Presentation delivered at the 2017 LinuxCon China.
Container is a popular technology in cloud with the merits of fast provisioning, high density and near-native performance. New requirements have been rising to further use GPU to accelerate various applications in containers, e.g. media trans-coding, machine learning, etc. However there is still gap of managing GPU in such container usages. This presentation will first review the status of GPU support on both native container and Intel clear container, then provide an anatomy of technical gaps and enabling plans in major areas (orchestration layer, resource isolation and QoS performance isolation), then review our work for GPU virtualization in clear container and prototype work through extensions in docker plugin, cgroup and GPU scheduler to fix those gaps.
How to Burn Multi-GPUs using CUDA stress test memoNaoto MATSUMOTO
How to Burn Multi-GPUs using CUDA stress test memo (2017/05/20)
SAKURA Internet, Inc. / SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...The Linux Foundation
Xen role, details of implementation and problems in a sample solution based on OSS (Android, Linux and Xen) that addresses Automotive requirements such as ultra-fast RVC boot time, quick IVI system boot time, cloud connectivity and multimedia capabilities, reliability and security through hardware virtualization. Secure CAN/LIN/MOST bus integration handled by Linux on Dom0 while Android runs customizable QML-based HMI in a sandbox of DomU. These case studies will include but not be limited to: computing power requirements, memory requirements, virtualization, stability, boot-time sequence and optimization, video clips showing results of the work done. Case study is built on TexasInstruments OMAP5 SoC.
Kernel Recipes 2015: Representing device-tree peripherals in ACPIAnne Nicolas
Platforms using ACPI firmware are becoming increasingly interesting to embedded developers. This presentation will demonstrate the new features in the ACPI 5.1 specification which make it possible for ACPI to transparently represent devices using existing device-tree bindings, and for Linux to use existing device drivers which should automatically work for both ACPI and device-tree.
David Woodhouse, Intel
How to Burn Multi-GPUs using CUDA stress test memoNaoto MATSUMOTO
How to Burn Multi-GPUs using CUDA stress test memo (2017/05/20)
SAKURA Internet, Inc. / SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...The Linux Foundation
Xen role, details of implementation and problems in a sample solution based on OSS (Android, Linux and Xen) that addresses Automotive requirements such as ultra-fast RVC boot time, quick IVI system boot time, cloud connectivity and multimedia capabilities, reliability and security through hardware virtualization. Secure CAN/LIN/MOST bus integration handled by Linux on Dom0 while Android runs customizable QML-based HMI in a sandbox of DomU. These case studies will include but not be limited to: computing power requirements, memory requirements, virtualization, stability, boot-time sequence and optimization, video clips showing results of the work done. Case study is built on TexasInstruments OMAP5 SoC.
Kernel Recipes 2015: Representing device-tree peripherals in ACPIAnne Nicolas
Platforms using ACPI firmware are becoming increasingly interesting to embedded developers. This presentation will demonstrate the new features in the ACPI 5.1 specification which make it possible for ACPI to transparently represent devices using existing device-tree bindings, and for Linux to use existing device drivers which should automatically work for both ACPI and device-tree.
David Woodhouse, Intel
Ariel Waizel discusses the Data Plane Development Kit (DPDK), an API for developing fast packet processing code in user space.
* Who needs this library? Why bypass the kernel?
* How does it work?
* How good is it? What are the benchmarks?
* Pros and cons
Ariel worked on kernel development at the IDF, Ben Gurion University, and several companies. He is interested in networking, security, machine learning, and basically everything except UI development. Currently a Solution Architect at ConteXtream (an HPE company), which specializes in SDN solutions for the telecom industry.
Embitude's Linux SPI Drivers Training Slides. Contains the details of AM335X specific low level programming, SPI components such as SPI Master Driver, SPI Client Driver, Device Tree for SPI
Covers the basics of Direct Memory Access (DMA). Further to this, the generic Linux DMA engine is covered along with steps to initiate the DMA transfer
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
DPDK (Data Plane Development Kit) Overview by Rami Rosen
* Background and short history
* Advantages and disadvantages
- Very High speed networking acceleration in L2
- How this acceleration is achieved (hugepages, optimizations)
- rte_kni (and KCP)
- VPP (and FD.io project) , providing routing and switching.
- TLDK (Transport Layer Development Kit, TCP/UDP)
* Anatomy of a simple DPDK application.
* Development and governance model
* Testpmd: DPDK CLI tool
* DDP - Dynamic Device Profiles
Rami Rosen is a Linux Kernel expert, the author of "Linux Kernel Networking", Apress, 2014.
Rami had published two articles about DPDK in the last year:
"Network acceleration with DPDK"
https://lwn.net/Articles/725254/
"Userspace Networking with DPDK"
https://www.linuxjournal.com/content/userspace-networking-dpdk
The conversion of the ARM Linux kernel over to the Device Tree as the mechanism to describe the hardware has been a significant change for ARM kernel developers. Nowadays, all developers porting the Linux kernel on new ARM platforms, either new SOCs or new boards, have to work with the Device Tree. Based on practical examples, this talk intends to provide a ""getting started guide"" for newcomers in the Device Tree world: what is the Device Tree? How is it written and compiled? How do the bootloader and kernel interact? How are Device Tree bindings written and documented? What are the best practices for writing Device Trees and their bindings?
Video available at https://www.youtube.com/watch?v=m_NyYEBxfn8.
Process Address Space: The way to create virtual address (page table) of user...Adrian Huang
Process Address Space: The way to create virtual address (page table) of userspace application.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...Adrian Huang
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Resource placement is a policy-rich problem, particularly across multi-cluster, multi-geography and multi-cloud environments. Placement may be based on company conventions, external regulation, pricing, performance requirements, or complex combinations of those. Furthermore, placement policies evolve over time and vary across organizations. As a result, it is very difficult to anticipate the policy requirements of all users.
In this presentation, Torin Sandal (Lead Engineer of Open Policy Agent) will present, along with Irfan Ur Rehman, and demonstrate the work they've done integrating OPA into the Kubernetes Cluster Federation Control Plane. This enables high level policies to be expressed in a easy to understand policy language, and automatically enforced across federations of Kubernetes clusters.
Ariel Waizel discusses the Data Plane Development Kit (DPDK), an API for developing fast packet processing code in user space.
* Who needs this library? Why bypass the kernel?
* How does it work?
* How good is it? What are the benchmarks?
* Pros and cons
Ariel worked on kernel development at the IDF, Ben Gurion University, and several companies. He is interested in networking, security, machine learning, and basically everything except UI development. Currently a Solution Architect at ConteXtream (an HPE company), which specializes in SDN solutions for the telecom industry.
Embitude's Linux SPI Drivers Training Slides. Contains the details of AM335X specific low level programming, SPI components such as SPI Master Driver, SPI Client Driver, Device Tree for SPI
Covers the basics of Direct Memory Access (DMA). Further to this, the generic Linux DMA engine is covered along with steps to initiate the DMA transfer
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
DPDK (Data Plane Development Kit) Overview by Rami Rosen
* Background and short history
* Advantages and disadvantages
- Very High speed networking acceleration in L2
- How this acceleration is achieved (hugepages, optimizations)
- rte_kni (and KCP)
- VPP (and FD.io project) , providing routing and switching.
- TLDK (Transport Layer Development Kit, TCP/UDP)
* Anatomy of a simple DPDK application.
* Development and governance model
* Testpmd: DPDK CLI tool
* DDP - Dynamic Device Profiles
Rami Rosen is a Linux Kernel expert, the author of "Linux Kernel Networking", Apress, 2014.
Rami had published two articles about DPDK in the last year:
"Network acceleration with DPDK"
https://lwn.net/Articles/725254/
"Userspace Networking with DPDK"
https://www.linuxjournal.com/content/userspace-networking-dpdk
The conversion of the ARM Linux kernel over to the Device Tree as the mechanism to describe the hardware has been a significant change for ARM kernel developers. Nowadays, all developers porting the Linux kernel on new ARM platforms, either new SOCs or new boards, have to work with the Device Tree. Based on practical examples, this talk intends to provide a ""getting started guide"" for newcomers in the Device Tree world: what is the Device Tree? How is it written and compiled? How do the bootloader and kernel interact? How are Device Tree bindings written and documented? What are the best practices for writing Device Trees and their bindings?
Video available at https://www.youtube.com/watch?v=m_NyYEBxfn8.
Process Address Space: The way to create virtual address (page table) of user...Adrian Huang
Process Address Space: The way to create virtual address (page table) of userspace application.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...Adrian Huang
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Resource placement is a policy-rich problem, particularly across multi-cluster, multi-geography and multi-cloud environments. Placement may be based on company conventions, external regulation, pricing, performance requirements, or complex combinations of those. Furthermore, placement policies evolve over time and vary across organizations. As a result, it is very difficult to anticipate the policy requirements of all users.
In this presentation, Torin Sandal (Lead Engineer of Open Policy Agent) will present, along with Irfan Ur Rehman, and demonstrate the work they've done integrating OPA into the Kubernetes Cluster Federation Control Plane. This enables high level policies to be expressed in a easy to understand policy language, and automatically enforced across federations of Kubernetes clusters.
Presentation delivered at LinuxCon China 2017.
Zephyr is an upstream open source project for places where Linux is too big to fit. This talk will overview the progress we've made in the first year towards the projects goals around incorporating best of breed technologies into the code base, and building up the community to support multiple architectures and development environments. We will share our roadmap, plans and the challenges ahead of the us and give an overview of the major technical challenges we want to tackle in 2017.
Besides huge success in mobile, ARM is also ambitious in server field. Software ecosystem is now a barrier for wide deployment of ARM servers in data center. ARM Shanghai Workloads team is working on clouding and big data software enablement and optimization on ARM64 platform.
In this presentation, Yibo Cai will introduce the status and challenges of running OpenStack on ARM servers, with emphasis on OpenStack compute, storage and networking.
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
Presentation delivered at LinuxCon China 2017 by Greg Kroah-Hartman.
The Linux kernel is the largest collaborative software development projects ever. This talk will discuss exactly how Linux is developed, how fast it is happening, who is doing the work, and how we all stay sane keeping up with it. It will discuss the development model used, and how it differs from almost all "traditional" models of software development.
Presentation delivered at LinuxCon China 2017.
The Libvirt API is cloud industry standard API to manage virtualization hosts on cross platforms.It is widely implemented in renowned cloud system such as openstack,opencloud. The compatibility and fragmentation avoiding of Libvirt APIs will eventually play great impact on what Libvirt can achieve as a whole. For this reason,Libvirt API certification is introduced. Libvirt API certification focuses on testing a technology implementation to make sure that it operates consistently with all other implementations of the same Libvirt technology specification.
In this paper, the author will review current state of Libvirt API certification, discuss the challenges it faces, and look forward to how Libvirt community may address those challenges.
In this talk, Tim Bird will discuss the recent status of the Linux with regard to embedded systems. This will include a review of the last year's worth of mainline kernel releases, as well as topic areas specifically related to embedded, such as boot-up time, security, system size, etc. Tim will also present recent and planned work by the Core Embedded Linux Project of the Linux Foundation, and discuss the current status of Linux in various markets and fields. Tim will go over current areas of work, and discuss remaining challenges faced by Linux in embedded projects.
Presentation delivered at LinuxCon China 2017
The practices of Blockchain as a service in Dianrong (Shiyuan Xiao, Dianrong.com) - Blockchain as a Service (BaaS) provides a easy, low-cost and flexible platform for companies to enable their businesses based on blockchain backed by a cloud platform. Shiyuan will introduce the experiences to build such a BaaS platform, what is the architecture, what problems we have met and solved and the best practices we summarized.
Presentation delivered at LinuxCon China 2017. Rethinking the Operating System.
A new wave of Operating Systems optimized for containers appeared on the horizon making us excited and puzzeled at the same time.
"Why do we need anything different for containers when traditional OSs served us well in the last 25+ years?" "Isn't Kubernetes just another package to install on top of my favorite distro?"" Will this obsolete my whole infrastructure?" are some of the questions this talk will shed some light on.
Explore the journey SUSE made in rethinking the OS: From a conservative linux distribution to a platform that goes hand in hand with the needs of Microservices.
You will get an insight at what lessons were learned during the intense development effort that lead to SUSE Containers as a Service Platform, how the obstacles along the way were lifted and why "Upstream first" is - and should always be - the rule.
After returning from a recent trip that occurred during the middle of a heat wave. I arrived home to find my apartment quite hot, at least 45C inside. Needless to say it wasn’t the most comfortable way to come home after 15 days out of town, I decided it was time for me to do something about it to address this so I didn't come home to that unpleasant surprise again. Normally, this problem is solved by having a thermostat which controls the air conditioning. However, my apartment did not have a thermostat. So I decided to build one using open source software.
This talk will cover how I went about solving my problem using existing software and protocols like home-assistant, MQTT, and also some new software that was created for this. It'll also discuss how using open software and home automation I was able to solve my issue but also make cooling my apartment smarter.
Presentation delivered at LinuxCon China 2017.
Operating systems need to move faster without sacrificing stability. New hardware, new software features, and bugfixes are making it into distribution components every day. To maintain stability, packagers and distribution developers are looking toward lessons learned in the DevOps movement to implement Continuous Integration/Continuous Delivery (CI/CD) workflows that provide quicker test feedback to developers.
This talk highlights some of the coming trends in Fedora such as: streamlined base package sets, userspace applications delivered as containers, continuous validation of individual distro components and the distro as a whole, and collaboration with the CentOS Project.
Can we leverage the resource of public cloud for gaming, streaming, transcoding, machine learning and visualized CAD application on demand? Yes if it provides the capability and infrastructure to utilize GPUs. Can we get high performance networking in the cloud as what I have in the bare metal environment? Yes with SR-IOV. How to achieve them? In this presentation we describe Discrete Device Assignment (also known as PCI Pass-through) support for GPU and network adapter in Linux guest and SR-IOV architectures of Linux guest with near-native performance profile running on Hyper-V. We also will share how to integrate accelerated graphics and networking capabilities in Microsoft Azure infrastructure.
Kdump is a long existing method for acquiring dump of crashed kernel, however very few literatures are available to understand it's usage and internals. We receive a lot of queries on kexec mailing list about different issues related to the kexec/kdump environment.
In this presentation, we talk about basics of kdump usage and some internals about kdump/kexec kernel implementation. It includes end to end flow from kdump kernel configuration to crash analysis. We discuss some of the problem which is frequently faced by kdump users. It also includes related information about ELF structure, so that one can debug if vmcore itself gets corrupted because of any architecture related issue.
Best practices for optimizing Red Hat platforms for large scale datacenter de...Jeremy Eder
This presentation is from NVIDIA GTC DC on Oct 23, 2018:
https://youtu.be/z5gEUL6dJRI
Corresponding Press Release: https://www.redhat.com/en/about/press-releases/red-hat-nvidia-align-open-source-solutions-fuel-emerging-workloads
Blog: https://www.redhat.com/en/blog/red-hat-and-nvidia-positioning-red-hat-enterprise-linux-and-openshift-primary-platforms-artificial-intelligence-and-other-gpu-accelerated-workloads
Demo Video:
https://www.youtube.com/watch?v=9iVYjA_WJgU
Quantifying Your World with AI & Docker on the Edge | OSCONF 2020 JaipurAjeet Singh Raina
When Docker, IoT and AI Meet Together....
Highlights:
- Opendatacam is 100% Open Source solution
- Quantifies and tracks moving objects with Live Video Analysis
- Runs on Linux and CUDA GPU enabled hardware
- Runs completely on Docker Containers as well as support K3s.
Read the Full Story - https://collabnix.com/object-detection-with-yolo-using-docker-19-03-on-nvidia-jetson-nano/
Hear me LIVE on 10th October while I talk about Running Docker Container which uses GPU on Jetson Nano for Implementing Object Detection and Analytics.
Настройка окружения для кросскомпиляции проектов на основе docker'acorehard_by
Как быстро и легко настраивать/обновлять окружения для кросскомпиляции проектов под различные платформы(на основе docker), как быстро переключаться между ними, как используя эти кирпичики организовать CI и тестирование(на основе GitLab и Docker).
Kernel Recipes 2014 - The Linux graphics stack and Nouveau driverAnne Nicolas
The Linux graphics stack is constantly evolving to add support for new hardware. This evolution and new software specifications have forced the X graphical server to be split into several components including a now rotates in the Linux kernel, the Direct Rendering Manager (DRM). A quick presentation of these components and their role will be carried out before looking at new major change in the common code, the NVIDIA Optimus technology.
One equipped with Optimus technology laptop has two graphics processing units (GPUs), one from Intel and one from NVIDIA. This technology combines the low power Intel GPU when the machine is not used to the performance of NVIDIA GPUs when the user plays. This technology, however, is a nightmare to manage kernel-side although the final building blocks necessary for its complete management are being finalized. Further explanation of this issue will be made and we’ll see how this new software architecture has added graphics acceleration on embedded processor SoCs like Tegra.
The case of open source NVIDIA driver, called “New” will then be studied. This is the graphics driver community as it is developed without the help of NVIDIA and attracted several regular contributors, including myself! We’ll take a quick history of the project before talking about the current developments and issues related to the lack of documentation.
The end of this presentation will then be left to the participants so they can ask more general questions about the graphics stack, if they wish.
Martin Peres, Laboratoire Bordelais de Recherche en Informatique
State of Containers and the Convergence of HPC and BigDatainside-BigData.com
In this deck from 2018 Swiss HPC Conference, Christian Kniep from Docker Inc. presents: State of Containers and the Convergence of HPC and BigData.
"This talk will recap the history of and what constitutes Linux Containers, before laying out how the technology is employed by various engines and what problems these engines have to solve. Afterward Christian will elaborate on why the advent of standards for images and runtimes moved the discussion from building and distributing containers to orchestrating containerized applications at scale. In conclusion attendees will get an update on how containers foster the convergence of Big Data and HPC workloads and the state of native HPC containers."
Learn more: http://docker.com
and
http://www.hpcadvisorycouncil.com/events/2018/swiss-workshop/agenda.php
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
About 94% of AI Adopters are planning to use containers in the next 1 year. What’s driving this exponential growth? Faster time to deployment and Faster AI workload processing are the two major reasons. You can use GPUs in big data applications such as machine learning, data analytics, and genome sequencing. Docker containerization makes it easier for you to package and distribute applications. You can enable GPU support when using YARN on Docker containers. In this talk, I will demonstrate how Docker accelerates the AI workload development and deployment over the IoT Edge devices in efficient manner
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
Accelerate your software development with DockerAndrey Hristov
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
DCSF 19 Accelerating Docker Containers with NVIDIA GPUsDocker, Inc.
Using the NVIDIA Container Runtime, many developers and enterprises have been developing, benchmarking and deploying deep learning (DL) frameworks, HPC and other GPU accelerated containers at scale for the last two years. In this talk, we will go over the architecture of the NVIDIA Container Runtime and discuss our recent close collaboration with Docker. The result of our collaboration with Docker is a seamless native integration of the runtime enabling Docker Engine 19.03 CE and the forthcoming Docker Enterprise release to run GPU accelerated containers. We will also highlight containerized NVIDIA drivers. This new feature eliminates the overhead of provisioning GPU machines and brings GPU support on container optimized operating systems, which either lack package managers for installing software or require all applications to run in containers. In this session, you will learn how GPU accelerated containers can be easily built and deployed through the use of driver containers and native support for GPUs in Docker 19.03. The session will include a demo of running a GPU accelerated deep learning container using the new CLI options in Docker 19.03 and containerized drivers. Running NVIDIA GPU accelerated containers with Docker has never been this easy!
Graphics processing unit or GPU (also occasionally called visual processing unit or VPU) is a specialized microprocessor that offloads and accelerates graphics rendering from the central (micro) processor. Modern GPUs are very efficient at manipulating computer graphics, and their highly parallel structure makes them more effective than general-purpose CPUs for a range of complex algorithms. In CPU, only a fraction of the chip does computations where as the GPU devotes more transistors to data processing.
GPGPU is a programming methodology based on modifying algorithms to run on existing GPU hardware for increased performance. Unfortunately, GPGPU programming is significantly more complex than traditional programming for several reasons.
Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019Karl Isenberg
Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas.
This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches.
You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes.
Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!
The internals and the latest trends of container runtimesAkihiro Suda
Containers are a set of various lightweight methods to isolate filesystems, CPU resources, memory resources, system permissions, etc. Containers are similar to virtual machines in many senses, but they are more efficient and often less secure. This talk roughly consists of the following three parts:
1. Introduction to containers and how they spread in the last decade
2. Internals of container runtimes: namespaces, cgroups, capabilities, seccomp, etc.
3. Latest trends: Non-Docker containers, User Namespaces, Rootless Containers, Kata Containers, gVisor, WebAssembly, etc.
http://www.cce.i.kyoto-u.ac.jp/danwa23.html
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
Similar to GPU Acceleration for Containers on Intel Processor Graphics (20)
A lot of Internet of things devices use linux as its core. More so with the advent of DIY projects and Internet of things projects. A lot of Raspberry PI's, Beaglebone, Tessel boards are out there with default settings, and all connected to the internet, ready to be taken over. With the recent dyn DNS attack its of prime importance to know how we can keep these end point devices secure and out of the hands of botnet hoarders, attackers. In this presentation Rabimba Karanjai will show how to harden the security on these endpint devices taking a RaspBerry PI as an example. He will explain different techniques with code examples along with a toolkit made specifically for this demo which will make devices considerable harder to compromise. And even when they are, will allow to locate and detect the breach. After all, proetcting the device fially protects us all (prevents another DDOS)
Kubernetes currently has two load balancing mode: userspace and IPTables. They both have limitation on scalability and performance. We introduced IPVS as third kube-proxy mode which scales kubernetes load balancer to support 50,000 services. Beyond that, control plane needs to be optimized in order to deploy 50,000 services. We will introduce alternative solutions and our prototypes with detailed performance data.
The Blockchain for the Internet of Things (IoT) has considered to "change the future." Despite a myriad of studies on the blockchain IoT, few studies have investigated how an IoT blockchain system develops with open source technologies, open standards, web technologies, and a p2p network. In this presentation, Jollen will share the Flowchain case study, an open source IoT blockchain project in Node.js; he will discuss the practice, the technical challenges, and the engineering experiences. Furthermore, to provide the real-time data transaction capabilities for current IoT requirements, he will utilize the "virtual block" idea to facilitate such technical challenges.
Secure Container solution is to enhance container security by isolating memory between Docker containers inside one VM with Intel VT-x EPT HW, which is highly effective to protect container’s memory and at the meantime defends ret2user privilege escalation attack that exploits kernel vulnerabilities (eg. CVE-2017-6074 UAF (use-after-free) vulnerability). It extends KVM interfaces which the guest OS can leverage to isolate container memory from other containers, and the interfaces rely on Intel VT-x EPT hardware extension and provide memory access protection for the container which sits in an isolated memory region. Each secure container has a dedicated EPT table rather than sharing one EPT table with guest OS, which enforces the cross-EPT memory access protection. The whole solution is user-friendly to fit in the existing cloud server infrastructure with very limited changes.
There are best practices to understand when building products from open source software, but there are a number of anti-patterns that crop up along the way. Product teams (from engineering to marketing) need to understand these patterns and practices to participate best in open source project communities and deliver products and services to their customers at the same time. These patterns hold regardless of whether the vendor created and owns the project or participates in projects outside their control.
Enterprise data centers have to support a diverse of set of workloads: cloud native, big data, high performance computing, and legacy applications. While cloud native applications are ideal to run in Docker clusters, bare metal and virtualization infrastructures must still be supported in the data center. The result is a proliferation of clusters and technologies running in individual silos, resulting in high management costs and low utilization. This talk describes the challenges and experiences in implementing a shared cluster infrastructure based on Kubernetes to support big data, high performance computing, and VM-based workloads. The talk will show the deployment and scaling of a high performance computing workload manager, Spark, and OpenStack, and how the VM and Docker management can be integrated together.
Failure injection is somewhat analogous to a vaccine. We want to inject these bad behaviours so our developers can build immunities to them. Can we inject failure scenarios into deployed systems to reduce platform risk Demonstrations of the Simian Army, Chaos Lemur and Locust.io tools will be presented.
Even when all of the individual services in a distributed system are functioning properly, the interactions between those services can cause unpredictable outcomes. Unpredictable outcomes, compounded by rare but disruptive real-world events that affect production environments, make these distributed systems inherently chaotic.
Presentation delivered at LinuxCon China 2017
Real-Time is used for deadline-oriented applications and time-sensitive workloads. Real-Time KVM is the extension of KVM(Linux Kernel-based Virtual Machine) to allow the virtual machines(VM) to be a truly Real-Time operating system.Users sometimes need to run low-latency applications(such as audio/video streaming, highly interactive systems, etc) to meet their requirements in clouds. NFV is a new network concept which uses virtualization and software instead of dedicated network appliances. For some use cases of telecommunications, network latency must be within a certain range of values. Real-Time KVM can help NFV meet this requirements.
In this presentation, Pei Zhang will talk about:
(1)Real-Time KVM introduction
(2)Real-Time cloud building
(3)Real-Time KVM in NFV: VM with openvswitch, dpdk and qemu’s vhostuser
(4)Performance testing results show
Presentation delivered at LinuxCon China 2016
UEFI HTTP/HTTPS Boot is a new feature of UEFI 2.5+. In the meantime, this feature is not yet implemented in any Linux bootloader. This Birds of a Feather session will give an introduction to UEFI HTTP/HTTPS Boot, and share a proof-of-concept implementation based on grub2 that works on both the emulator (QEMU/OVMF) and HPE ProLiant Gen10 servers.
For HTTPS, the experience and comparison will be shared between the purely software-based and UEFI-based implementations in the aspects of ease of implementation, security strength, and limitation.
Fully Automated Kubernetes Deployment and Management (Peng Jiang, Rancher Labs) - Kubernetes is rapidly gaining popularity as a powerful container orchestration and scheduling platform. But deploying and managing Kubernetes clusters is still a challenge for many organizations.How to ensure Kubernetes clusters in different clouds and data centers can communicate with each other? How to automate the deployment of multiple Kubernetes clusters? How to incorporate the new Kubernetes Federation into multi cloud and multi datacenter deployments? How to manage the health of Kubernetes cluster itself? etc.
In this talk, Peng will share his experience on how to automate and simplify Kubernetes deployments, and discuss how some of the latest community projects (such as kubeadm and self-hosting Kubernetes) will help address the problems in the future.
In the container ecosystem, there is perhaps no technology that has received more focus and attention than orchestration and scheduling. Mesos, Kubernetes, and Swarm have established themselves as the leading technology choices in this space.
In this talk, Sheng will discuss what he learned from working directly with hundreds of users who have deployed one of these frameworks. He will look at how these frameworks will continue to evolve and if there’re any gaps and opportunities in container orchestration and scheduling. Sheng will make a case that there are still room for innovation and new orchestration and scheduling frameworks will be created in the future. He will discuss what new frameworks might look like--the features, functionalities, and attributes that differentiate them from the mainstream frameworks today.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
4. 4
What Makes a Container?
Platform
Host OS
Namespaces
Control
groups
App
Libs
App
Libs
App
Libs
Platform
Hypervisor
App
Libs
App
Libs
Guest OS
App
Libs
Guest OS
Bare Metal Containers
Docker DockerDocker
VM Containers
(e.g. Clear Container)
5. 5
Path to GPU Containers
Bare Metal Containers VM Containers
GPU namespaces
GPU control groups
GPU virtualization technology
Integrate with container runtime
6. 6
GPU Namespace:
DRM Render Node
DRM/i915
Card# RenderD#
Xserver ComputeMedia
Xcode
Unprivileged
No mode-setting
Offscreen
3D
Privileged
Mode setting
Global gem flink
7. 7
GPU Namespace:
DRM Render Node
DRM/i915
RenderD#
Media
Xcode
Libs
Offscreen
3D
Libs
Compute
Libs
GPU
Contexts
Sharing happen with dmabuf only (no
global gem object on card0)
No need of creating another namespace
Expose DRM render nodes to provide
isolated views through device cgroup
e.g “docker run –device=/dev/dri/renderD128
–it debian”
Per-process hardware context in GPU
Hardware managed render context switch
8. 8
GPU CGroup
CPU Mem BlkIO Net GPU
container
Container
resource
manager
Cgroup
controller
container container container
…
Container-granule GPU resource control
9. 9
GPU CGroup
New subsystem: gpu_cgrp_subsys
Control knobs
gpu.shares (% share of GPU cycles, work in progress)
gpu.priority (workload priority in the system)
gpu.memory (maximum GPU memory size)
DRM/i915
Favor ‘shares/priority’ in workload scheduler
Enforce memory limitation (optionally for UMA graphics)
10. 10
Container Runtime Integration
{
“linux”: {
“devices”: [
{
“path”: “/dev/dri/renderD128”,
“type”: “c”,
“major”: 226,
“minor”: 128,
“fileMode”: 432,
“uid”: 0,
“gid”: 0
}
],
“resources”: {
…
“gpu”: {
“memory”: <max_mem_in_bytes>,
“prio”: <workload_priority>
}
}
}
RunC: an universal container runtime
Understand new gpu cgroup
Add new Linux resources config.json options for gpu
Runtime-tools helper to generate config stubs
New Docker GPU control parameters
e.g docker –gpu-mem=xxx –gpu-priority=xxx
–gpu-share=xxx …
11. 11
Image Portability
Main challenge - library compatibility
User level libraries MUST match underlying kernel/HW
Introduce Docker helper for image inspection
Compare image libraries with host environment
Reject to launch container upon any mismatch
12. 12
VM GPU Containers
DRM/i915
vGPU
Media
Xcode
Libs
GPU
vGPU vGPU
Intel GVT-g
Guest OS
Media
Xcode
Libs
Guest OS
Media
Xcode
Libs
Guest OS
CC VM CC VM CC VM Clear Container (CC)
Intel graphics virtualization technology
(Intel GVT-g)
Assign vGPU to VM container
In upstream Linux since v4.10
https://01.org/igvt-g
13. 13
VM GPU Containers
Nested containers in VM also have GPU access
Need Improvement:
Scalability
Only support 8vGPUs today due to resource partitioning
Need some enlightened way to further scale in the short term
Boot time
Full guest graphics driver load takes >1.5s
Fast optimization to <0.5s in progress
14. 14
Status
GPU cgroup PoC
https://github.com/zhenyw/linux
https://github.com/zhenyw/runc
https://github.com/zhenyw/moby
https://github.com/zhenyw/cli
GPU virtualization for Clear container
https://clearlinux.org/features/intel%C2%AE-clear-containers
https://github.com/01org/gvt-linux/wiki/Clear-Container-with-GVTg-Setup-Guide
