Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Hashicorp Vault - Manage Secrets and Protect Sensitive Data.
Vault is becoming the most popular tool to manage, secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
In this talk we will know the most powerful features of Hashicorp in both versions (OpenSource & Enterprise) and how we can implement a solution in our dynamic infrastructure.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
Talk of Skip Duckwall and I at BlackHat 2014 USA / Defcon Wall of Sheep.
Kerberos, and new pass-the-* feature, like overpass-the-hash and the Golden Ticket
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
[errata] For more information on DCSync and associated permissions, as well as AdminSDHolder and associated permissions, see Sean Metcalf's respective posts at https://adsecurity.org/?p=1729 and https://adsecurity.org/?p=1906 .
"An ACE Up the Sleeve: Designing Active Directory DACL Backdoors" was presented at BlackHat and DEF CON 2017.
Schema Registry 101 with Bill Bejeck | Kafka Summit London 2022HostedbyConfluent
If you were to ask any developer, ""what's a schema and where is it used?"" Most likely, you'd get an answer involving a relational database. The truth is the domain objects used in applications represent a contract, an implied schema, whether developers choose to acknowledge them or not. But even if you recognize the need for a formal schema, what's the best way to manage them?
This presentation will contain some theory and primarily practical application for schemas with Schema Registry. I'll briefly explain what a schema is and how it's very relevant to any application working with Kafka today. It will go into the practical, introducing Schema Registry, describing how it works and how developers can leverage it to provide schemas across an organization. The discussion will cover working with Schema Registry from the command line, how to leverage it with Kafka clients, and the supported serialization formats. Some established build tools that make life easier for the Kafka developer will also be covered.
Attendees will walk away with knowledge of Schema Registry and a solid understanding of how it works, how to integrate them into Kafka clients. They'll also learn enough about the supported serialization frameworks to start implementing schemas right away in their Kafka development efforts.
In addition to authorization policies that control what a user can do, OpenShift Container Platform gives its administrators the ability to manage a set of security context constraints (SCCs) for limiting pods and securing their cluster.
Default security context may be too restrictive for containers pulled down from DockerHub, thorugh this talk we'll explore the various steps to execute for enabling required permissions on selected OpenShift's pods.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Hashicorp Vault - Manage Secrets and Protect Sensitive Data.
Vault is becoming the most popular tool to manage, secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
In this talk we will know the most powerful features of Hashicorp in both versions (OpenSource & Enterprise) and how we can implement a solution in our dynamic infrastructure.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
Talk of Skip Duckwall and I at BlackHat 2014 USA / Defcon Wall of Sheep.
Kerberos, and new pass-the-* feature, like overpass-the-hash and the Golden Ticket
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
[errata] For more information on DCSync and associated permissions, as well as AdminSDHolder and associated permissions, see Sean Metcalf's respective posts at https://adsecurity.org/?p=1729 and https://adsecurity.org/?p=1906 .
"An ACE Up the Sleeve: Designing Active Directory DACL Backdoors" was presented at BlackHat and DEF CON 2017.
Schema Registry 101 with Bill Bejeck | Kafka Summit London 2022HostedbyConfluent
If you were to ask any developer, ""what's a schema and where is it used?"" Most likely, you'd get an answer involving a relational database. The truth is the domain objects used in applications represent a contract, an implied schema, whether developers choose to acknowledge them or not. But even if you recognize the need for a formal schema, what's the best way to manage them?
This presentation will contain some theory and primarily practical application for schemas with Schema Registry. I'll briefly explain what a schema is and how it's very relevant to any application working with Kafka today. It will go into the practical, introducing Schema Registry, describing how it works and how developers can leverage it to provide schemas across an organization. The discussion will cover working with Schema Registry from the command line, how to leverage it with Kafka clients, and the supported serialization formats. Some established build tools that make life easier for the Kafka developer will also be covered.
Attendees will walk away with knowledge of Schema Registry and a solid understanding of how it works, how to integrate them into Kafka clients. They'll also learn enough about the supported serialization frameworks to start implementing schemas right away in their Kafka development efforts.
In addition to authorization policies that control what a user can do, OpenShift Container Platform gives its administrators the ability to manage a set of security context constraints (SCCs) for limiting pods and securing their cluster.
Default security context may be too restrictive for containers pulled down from DockerHub, thorugh this talk we'll explore the various steps to execute for enabling required permissions on selected OpenShift's pods.
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Vault 1.1: Secret Caching with Vault Agent and Other New FeaturesMitchell Pronschinske
Since its first release in 2015, HashiCorp Vault has grown from a place to keep secrets to a platform that provides comprehensive secrets management, encryption as a service, and identity-based security for some of the largest organizations in the world. While Vault 1.0 saw auto-unseal become open source and introduced batch tokens improved performance, feature completeness, and enterprise readiness, Vault 1.1 focuses on building workflow enablement and increasing scaling and operations.
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
Do any VM's contain a particular indicator of compromise? E.g. Run a YARA signature over all executables on my virtual machines and tell me which ones match.
Automatically unseal Vault clusters as a Keybase team. We want to automate the unseal of our on-premise Vault clusters. How can we securely distribute Shamir unseal keys to the team so we can unseal our Vault when we are on-call? How did we initialize our production system in a such way that 2 out 4 people are needed to "unseal the Vault"?
We are using Keybase.io, and automated Vault on Consul cluster, with an Ansible/Vagrant environment to teach and practice.
- Vagrant (tested on Mac)
- Consul OSS
- Vault OSS
- Keybase (vault operator init, vault unseal, KBFS)
- Ansible (Brian Shumate's roles, custom roles)
- Packer (hardened Centos 7)
@bbaassssiiee
https://github.com/dockpack/keybase_unseal
https://github.com/dockpack/vault_dojo
How to create a multi tenancy for an interactive data analysis with jupyter h...Tiago Simões
With this presentation you should be able to create an architecture for a framework of an interactive data analysis by using a Cloudera Spark Cluster with Kerberos, a Jupyter machine with JupyterHub and authentication via LDAP.
Kubernetes Story - Day 1: Build and Manage Containers with PodmanMihai Criveti
OpenShift Workshop Day 1: https://www.youtube.com/watch?v=3IuaZu8-fsY - Build and Manage Containers with Podman
In this workshop you'll learn how to build and manage containers, publish images to Quay, then install and deploy containers onto OpenShift.
Configurações distribuídas com Spring Cloud ConfigEmmanuel Neri
Com as arquiteturas voltadas à microserviços um possível problema que possa vir a ocorrer durante o mantimento das aplicações é o gerenciamento de configurações, principalmente falando de aplicações Spring Boot onde temos grande parte das configurações baseados em arquivos, pode-se gerar um cenário repetitivo e desorganizado quando aplicado em várias aplicações. Com isso, essa palestra tem como objetivo apresentar uma solução para centralização dos arquivos de configuração em um serviço externo, possibilitando versionamento, reaproveitamento entre as aplicações, atualizações em runtime e criptografia nas propriedades de configurações utilizando o Spring Cloud Config.
Similar to HashiCorp Vault Workshop:幫 Credentials 找個窩 (20)
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
14. 7. execute ‘aws configure‘ to configure the credentials for your IAM user. Make sure this IAM User has
AdministratorAccess and run ‘aws sts get-caller-identity’ - you should be able to see the returned
JSON output like this.
14
19. Run Command in Cloud9
$ git clone https://github.com/Taipei-HUG/workshop.git
$ cd vault/CH00
$ ./step1.sh # get all binary
$ ./step2.sh # setup eks cluster
19
23. How do you rotate credentials?
● Create a new credential
● Rotate credentials one by one
● Delete old credential
● What if you have 10 components
connect to db?
23
26. Credential 1
Credential 2
1. Get Credential by access
token or other auth method
2. Access db via credential
Basic secret management
0. Admin create
credential
26
33. Credential 1
Credential 2
1. Get Credential by access
token or other auth method
2. Access db via credential
Basic secret management
0. User create
credential
33
34. Setup Vault on docker-compose
# Open cloud9 ide & see CH01/commands.txt
$ docker-compose up -d
$ export VAULT_ADDR=http://127.0.0.1:8080
$ export VAULT_TOKEN=my-root-token
$ vault status
34
35. Manipulate vault kv
$ vault kv list secret
$ vault kv put secret/first-secret foo=bar
$ vault kv list secret
$ vault kv get secret/first-secret
$ vault kv put secret/first-secret foo=bar test=true
$ vault kv metadata get secret/first-secret
$ vault kv delete secret/first-secret
$ vault kv metadata delete secret/first-secret
35
41. Request a dynamic credential Create a user with certain scope
Returns a credentialReturns a credential
Access database via the credential
Revoke the credential
Graceful
shutdown
Delete the user
User deletedCredential deleted
41
42. Setup Dynamic Secret
● See init.sh
● Setup Vault Dynamic Secret
● Integrate into our service
42
46. $ vault write database/roles/my-role
db_name=my-database
creation_statements=
"CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.* TO '{{name}}'@'%';"
default_ttl="1h"
max_ttl="2h"
46
47. 1. Request credential
---
$ vault read database/creds/my-role
2. Issue a dynamic
credential with TTL
by root credential
3. Get credential
4. Access db by dynamic credential
CREATE USER '{{name}}'@'%'
IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.*
TO '{{name}}'@'%';
Execute by
username=${MYSQL_ROOT_USERNAME}
password=${MYSQL_ROOT_PASSWORD}
47
51. Credential 1
Credential 2
1. Get Credential by access
token or other auth method
2. Access db via credential
Basic secret management
0. User create
credential
51
53. Kubernetes cluster
Deployment A
Deployment B
Credential 1
Credential 2
Role A - Policy A
Role B - Policy B
Credential 1
Credential 2
See more: Vault 與 Kubernetes 的深度整合
Vault
53
55. Put all together
● Dynamic Secret
● Kubernetes service authentication
● Limit permission scope
55
56. Ideal Credential Lifecycle
56
Service is Accessed
Application
1. Request Access Credential (Running)
2. Use the Credential to Access Service
3. Revoke the Credential
Credentials Only
Exist in Memory
59. ◉ When a Vault server is first
initialized, Vault generates a
master key
◉ Immediately splits this master
key into a series of key shares
following Shamir's Secret
Sharing Algorithm
Master Key
59
60. ◉ The master key is used to decrypt the
underlying encryption key
◉ Vault uses the encryption key to encrypt data
at rest in a storage backend like the filesystem
or Consul
Encryption Key
60
61. ◉ Vault never stores the master key, therefore,
the only way to retrieve the master key is to
have a quorum of unseal keys re-generate it.
Seal/Unseal
61
62. Practice (1/3)
# switch to CH03 folder
~$ cd vault/CH03
# boot vault server and login it
~$ ./start_local_vault.sh
# check vault status
~$ vault status
Key Value
--- -----
Seal Type shamir
Initialized false
Sealed true
Total Shares 0
Threshold 0
Unseal Progress 0/0
Unseal Nonce n/a
Version n/a
HA Enabled false
62
64. Practice (3/3)
# unseal vault
# repeat 3 times
~$ vault operator unseal
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed true
Total Shares 5
Threshold 3
Unseal Progress 1/3
Unseal Nonce
a0dfd3da-0fcb-0268-baba-ef4cbe
5550bc
Version 1.1.2
HA Enabled false
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 5
Threshold 3
Version 1.1.2
Cluster Name
vault-cluster-59fe6b22
Cluster ID
81a9858f-a363-74c7-931b-ec2b0f42
6e08
HA Enabled false 64
65. ◉ AliCloud KMS, Amazon KMS, Azure Key Vault,
and Google Cloud KMS
Auto-Unseal
65
67. Practice (2/6)
◉ Append seal config section into config/default.hcl
…
seal "awskms" {
region = "us-west-2"
kms_key_id = "xxxxxxxx-wwww-xxxx-zzzz-yyyyyyyyyyyy"
}
67
68. Practice (3/6)
◉ Add AWS AK/SK into .env file
VAULT_ADDR=http://127.0.0.1:8200
AWS_ACCESS_KEY_ID=DFJLSFKJLD8358KJLJK8
AWS_SECRET_ACCESS_KEY=JioeuJek7+jgJLIUJWTYSfv3rr49JRoqt
68
69. Practice (4/6)
# restart vault server
~$ ./restart_local_vault.sh
# check vault status
~$ vault status
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed true
Total Recovery Shares 5
Threshold 3
Unseal Progress 0/3
Unseal Nonce n/a
Seal Migration in Progress true
Version 1.1.2
HA Enabled false
69
70. Practice (5/6)
# seal migration
# repeat 3 times
~$ vault operator unseal -migrate
Unseal Key (will be hidden):
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 5
Threshold 3
Version 1.1.2
Cluster Name
vault-cluster-59fe6b22
Cluster ID
81a9858f-a363-74c7-931b-ec2b0f42
6e08
HA Enabled false
70
71. Practice (6/6)
# exit vault server container by Ctrl+D
# restart vault server
~$ ./restart_local_vault.sh
# check vault status
~$ vault status
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 5
Threshold 3
Version 1.1.2
Cluster Name
vault-cluster-59fe6b22
Cluster ID
81a9858f-a363-74c7-931b-ec2b0f42
6e08
HA Enabled false
71
79. Practice (3/3)
# login user and use the token
~$ unset VAULT_TOKEN
~$ vault login -method=userpass username=smalltown
password=12345678
# try to get the database credentials
~$ vault kv get kv/stag/database/admin
~$ vault kv get kv/prod/database/admin
79
84. Practice (4/4)
# exit vault server container by Ctrl+D
# restart vault server
~$ ./restart_local_vault.sh
# check vault status
~$ vault status
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 5
Threshold 3
Version 1.1.2
Cluster Name
vault-cluster-59fe6b22
Cluster ID
81a9858f-a363-74c7-931b-ec2b0f42
6e08
HA Enabled true
HA Cluster
https://vault-workshop.hub.internal:
444
HA Mode active 84
95. Telemetry
◉ The Vault server process collects various
runtime metrics about the performance of
different libraries and subsystems.
◉ To view the telemetry information, you must
send a signal to the Vault process
◉ Also can be streamed directly from Vault to a
range of metrics aggregation solutions
95