Security (CIS) Benchmarks.
The Payment Card Industry Data Security Standard (PCI DSS) Custom policies.
You'll also learn how you can use the control and policy engine in Red Hat CloudForms to detect and fix vulnerabilities, such as Shellshock, and learn how to do proactive security and automated risk management with Red Hat Insights.
To see the video replay of this talk, please visit: https://www.youtube.com/watch?v=8V1iDgOTWFA&t=1s
Internet of Things and Edge Compute at Chick-fil-ABrian Chambers
My presentation at QConNY 2017 about the Internet of Things and Edge Compute architecture / strategy at Chick-fil-A. I discuss using a cloud-native approach to computing at the Edge, and discuss the services that are part of our architecture to enable data collection and control of "things" in our restaurants.
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...VMware Tanzu
SpringOne Platform 2016
Speakers: Thomas Fredell; Chief Product Officer, Merrill & Ashish Pagey; Architecture Team Lead, Merrill
Come learn how Merrill Corporation is solving real business challenges and transforming their business directly from Merill's product and architecture leaders. By partnering with Pivotal and Microsoft Merill can rapidly deliver software as Java microservices deployed to Pivotal Cloud Foundry running on Microsoft Azure.
Infrastructure as Code principles and practicesOpenSense Labs
To pioneer the new practices for their large scale, highly reliable IT infrastructure, organisations are provisioning and changing systems to promise a transformation in its infrastructure with IaC.
Application Security in the Cloud - Best PracticesRightScale
RightScale Webinar: May 20, 2010 – This webinar presents security implementation for applications running in the Amazon Web Services (AWS) environment with the RightScale management platform, using best practices developed by HyperStratus. See the archived video at http://vimeo.com/rightscale/application-security-in-the-cloud-best-practices.
Presentation about Cloud Security at Scania 2019. At the yearly auto:CODE we.CONECT conference in Berlin.
What needs have drive the Cloud movement and how to further improve agility with empowered feature teams that securely work autonomous in AWS Cloud.
The state of containers for your DevOps journeyAgile Montréal
Containers, Containers, Containers! We are hearing about Containers everywhere, what are their key concepts? Why could they simplify your DevOps journey? What are the tools to help you with Containers and orchestratethem? What’s the road ahead with Containers? Let’s talk about that! Through this presentation you will see also how the Cloud and the Open Source tools and communities are driving this Containers adoption. This presentation will be illustrated by demonstrations.
Mathieu Benoit
How to build "AutoScale and AutoHeal" systems using DevOps practices by using modern technologies.
A complete build pipeline and the process of architecting a nearly unbreakable system were part of the presentation.
These slides were presented at 2018 DevOps conference in Singapore. http://claridenglobal.com/conference/devops-sg-2018/
Cloudreach has built a framework for adopting containers within the enterprise. I shared our framework and perspective with the AWS TechConnect audience.
Using cloud native development to achieve digital transformationUni Systems S.M.S.A.
Avishay Sebban, Partner Senior Solution Architect at Red Hat IGC, gives the comprehensive idea behind Red Hat Ansible platform, the full automation capabilities and the smooth deployment to cloud. From Cloud Migration Through Automation: Next Level Flexibility virtual event, hosted on September 30, 2020
As DevOps practices have been put into wide use, it's become evident that developers and operations aren't merging to become one discipline. Nor is operations simply going away. Rather, DevOps is leading software development and operations - together with other practices such as security - to collaborate and coexist with less overhead and conflict than in the past.
In his session at @DevOpsSummit at 19th Cloud Expo, Gordon Haff, Red Hat Technology Evangelist, will discuss what modern operational practices look like in a world in which applications are more loosely coupled, are developed using DevOps approaches, and are deployed on software-defined, and often containerized, infrastructures - and where operations itself is increasingly another "as a service" capability from the perspective of developers.
How does the operations tool chest change? How does the required skill set differ? How are the interactions between operations and other IT and business organizations different from in the past? How can operations provide the confidence to the entire organization that this new pipeline is still delivering non-functional requirements such as regulatory compliance and a secure and certified operating environment? How does operations safely consume vendor and upstream dependencies while meeting developer desires for the latest and greatest?
Operations is more important than ever for a business to derive value from its IT organization. But the roles and the goals of operations are significantly different than they were historically.
Business and IT agility through DevOps and microservice architecture powered ...Lucas Jellema
IT needs to run in production in order to generate business value. DevOps is among other things a way of thinking focusing on production software. A business application requires a tailor made platform to generate business value. The combination of application and its platform is a DevOps product. The DevOps team has full responsibility for that product through its entire lifecycle.
The microservices architecture promises flexibility, scalability, and optimal use of compute resources. Via independent components with well-defined scope and responsibility, interface, and ownership that are evolved and managed in an automated DevOps process, this architecture leverages current technologies and hard-learned insights from past decades.
This session defines the objectives of Business with IT, of microservices and DevOps and introduces Containers and the container platform Kubernetes as crucial ingredients for making DevOps happen.
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatAmazon Web Services
OpenShift is Red Hat's Platform-as-a-Service (PaaS) that lets developers quickly develop, host, and scale Docker container-based applications. OpenShift enables a uniform and standardised approach to container management across all hosting options including AWS/EC2 and other private/public cloud and on/off-premise variants.
At this session, you will learn how Red Hat's enterprise clients are using OpenShift to enable their digital transformation initiatives. Examples will cover how realising a hybrid cloud strategy can simplify and reduce the risk of migrating and transitioning application workloads to containers in the cloud.
Speaker: Andrea Spanner, Red Hat Asia Pacific Pty Ltd
Why and how are containers the foundation for a hybrid cloud futureStefan van Oirschot
- All great companies are now also software companies;
- Know your developers and users frustrations;
- Provide the ultimate customer experience;
- Embrace communities and utilize open source for faster innovation;
- Build an internal cloud platform embracing the world's ecosystem;
- Understand essential capabilities of a modern platform and embed them in your platform service.
The Carrier DevOps Trend (Presented to Okinawa Open Days Conference)Alex Henthorn-Iwane
Telecom carriers are adopting DevOps practices to complement new SDN and NFV network architectures. This presentation to the Okinawa Open Days 2014 conference talks about why this is so, how carriers are going about it, and some best practices.
Get the best tips for containerization, cloud migrations, Kubernetes and Continuous Integration and Deployment (CI/CD) for a smooth path to modern infrastructure.
Download the full guide to cloud infrastructure modernisation from our site www.montel.fi/cloud-modernisation.
This presentation shows how Nuxeo Platform takes benefit from the "Cloud Technologies" to answers scalability and performances challenges for cloud deployment as well as on-premises deployment.
Similar to From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey (20)
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
3. ABN AMRO BANK
Financial sector
Enterprising bank
Amsterdam
Headquarter
Agile organization
DevOps / Hybrid cloud
Total number of employees
20,000
Development Teams
400+
Applications
3,000+
8. to enable development teams to quicklydeliver secure and highquality software by providing them with:
STRATUS’MISSION
Easy-to-use
Platforms
Re-usablesoftware
components
Portabilityacrossclouds
onenterpriselevel
Security
11. ROADMAP
Q4 2018
Stratus team created
Define mission & vision
Define capabilities of platform
Q1 2019
Minimum Viable Product #1
Managed Container Platform on AWS
(EKS)
Twistlock build implementation
Docker Image Pipeline
Hardened and secure base images
Q2 2019
Minimum Viable Product #2
Improve platform governance
Training & Education
Positioning Infrastructure as Code
Positioning Compliance as Code
Metrics / Telemetry
Twistlock runtime implementation
Onboard applications
12. COMPLIANCE
How do wemakesure that we adhereto compliance controls?
Timely mitigation
Mitigating measures need to be
implemented within a certain amount
of time.
Open Policy Agent (OPA)
Policy engine (OPA) integrated with
Kubernetes.
Versioning
Versioning enables immutability and
traceability.
Trust
Trust but verify approach.
CIS benchmarking
Use best practices for secure
configuration, hardening and
monitoring.
Monitoring & alerting
Compliance related logs sent to
CloudWatch and Splunk.
13. COMPLIANCEASCODE
Defining yourcompliance requirements in a human- andmachine-readable language.
Configurations can be automatically deployed, tested, monitored andreported on across your entire IT estate.
AutomationIncreased
speed
Shift left
15. USE CASE:SMILE TEAM
The SMILEteam is developing containerized microservices in Java.These microservices are deployed totheir EKScluster on AWS.
• Stratus heavily collaborates with them in a Lean fashion
• Helm is being used forpackaging androllingupdates
• Cloudbees Jenkins Enterprise is used for CI
• Standardized Docker image pipeline forCI
• Twistlock is included within the pipeline forcontainer security
• AWS CodePipeline is being used for CD
16. Keep focus on your
Minimum Viable Product
(avoid the squirrel effect).
Focus
Don’t only focus on the
technical aspects, but
also create clear
governance.
Automate as much as
possible.
Start small and iterate in
a lean fashion with actual
customers.
Think in terms of platform
capabilities rather than
tooling.
Holistic
approach
Automation Iteration
Platform
Capabilities
LESSONS LEARNED
What did we learn from our journey up until now?
Active in financial sector > Strictly regulated, highly competitive.
Work according to agile principles and implementing DevOps across the organization. Quite far with CI/CD and strategy for hybrid cloud. >
Agile organization
400+ dev teams
3000 applicaties
Why is ABN moving towards containers? Because of Devops transformation
- What prompted the start of the containerization journey, and where do we want to be?
- The desire for containerization was bottom-up – developers want to use containers for efficiency/reliability/etc. Deliver to azure and aws, containers.
Strategic decision for formalize the containerization strategy to avoid redundant expenditure, uniform quality of containerization components
External influence > suppliers deliver software in containers.
When starting with containers on cloud, you will have a lot of choice in the cloud native landscape…
Guidance – otherwise all teams will create their own solutions and multiple licenses
Select the best cloud features and make them available according to the ABN AMRO standards and rules. Best fit-for-purpose tooling
Uniform way of working > easier to control
Share knowledge/best practices: prevent re-inventing the wheel.
Cloud-native landscape can be overwhelming. What do you actually need? When do you need it?
The team responsible for delivering this managed container platform is called ‘Stratus’.
To determine the direction of this team and the journey towards containers, we have defined a mission.
Stratus:
investigates the needed capabilities,
experiments with tooling,
implements and integrates best-fit-for-purpose-tooling,
supports teams that are already moving forward with containers, kubernetes, and microservices,
writes standards, guidelines, and best practices.
“Stratus clouds are low-level clouds characterized by horizontal layering with a uniform base.”- https://en.wikipedia.org/wiki/Stratus_cloud
Create easy-to-use platforms, so teams can easily deploy their software.
Security is top priority. With new techniques, new vulnerabilities and risks pop-up. We needed to create specific security measures for working with containers.
delivers re-usable components e.g. base images and infra-structure-as-code, so teams can re-use and don’t need to re-invent. We practice inner-sourcing. Teams that are pioneering adoption of containers contribute to shared modules. Teams with less DevOps maturity can benefit from the work of these teams.
Modular approach – Lego for DevOps
We offer Infra as Code modules for setting up Kubernetes clusters and worker nodes
We offer modules for pipelines for building containers, delivering Helm Charts to shared repositories, delivering applications to Kubernetes, etc.
We offer Helm Charts for common components such as EFS provisioner for persistent storage, ALB ingress with External DNS, etc.
We practice inner-sourcing. Teams that are pioneering adoption of containers contribute to shared modules. Teams with less DevOps maturity can benefit from the work of these teams (standing on the shoulders of giants)
Portability across clouds > less dependent on the cloud provider if you use cloud agnostic tools. Helps you with exit strategy.
- Platform = technique
- In a large enterprise it is not simply implementing a tool; governance is important. Collaborate with other teams, e.g. security and compliance departments. But also collaborate with cloud platform teams. We needed to define the responsibilities and shared responsibilities, so we can work more effective and prevent gaps.
Pipelines help us to automate process. We for example have a Docker image pipeline that enables teams to create their own Docker images. In these pipeline certain steps are integrated that check the quality and security of the image that you are creating. If critical issues are find, the build will break and you will need to fix your image. Helps us to speed up, but also to control and add security steps in the process.
This all together is the managed container platform. Teams will onboard their applications and can go to PROD with it.
We use semantic versioning for compliance rules
Compliance changes are software changes – we get all the benefits software development: CICD, code review, etc.
As new regulations or advisories come into affect, we can release new versions of our compliance policies
Compliance teams get an easy overview of who is using which sets of rules
Developers get an easy upgrade path – just bump the version number in the policy applied to their clusters and they are compliant again
- Helm - package management at k8s level
- Jenkins/Azure DevOps
- Twistlock - runtime and build time security scans, policy enforcement
Vault - secrets management, secret zero provisioning
Open Policy Agent - policy enforcement. Compliance as Code.
- Docker
- CNI - container networking, container storage. We haven’t locked down a decision on these components yet. Still evaluating.
- Splunk/Prometheus - ABN has invested heavily in our Splunk infrastructure, and we wanted a way to reuse as much as possible.
Terraform - infrastructure provisioning.
Splunk/Prometheus metrics
- AWS EKS/Azure AKS - managed kubernetes. I do not want my team woken up in the middle of the night because of an issue with etcd or another under-the-hood component. Just give me an API that spawns Kubernetes clusters, and we’ll take it from there
Highly regulated especially with regards to workloads on the public cloud. Banks are expected to be ‘in control’. How do we make sure that we adhere to compliance controls?
High speed automated compliance checks
Real evidence can be delivered to regulators instead of Excel-sheets
Automated compliance checks can be traced back to compliance controls.
Compliance triggers can be aggregated into a log aggregation system
Compliance reports can be generated automatically
Shift Left for Compliance. CaC pipelines can give quick feedback to developers