Slides from webinar by Mirantis about how to build a basic edge cloud using surveillance cameras. Watch the webinar recording at: https://bit.ly/mirantis-edge-cloud
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
Use case of Kubernetes based NFV infrastructure used in production to run an open source evolved packet core. Presented by Facebook Connectivity and Mirantis at KubeCon + CloudNativeCon Europe 2020.
Comparison of Current Service Mesh ArchitecturesMirantis
Learn the differences between Envoy, Istio, Conduit, Linkerd and other service meshes and their components. Watch the recording including demo at: https://info.mirantis.com/service-mesh-webinar
The How and Why of Container Vulnerability ManagementTim Mackey
As presented at OpenShift Commons Sept 8, 2016.
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and associated network defenses. Since those defenses are reactive to application issues attackers choose to exploit, it’s critical to have visibility into both what is in your container library, but also what the current state of vulnerability activity might be. Current vulnerability information for container images can readily be obtained by using the scan action on Atomic hosts in your OpenShift Container Platform.
In this session we’ll cover how an issue becomes a disclosed vulnerability, how to determine the risk associated with your container usage, and potential mitigation patterns you might choose to utilize to limit any potential scope of compromise.
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
Use case of Kubernetes based NFV infrastructure used in production to run an open source evolved packet core. Presented by Facebook Connectivity and Mirantis at KubeCon + CloudNativeCon Europe 2020.
Comparison of Current Service Mesh ArchitecturesMirantis
Learn the differences between Envoy, Istio, Conduit, Linkerd and other service meshes and their components. Watch the recording including demo at: https://info.mirantis.com/service-mesh-webinar
The How and Why of Container Vulnerability ManagementTim Mackey
As presented at OpenShift Commons Sept 8, 2016.
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and associated network defenses. Since those defenses are reactive to application issues attackers choose to exploit, it’s critical to have visibility into both what is in your container library, but also what the current state of vulnerability activity might be. Current vulnerability information for container images can readily be obtained by using the scan action on Atomic hosts in your OpenShift Container Platform.
In this session we’ll cover how an issue becomes a disclosed vulnerability, how to determine the risk associated with your container usage, and potential mitigation patterns you might choose to utilize to limit any potential scope of compromise.
Secure Application Development in the Age of Continuous DeliveryTim Mackey
As delivered at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentDevOps.com
Today, running applications in the cloud is a must-have. But that doesn’t mean it’s risk-free. In this webinar, CircleCI and xMatters will discuss security issues in the application lifecycle, and demo solutions so your team can be confident you’re deploying safely and securely. Join to understand:
Common risks and vulnerabilities in cloud deployments
Patterns and best practices for ease of testing and deployment management
How CircleCi and xMatters make deploying to cloud (especially multi-cloud environments) safer and more secure
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDocker, Inc.
Docker Enterprise got a big upgrade this year with Calico 3.5 for its Kubernetes networking! One of the most exciting new features is the ability to build Zero Trust Kubernetes networks with Calico Application Layer Policy in concert with Istio service mesh. Zero Trust networking is a way to build distributed applications such that they maintain security, even when containers, or the network itself, is compromised.
Starting with Docker Enterprise, they will demonstrate some common network attacks such as IP address spoofing and certificate exfiltration, then demonstrate building a Zero Trust network (by installing Istio and Application Layer Policies) for the application. They will show how this Zero Trust network repels all the demonstrated attack strategies and explain how to build and maintain a Zero Trust network for your own applications.
Security Patterns for Microservice Architectures - London Java Community 2020Matt Raible
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Containers have been crucial in helping organizations orchestrate their infrastructure requirements. The scalability and reproducibility aspects of containerized environments have enabled applications and web components to be deployed seamlessly in the cloud. While containers have multiple benefits, they also come with distinct security issues, resulting in attackers gaining access to the container, the host, and eventually the data. The first step towards implementing Container Runtime Security is to understand the current threat scenarios and adversary trends affecting the cloud containers. To aptly evaluate the container threat landscape in any environment, an attack matrix should be formulated to ensure that relevant techniques and tactic are identified for every attack stage.
The ATT&CK framework from MITRE has been a go-to framework to formulate a threat matrix, identify an adversary’s tactics and methods/techniques used to attain their end game of privilege escalation or data exfiltration. This presentation is targeted towards:
Today’s container runtime security landscape
Apply ATT&CK methodology on the container runtime environment
Provide a practical approach towards attack surface, scenarios, and attack trends
Validations and Security Best Practices
Handling health care info for patients requires a high level of security and confidentiality. Running a Cloud Native platform opens a lot of possibilities, but also a lot of dangerous pitfalls.
In this talk we will explore different problem areas, and some of the best practices for handling these. We will look at Open Source tools for automatic detection, enforcing security policies and security reporting for auditing. We will also talk about the easy options, the full package, and the managed package.
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
Contiv provides a higher level of networking abstraction for microservices: it provides built-in service discovery and service routing for scale out services, working with schedulers like Docker Swarm, Kubernetes, Mesos and Nomad. We will see some code examples, basic use cases and an easy tutorial on the web.
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Istio is a service mesh—a modernized service networking layer that provides a transparent and language-independent way to flexibly and easily automate application network functions. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes containers.
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
As presented at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Moving to microservices brings promises of application modernization and agile applications development and deployment, but it also brings new challenges in managing these environments. Nowhere are these challenges more of an issue than with traffic management and security of microservices environments, especially in those which require high-volume, high-reliability, and high-security such as with financial services applications.
In this session we’ll go through the basics of microservices traffic management challenges, North/South vs East/West traffic, managing each with ingress and service meshes, and some best practice guidelines with microservices traffic management.
Guy Podjarny breaks into a vulnerable serverless application and exploits multiple weaknesses, helping better understand some of the mistakes people make, their implications, and how to avoid them.
Video available on: https://www.infoq.com/presentations/serverless-security-2017
Continuous (Non-)Functional Testing of Microservices on K8sQAware GmbH
Code Days, February 2021, talk by Mario-Leander Reimer (@LeanderReimer, Chief Software Architect at QAware)
== Please download slides if blurred! ==
Abstract: Continuous delivery is everywhere. Well, not quite! Many teams still fail to continuously deliver well tested and stable product increments to production. Usually with the same old excuse: these high-level tests are too laborious and expensive to implement. But the opposite could be the case! This session will highlight the challenges and importance of early (non-)functional testing for cloud-native applications. Then, we will show how easy it is to implement continuous performance, security and acceptance tests for microservices based on K8s.
Kubernetes Cloud Native Jakarta Online Meetup #18
At this talk, i will give story about how to securing kubernetes using kubernetes goat playground with demo.
Url: https://www.meetup.com/jakarta-kubernetes/events/272455638/
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureAlexandra N. Martinez
Join us for this meetup where Jitendra Bafna (Jacky) will be talking about Anypoint VPC, VPN and DLB Architecture. He will mention the best practices, some use cases, and a live demo!
Application security meetup k8_s security with zero trust_29072021lior mazor
The "K8S security with Zero Trust" Meetup is about K8s posture Management and runtime protection, ways to secure your software supply chain, Managing Attack Surface reduction, and How to secure K8s with Zero-Trust.
Secure Application Development in the Age of Continuous DeliveryTim Mackey
As delivered at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentDevOps.com
Today, running applications in the cloud is a must-have. But that doesn’t mean it’s risk-free. In this webinar, CircleCI and xMatters will discuss security issues in the application lifecycle, and demo solutions so your team can be confident you’re deploying safely and securely. Join to understand:
Common risks and vulnerabilities in cloud deployments
Patterns and best practices for ease of testing and deployment management
How CircleCi and xMatters make deploying to cloud (especially multi-cloud environments) safer and more secure
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDocker, Inc.
Docker Enterprise got a big upgrade this year with Calico 3.5 for its Kubernetes networking! One of the most exciting new features is the ability to build Zero Trust Kubernetes networks with Calico Application Layer Policy in concert with Istio service mesh. Zero Trust networking is a way to build distributed applications such that they maintain security, even when containers, or the network itself, is compromised.
Starting with Docker Enterprise, they will demonstrate some common network attacks such as IP address spoofing and certificate exfiltration, then demonstrate building a Zero Trust network (by installing Istio and Application Layer Policies) for the application. They will show how this Zero Trust network repels all the demonstrated attack strategies and explain how to build and maintain a Zero Trust network for your own applications.
Security Patterns for Microservice Architectures - London Java Community 2020Matt Raible
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Containers have been crucial in helping organizations orchestrate their infrastructure requirements. The scalability and reproducibility aspects of containerized environments have enabled applications and web components to be deployed seamlessly in the cloud. While containers have multiple benefits, they also come with distinct security issues, resulting in attackers gaining access to the container, the host, and eventually the data. The first step towards implementing Container Runtime Security is to understand the current threat scenarios and adversary trends affecting the cloud containers. To aptly evaluate the container threat landscape in any environment, an attack matrix should be formulated to ensure that relevant techniques and tactic are identified for every attack stage.
The ATT&CK framework from MITRE has been a go-to framework to formulate a threat matrix, identify an adversary’s tactics and methods/techniques used to attain their end game of privilege escalation or data exfiltration. This presentation is targeted towards:
Today’s container runtime security landscape
Apply ATT&CK methodology on the container runtime environment
Provide a practical approach towards attack surface, scenarios, and attack trends
Validations and Security Best Practices
Handling health care info for patients requires a high level of security and confidentiality. Running a Cloud Native platform opens a lot of possibilities, but also a lot of dangerous pitfalls.
In this talk we will explore different problem areas, and some of the best practices for handling these. We will look at Open Source tools for automatic detection, enforcing security policies and security reporting for auditing. We will also talk about the easy options, the full package, and the managed package.
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
Contiv provides a higher level of networking abstraction for microservices: it provides built-in service discovery and service routing for scale out services, working with schedulers like Docker Swarm, Kubernetes, Mesos and Nomad. We will see some code examples, basic use cases and an easy tutorial on the web.
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Istio is a service mesh—a modernized service networking layer that provides a transparent and language-independent way to flexibly and easily automate application network functions. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes containers.
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
As presented at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Moving to microservices brings promises of application modernization and agile applications development and deployment, but it also brings new challenges in managing these environments. Nowhere are these challenges more of an issue than with traffic management and security of microservices environments, especially in those which require high-volume, high-reliability, and high-security such as with financial services applications.
In this session we’ll go through the basics of microservices traffic management challenges, North/South vs East/West traffic, managing each with ingress and service meshes, and some best practice guidelines with microservices traffic management.
Guy Podjarny breaks into a vulnerable serverless application and exploits multiple weaknesses, helping better understand some of the mistakes people make, their implications, and how to avoid them.
Video available on: https://www.infoq.com/presentations/serverless-security-2017
Continuous (Non-)Functional Testing of Microservices on K8sQAware GmbH
Code Days, February 2021, talk by Mario-Leander Reimer (@LeanderReimer, Chief Software Architect at QAware)
== Please download slides if blurred! ==
Abstract: Continuous delivery is everywhere. Well, not quite! Many teams still fail to continuously deliver well tested and stable product increments to production. Usually with the same old excuse: these high-level tests are too laborious and expensive to implement. But the opposite could be the case! This session will highlight the challenges and importance of early (non-)functional testing for cloud-native applications. Then, we will show how easy it is to implement continuous performance, security and acceptance tests for microservices based on K8s.
Kubernetes Cloud Native Jakarta Online Meetup #18
At this talk, i will give story about how to securing kubernetes using kubernetes goat playground with demo.
Url: https://www.meetup.com/jakarta-kubernetes/events/272455638/
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureAlexandra N. Martinez
Join us for this meetup where Jitendra Bafna (Jacky) will be talking about Anypoint VPC, VPN and DLB Architecture. He will mention the best practices, some use cases, and a live demo!
Application security meetup k8_s security with zero trust_29072021lior mazor
The "K8S security with Zero Trust" Meetup is about K8s posture Management and runtime protection, ways to secure your software supply chain, Managing Attack Surface reduction, and How to secure K8s with Zero-Trust.
Tampere Docker meetup - Happy 5th Birthday DockerSakari Hoisko
Part of official docker meetup events by Docker Inc.
https://events.docker.com/events/docker-bday-5/
Meetup event:
https://www.meetup.com/Docker-Tampere/events/248566945/
Ionic Native: Native-powered apps, without the hassleIonic Framework
Join us for a live walkthrough of Ionic Native, a curated library of over 250 Community and Premier native solutions and plugins, delivering everything you need to build amazing cross-platform experiences from Day One.
View the presentation here: https://ionicpro.wistia.com/medias/bacos4ktbn
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
AWS live hack: Docker + Snyk Container on AWSEric Smalling
Slides from session 3 of the Snyk AWS live hack series
Dec 15, 2021 with Eric Smalling, Dev Advocate at Snyk, and Peter McKee, Head of Dev Relations & Community at Docker.
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds
Attendees spent the day with SolarWinds learning how to get the most out of our network, systems, database, compliance and security products, and IT support tools. We discussed how we responded to the recent security incident, and how we’re moving forward with our Secure by Design approach. Our system engineers dove into the technical details, reviewed new products and features, and demonstrated configuration and integration points.
Presentation topics included technical updates on the following:
- Network management products and scaling the Orion® Platform
- Systems and database monitoring products
- Security and compliance products
- SolarWinds ITSM and support tools
SUGCON: The Agile Nirvana of DevSecOps and ContainerizationVasiliy Fomichev
Sitecore deployments are traditionally relatively expensive due to the technological and architectural limitations. The introduction of a containerized hosting model is a game-changer in the Sitecore DevOps story. It allows DevOps teams to enable delivery security features, and reduce deployment cycles through automation, by activating DevSecOps strategies. This flexibility or cost-efficiency of containerized deployments allows DevOps and engineering teams to focus on and align around business value, rather than being handicapped by the legacy technology and systems. In this session we will walk the attendees through the benefits of a DevSecOps pipeline to IT, development teams, and their business leadership and show what it takes to migrate to the AKS-hosted infrastructure from an on-premise setup. We will present a reference design for an automated DevSecOps pipeline that focuses on security, quality, and speed. The session will cover the learnings from a major healthcare technology and research company that has gone through this shift and highlight the impact they experienced on the infrastructure, solution architecture, DevOps pipeline, processes and internal resources - Infrastructure: we will provide a feature overview of Azure vs AWS as it relates to a containerized Sitecore implementation, covering risks, cons, and pros associated with each and the cost estimation process for AKS. Sitecore Topology: we will cover the steps for changing Sitecore default AKS topology for maximum cost efficiency, and flexibility. DevOps pipeline: we will cover the automation that is required to move towards DevSecOps with environment creation via Infrastructure as Code, disaster recovery, and zero-downtime fully automated deployments to production. Processes and team changes: We will present how the new DevSecOps pipeline will affect internal processes and what internal support team changes are required to continue managing the new infrastructure and release pipeline.
2019 03 products customer partner webinar | March 2019MarkSilvester11
M.J. Johnson, Acquia’s Sr. Director of Product Marketing, will walk through recent feature updates that will help you:
Achieve speed and agility by launching and managing sites with minimal time, effort, and code.
Drive business results by leveraging data and content to connect with audiences.
Reduce cost of ownership with an efficient, reliable infrastructure that scales.
Deliver the lowest business risk by adhering to high standards for security and compliance.
Acquia Platform Update: New Features and CapabilitiesRachel Wandishin
It’s that time of the quarter again! Join us for 30 minutes (plus Q&A) to hear about all of the new Acquia Platform enhancements and capabilities that have been released in Q1, and are already available to you TODAY.
M.J. Johnson, Acquia’s Sr. Director of Product Marketing, will walk through recent feature updates that will help you:
-Achieve speed and agility by launching and managing sites with minimal time, effort, and code.
-Drive business results by leveraging data and content to connect with audiences.
-Reduce cost of ownership with an efficient, reliable infrastructure that scales.
-Deliver the lowest business risk by adhering to high standards for security and compliance.
Specific discussion topics will include: Improvements to Acquia Cloud, Acquia Developer Tools, Acquia Edge, Acquia Lift, Acquia DAM, Acquia Lightning and much more.
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
A practical guide to building secure composable SaaS solutions with Sitecore in the cloud. Learn the methodology, process, and get the blueprints for building secure exterprise applications with Sitecore XM Cloud in Azure Cloud.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
Learn how to ease the burden of Kubernetes operational challenges with DevOpsCare, powered by Lens. Get seamless visibility into monitoring, managing and security your cloud native apps. Automate in CI/CD and find out policy-based best practices so developers can go back to building applications.
Are you worried about granting too much access to resources on your Kubernetes cluster? With the extensible framework of Kubernetes, there is scarcely a day without a new tool popping up. In order to ensure the tools, users, and applications have appropriate security policies, a streamlined onboarding process is required.
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
OpenStack Austin discussion from Spring, 2016, with Sean Collins, Niki Acosta, Nick Chase, Xiaoping Chen, Alexander Adamov discussing issues such as security, architecture, and other technical and social issues.
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
We tend to split the cloud world today into just two paradigms - public and private. Public works. Private doesn’t…. Or so says Gartner. Let’s compare side by side.
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
Keynote by Joe Weinman, author of Cloudonomics and Digital Disciplines, at OpenStack Silicon Valley 2015.
Joe wraps the event by delineating four generic strategies used by leading tech companies and traditional blue chips to leverage a variety of information technologies: information excellence, i.e., better processes; solution leadership, i.e., cloud-connected smart, digital products and services; collective intimacy, i.e., big-data-based algorithms to enhance customer relationships; and accelerated innovation through open source, challenges, and innovation networks.
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
Keynote by Lachlan Evenson, Team Lead of Cloud Platform Engineering at Lithium Technologies, at OpenStack Silicon Valley 2015.
Application developers are rapidly moving to container-based models for dynamic service delivery and efficient cluster management. In this session, we will discuss a OpenStack production environment that is rapidly evolving to leverage a hybrid cloud platform to deliver containerized micro services in a SaaS Development/Continuous Integration environment. Kubernetes is being used to simplify and automate the service delivery model across the public/private (OpenStack, AWS, GCE) environments and is being introduced in a way that eliminates extra overhead and engineering effort. Lithium is actively contributing to key open source upstream projects and working closely with its engineering/development teams to optimize software efficiency with an elastic cloud architecture that delivers on the benefits of cloud automation.
OpenStack: Changing the Face of Service DeliveryMirantis
Keynote by Lew Tucker, VP and CTO of Cloud Computing at Cisco, at OpenStack Silicon Valley 2015.
As more companies move to software-driven infrastructures, OpenStack opens up new possibilities for traditional network service providers, media production, and content providers. Micro-services, and carrier-grade service delivery become the new watchwords for those companies looking to disrupt traditional players with virtualized services running on OpenStack.
Keynote by Diane Bryant, SVP and GM of the Data Center Group at Intel, at OpenStack Silicon Valley 2015.
Cloud computing provides tremendous agility and efficiency to organizations are the driver of the digital service economy. In her keynote, Diane Bryant will discuss how Intel was an early leader in adoption of cloud computing under her tenure as CIO and how this experience has shaped broader strategy to deliver tens of thousands of new clouds across the enterprise with Intel’s new Cloud for All Initiative. Attendees can expect to learn about OpenStack’s critical role in shaping the future of the enterprise data center and learn more about key industry efforts to drive enterprise readiness to the OpenStack platform.
Containers for the Enterprise: It's Not That SimpleMirantis
Keynote by Alex Polvi, CEO of CoreOS, at OpenStack Silicon Valley 2015.
Containers are rapidly finding their way into enterprise data centers. But enterprises like to consume complete products. How do technologies like containers make their way from hyperscale ubiquity to enterprise nirvana? Alex offers some clues.
Protecting Yourself from the Container ShakeoutMirantis
Keynote by Boris Renski, Co-Founder and CMO of Mirantis, and Lachlan Evenson, Team Lead of Cloud Platform Engineering at Lithium Technologies, at OpenStack Silicon Valley 2015.
The Docker-fueled container craze is much less of a threat to VMs or OpenStack than it is to PaaS vendors. The story of “do it the way Google does it” is proving just as tough to monetize with enterprises as commodity cloud was. Boris will talk about OpenStack as a “safe harbor” from the coming container shakeout, leveraging the project’s maturity as a place to try various container strategies until the winner emerges.
Lachlan Evenson of Lithium will join Boris to share how Lithium deployed Kubernetes on OpenStack.
Keynote by James Staten, Chief Strategist of the Cloud + Enterprise division of Microsoft, at OpenStack Silicon Valley 2015.
Clinton campaign manager James Carville reminded his team often that driving change came through winning the hearts and minds of the people and where government affects them the most: “It’s the economy, stupid.” In helping enterprises make the shift to cloud, the biggest issue isn’t the technology but the process change organizations have to go through that determine success. In this session, James Staten, chief strategist for the Microsoft Cloud+Enterprise division, and former lead cloud analyst at Forrester Research will share his findings and recommendations for helping enterprise organizations, particularly IT Orgs, successfully navigate a change to the cloud.
Keynote by OpenStack Foundation Executive Director Jonathan Bryce at OpenStack Silicon Valley 2015.
Hundreds of companies are running millions of cores in production with OpenStack. The work continues, but the platform is mature. Now, the community is evolving OpenStack into a platform for innovation—a reliable environment in which to test, try and adopt new technologies as they prove themselves.
Amit Tank of DIRECTV will join Jonathan Bryce to discuss his organization's plans for using OpenStack as the one platform for integration of VMs, containers and emergent technologies down the road.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
2. 2
Nick Chase
Head of Technical
Content
Featured Presenters
Lost his glasses over the weekend when one of his goats
head butted him in the face. The goat won.
Marc Meunier
Technical Strategic
Alliances Director
Loves the outdoors and woodworking… especially
outdoors.
3. 3
A Little Housekeeping
● Please submit questions in the
Questions panel.
● We’ll provide a link where you
can download the slides at the
end of the webinar.
4. 4
● What is edge and why should I care?
○ Demo of an actual edge app in action
● Edge challenges
○ Scaling
○ Security
○ Heterogeneous compute
● Sample use cases
● Q&A
Agenda
6. 6
Where are my apps?
West
HQ - Central
Control
East
FactoryStore
EMEA
Lower resiliency
Higher cost to move data
Higher latency
7. 7
High level architecture picture - end to end
West
HQ - Central
Control
East
Face
Identification
EMEA
Lower resiliency
Higher cost to move data
Higher latency
Face
Detection Security
Cameras
Log strangers and
send an alert
8. 8
App developer: Develops the apps, tests the apps
and pushes it to the repository
Operator: Deploys the app where it makes sense:
Cloud, Edge, IOT, or in between.
Why containers at the Edge?
9. 9
High level architecture picture - end to end
West
HQ - Central
Control
East
Face
Identification
EMEA
Lower resiliency
Higher cost to move data
Higher latency
Face
Detection Security
Camera
Log strangers and
send an alert
12. 12
Distributed Supply Chain supports Localized Edge Content
• Enable “follow the sun” development with
secure image promotion and image
caching
• Rapidly update software when new
patches need to be distributed globally
KEY BENEFITS
• Image mirroring: Push and pull images
from one registry to another based on
pre-defined policies
• Image caching: Extend the registry to a
local cache while maintaining secure
posture via encryption and access controls
FEATURE / CAPABILITY
13. Core Cloud / Datacenter
Application Registry
Push1
Edge Gateway
Registry
Mirror
Only approved apps are
mirrored
3
4
Employee
Stage and
Promote2
Typical application flow
Stage and
push
Update on demand
Secure Engine
End Devices
5
From SW source to End Device
Fog Site
ISVs
14. Core Cloud / Datacenter
Application Registry
Push1
Edge Gateway
Registry
Mirror
Only approved apps are
mirrored
3
4
Employee
Stage and
Promote2
Typical application flow
Stage and
push
Update on demand
Secure Engine
End Devices
5
From SW source to End Device
Fog Site
ISVs
15. Core Cloud / Datacenter
Docker Trusted
Registry
Sign,
Push
1
Edge Gateway
Registry
Mirror
Mirror Signed images to
the Edge
3
Encrypted
connections
4
• Extending the HW root of Trust to Runtime
Engine
• Leveraging HW keys to secure
communication
• Image integrity validation in Docker Engine
Employee
Scan, Sign, and
Promote2
Expanding Chain of Trust to edge Devices
Validate
Edge
Devices
Validate source of images
Secure Engine
Edge Devices
5
From SW source to End Device
Fog Site
ISVs
17. 17
Extending the HW root of trust
Edge
Node
Docker Engine daemon.json
Trust from
tboot
OS Kernel
Tboot
Bootloader
BIOS
Hardware with TPM
Trust from TXT
18. 18
Validating Signed Images in End Nodes
Edge
Node
Data
Center
Docker
Engine
Trust
from
Docker
Enterprise
Docker Engine daemon.json
Trust from
tboot
OS Kernel
Tboot
Bootloader
BIOS
Hardware with TPM
Trust from TXT
Trust from Docker Content Trust
19. 19
Security in a Heterogeneous World
PARSEC Platform Agnostic Security Layer
PARSEC
Client Library
PARSEC
Client Library
PARSEC
Client Library
24. 24
Case study: Customer environments managed by SI
Customer Site #1
Fog
Compute
Nodes
Registry
Mirror
Camera GPS Activator
Local
Actions
Local Compute
Data Locality
Real Time
Customer Site #2
Fog
Compute
Nodes
Local
Registry
Camera GPS Activator
Local
Actions
Control
Plane
Registry
CloudIntermittent
Connectivity
3G/4G
Node NodeNodeNode Node Node
Control
Plane
Control
Plane
Air Gapped
25. 25
Learn how Mirantis and Intel are
partnering to harden container
infrastructure and backend
connectivity.
Download from:
bit.ly/secure-docker-containers
White Paper
26. 26
Thank You
Q&A
We’d love to hear from you!
Nick Chase nchase@mirantis.com
Marc Meunier mmeunier@mirantis.com
Download the slides from bit.ly/mirantis-edge-demo
We’ll email you the slides & recording later this week.