In most current microservice-based architectures, the machine images powering the microservice are quite traditional: a full software stack from operating system to application, which takes significant resources to host and plenty of time to start and stop. As a result, most current microservice workloads are persistent, having to start before they are needed and sitting idle when there’s no work to do. This wastes precious resources and slows the application’s ability to scale out as workloads require.
The arrival of lightweight technologies like Docker and containers have opened the door to lighter workloads in the microservice arena, but the advent of unikernels might be a game changer. These ultralight, highly secure workloads combine the entire software stack—from operating system functions to application—into a single, tiny package that runs directly on a hypervisor. Start times for many unikernel-based VMs can be measured in milliseconds, raising the question: why waste time and resources with persistent microservices? Why not consider transient microservices, which appear when there is something to do and disappear immediately thereafter?
While the use of transient microservices could free up much computing power, it will also change the architecture and orchestration of software solutions. The concept of services that may have a lifetime measured in seconds—or less—does not currently exist in popular cloud-based systems.
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...The Linux Foundation
Xen Project Evangelist Russell Pavlicek's presentation at the Unikernel User Summit at Texas Linux Fest 2015. An overview of the world of unikernels and their importance for the future. Beyond Docker and containers, unikernels are smaller, lighter, and more secure than any workload currently in the cloud.
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...The Linux Foundation
This talk will give an overview of Unikernel technology: what they are, why they are important, and what challenges and innovations are likely to appear in the future. We will discuss the nature of the Unikernel, what capabilities it brings to the table, and how it changes the nature of the cloud as we know it.
UPDATED OCTOBER 2015: Unikernels are small, fast, easily deployable, and very secure application stacks. Lacking a traditional operating system layer, they provide a new way of looking at the cloud which goes beyond the methodologies used by Docker and other container technologies.
This is an update of the deck as delivered by Russell Pavlicek. This includes some ground-breaking work done in the Rump Kernel project to bring web servers, database, and scripting language into the world of Unikernels.
Deck result of the Ohio Linuxfest 2015 in Columbus, OH.
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, GaloisThe Linux Foundation
Over the last several years, I and others have talked about the promise of unikernels — single-purpose, lightweight virtual machines — in the cloud. However, all of these talks have simply presented our architectures and speculated about their usefulness. Over the last several years, Galois has actually been using unikernels to implement interesting components in critical systems: non-bypassable encryption components, network monitors and alarms, platform obfuscation capabilities, Tor nodes, network re-routers, and so on. In this talk, I will speak briefly on each of them and ask the question: Was a unikernel a good platform for this project? If so, why? If not, why not? What are the general rules we can infer about when unikernels are useful, and what part of the cloud ecosystem they are best suited to serve?
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...The Linux Foundation
Unikernels are a burgeoning technology, ripe for deployment in a range of situations, from cloud-hosted microservices to Internet-of-Things platforms. By compiling and linking only the required code, they offer a range of benefits over traditional OS-hosted deployments, notably efficiency and, through smaller attack surfaces, security. While increasing in maturity, to date they have remained something of a technologists' choice: technically compelling but requiring considerable effort to build, deploy and use.
To address this, some in the community have spent time trying to integrate unikernel management with the popular Docker container management stack. By enabling unikernels to be managed using the standard Docker command line tools, we bring all the ease-of-use and common understandings of that toolchain to bear on this exciting technology.
After giving some context to the challenges faced, we will demonstrate building and running a simple LAMP-like stack using Docker to build and manage Rumprun and MirageOS Unikernels.
Thanks to Amir Chaudhry, Justin Cormack, Martin Lucina, Mindy Preston and Jeremy Yallop for assistance in building this demo!
Xen Project Evangelist Russell Pavlicek talks about how the growing area of hypervisor-leveraging unikernels will help redefine the cloud.
MAJOR UPDATE: Deck is now the result of 2015 Ohio Linuxfest, about a year after the initial talk. Deck now contains almost twice as much information as the original talk.
Unikernels are constructed by combining application code with only the operating system components necessary for that code to run. The result is a highly specialized, single-purpose application which can be deployed directly to the cloud or onto IoT-like devices. Unikernels reduce software complexity by only including code that is required, resulting in portable applications with much smaller footprints and fast boot times.
By combining the familiar tooling and portability of Docker with the efficiency and specialization of next-generation unikernel technology, organizations have a flexible platform to build, ship and run distributed applications without being restricted to a particular infrastructure. Because workloads that reach the data center today are on a spectrum from physical machine to container to hypervisor, only the Docker platform can further widen the scope and provide more flexibility for orchestrating hybrid applications.
Watch the video from Docker Online Meetup #31: https://blog.docker.com/2016/01/docker-online-meetup-unikernels/
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...The Linux Foundation
Xen Project Evangelist Russell Pavlicek's presentation at the Unikernel User Summit at Texas Linux Fest 2015. An overview of the world of unikernels and their importance for the future. Beyond Docker and containers, unikernels are smaller, lighter, and more secure than any workload currently in the cloud.
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...The Linux Foundation
This talk will give an overview of Unikernel technology: what they are, why they are important, and what challenges and innovations are likely to appear in the future. We will discuss the nature of the Unikernel, what capabilities it brings to the table, and how it changes the nature of the cloud as we know it.
UPDATED OCTOBER 2015: Unikernels are small, fast, easily deployable, and very secure application stacks. Lacking a traditional operating system layer, they provide a new way of looking at the cloud which goes beyond the methodologies used by Docker and other container technologies.
This is an update of the deck as delivered by Russell Pavlicek. This includes some ground-breaking work done in the Rump Kernel project to bring web servers, database, and scripting language into the world of Unikernels.
Deck result of the Ohio Linuxfest 2015 in Columbus, OH.
XPDS14: Unikernels: Who, What, Where, When, Why - Adam Wick, GaloisThe Linux Foundation
Over the last several years, I and others have talked about the promise of unikernels — single-purpose, lightweight virtual machines — in the cloud. However, all of these talks have simply presented our architectures and speculated about their usefulness. Over the last several years, Galois has actually been using unikernels to implement interesting components in critical systems: non-bypassable encryption components, network monitors and alarms, platform obfuscation capabilities, Tor nodes, network re-routers, and so on. In this talk, I will speak briefly on each of them and ask the question: Was a unikernel a good platform for this project? If so, why? If not, why not? What are the general rules we can infer about when unikernels are useful, and what part of the cloud ecosystem they are best suited to serve?
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...The Linux Foundation
Unikernels are a burgeoning technology, ripe for deployment in a range of situations, from cloud-hosted microservices to Internet-of-Things platforms. By compiling and linking only the required code, they offer a range of benefits over traditional OS-hosted deployments, notably efficiency and, through smaller attack surfaces, security. While increasing in maturity, to date they have remained something of a technologists' choice: technically compelling but requiring considerable effort to build, deploy and use.
To address this, some in the community have spent time trying to integrate unikernel management with the popular Docker container management stack. By enabling unikernels to be managed using the standard Docker command line tools, we bring all the ease-of-use and common understandings of that toolchain to bear on this exciting technology.
After giving some context to the challenges faced, we will demonstrate building and running a simple LAMP-like stack using Docker to build and manage Rumprun and MirageOS Unikernels.
Thanks to Amir Chaudhry, Justin Cormack, Martin Lucina, Mindy Preston and Jeremy Yallop for assistance in building this demo!
Xen Project Evangelist Russell Pavlicek talks about how the growing area of hypervisor-leveraging unikernels will help redefine the cloud.
MAJOR UPDATE: Deck is now the result of 2015 Ohio Linuxfest, about a year after the initial talk. Deck now contains almost twice as much information as the original talk.
Unikernels are constructed by combining application code with only the operating system components necessary for that code to run. The result is a highly specialized, single-purpose application which can be deployed directly to the cloud or onto IoT-like devices. Unikernels reduce software complexity by only including code that is required, resulting in portable applications with much smaller footprints and fast boot times.
By combining the familiar tooling and portability of Docker with the efficiency and specialization of next-generation unikernel technology, organizations have a flexible platform to build, ship and run distributed applications without being restricted to a particular infrastructure. Because workloads that reach the data center today are on a spectrum from physical machine to container to hypervisor, only the Docker platform can further widen the scope and provide more flexibility for orchestrating hybrid applications.
Watch the video from Docker Online Meetup #31: https://blog.docker.com/2016/01/docker-online-meetup-unikernels/
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...The Linux Foundation
The unikernel approach should not be limited to cloud workloads. The cloud infrastructure itself must be built around the same principles. Our goal is to be able to unroll a private cloud on a hundred of servers within an hour. The resultant cloud infrastructure should not require any maintenance afterwards. The talk discusses the current progress of Cloudozer in making this vision a reality.
Cloud leaders such as Rackspace and Internap are building their next generation cloud using OpenStack and Xen+XenAPI, not everyone uses OpenStack with KVM. Lets take a look at how OpenStack and Xen work together, and look at how you can get more involved.
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
Do you dream of being able to spin up ten or twenty (or a thousand) virtual machines in an instant? Discover and repair resource bottlenecks without moving a finger? Dodge the loss of an entire storage array with no-one noticing? Span across data centers with a fleet of virtual machines? This is no sales pitch; during this tutorial, we’ll demonstrate how to leverage truly FOSS tools to build a powerful, scalable cloud that easily competes with those proprietary solutions!
This deep-dive into Xen, Xen Cloud Platform, and other FOSS cloud tools and concepts is intended both for those ready to wholeheartedly embrace virtualization and for those already seasoned in general virtualization practices. You’ll leave with a collection of pre-made tools that you can use right out of the box or modify to your liking. You’ll also leave with immediately useful knowledge on best practices and common pitfalls, presented by actual FOSS practitioners like you.
We begin this tutorial by discussing Xen, Xen Cloud Platform (XCP), and XCP cloud concepts (pools, hosts, storage, networks, etc.). We then explore in detail the API that makes Xen so useful for building a cloud, explore provisioning of hosts and guests using PXE, and discuss templating and installing guest virtual machines. Critical to understanding potential bottlenecks, identifying tuning opportunities and planning for the future, we will discuss performance monitoring and methodologies. Next, we teach you how to make the most of your new FOSS cloud capabilities and discuss in detail high availability infrastructure for storage and networking, advanced networking capabilities like bonding/VLANs, and the cloud orchestration tools that save you time and money. All of this with a focus on XCP in enterprise environments. Tools discussed include DRBD, Pacemaker, Open vSwitch, Cloudstack, Openstack, and more.
We conclude by shedding light on exciting developments: Xen 4.2 has recently been released, with just over a year of development time and nearly 3,000 changesets. We will discuss many of the new features introduced in 4.2, as well as what changes we have in store for the 4.3 release as well as other exciting developments.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture and on common challenges for KVM and Xen.
I will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale and show how advanced security features suchas Xen Security Modules and SELinux can help secure your cloud further.
The talk will conclude with exciting developments in the Xen community, such as Xen for ARM servers, a new virtualization mode for Xen, running applications without OS in a Xen guest and point out their implications for building open source clouds.
My (very brief!) presentation at Interzone.io on March 11, 2015. A more in depth exploration of these ideas can be found at http://www.slideshare.net/bcantrill/docker-and-the-future-of-containers-in-production video: https://www.joyent.com/developers/videos/docker-and-the-future-of-containers-in-production
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
This session offers techniques for securing Docker containers and hosts using open source network virtualization technologies to implement microsegmentation. Come learn real tips and tricks that you can apply to keep your production environment secure.
Manta: a new internet-facing object storage facility that features compute by...Hakka Labs
As the amount of unstructured data has greatly exceeded a single computer's ability to process it, data has become increasingly isolated from the compute elements . The resulting haul from stores of record (e.g., SAN, NAS, S3) to transient compute (e.g., Hadoop, EC2) creates needless mechanical work and human labor. Is there a better way? In this talk, we'll explore the coming convergence of data and compute in the cloud, focusing in particular on Joyent's Manta, a new internet-facing object storage facility that features compute. We will describe the design principles for Manta, the engineering challenges in building it, and more generally, the opportunities presented by the convergence of compute and data.
RBD, the RADOS Block Device in Ceph, gives you virtually unlimited scalability (without downtime), high performance, intelligent balancing and self-healing capabilities that traditional SANs can't provide. Ceph achieves this higher throughput through a unique system of placing objects across multiple nodes, and adaptive load balancing that replicates frequently accessed objects over more nodes. This talk will give a brief overview of the Ceph architecture, current integration with Apache CloudStack, and recent advancements with Xen and blktap2.
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera Docker, Inc.
Looking to move your application to run in a container? Need to move existing x86 legacy applications to Docker? Let's break down your fundamental application concerns. This includes persistent storage, networking, configuration management, policy, logging, health monitoring, and service discovery. You won't want to miss this talk.
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...The Linux Foundation
The unikernel approach should not be limited to cloud workloads. The cloud infrastructure itself must be built around the same principles. Our goal is to be able to unroll a private cloud on a hundred of servers within an hour. The resultant cloud infrastructure should not require any maintenance afterwards. The talk discusses the current progress of Cloudozer in making this vision a reality.
Cloud leaders such as Rackspace and Internap are building their next generation cloud using OpenStack and Xen+XenAPI, not everyone uses OpenStack with KVM. Lets take a look at how OpenStack and Xen work together, and look at how you can get more involved.
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
Do you dream of being able to spin up ten or twenty (or a thousand) virtual machines in an instant? Discover and repair resource bottlenecks without moving a finger? Dodge the loss of an entire storage array with no-one noticing? Span across data centers with a fleet of virtual machines? This is no sales pitch; during this tutorial, we’ll demonstrate how to leverage truly FOSS tools to build a powerful, scalable cloud that easily competes with those proprietary solutions!
This deep-dive into Xen, Xen Cloud Platform, and other FOSS cloud tools and concepts is intended both for those ready to wholeheartedly embrace virtualization and for those already seasoned in general virtualization practices. You’ll leave with a collection of pre-made tools that you can use right out of the box or modify to your liking. You’ll also leave with immediately useful knowledge on best practices and common pitfalls, presented by actual FOSS practitioners like you.
We begin this tutorial by discussing Xen, Xen Cloud Platform (XCP), and XCP cloud concepts (pools, hosts, storage, networks, etc.). We then explore in detail the API that makes Xen so useful for building a cloud, explore provisioning of hosts and guests using PXE, and discuss templating and installing guest virtual machines. Critical to understanding potential bottlenecks, identifying tuning opportunities and planning for the future, we will discuss performance monitoring and methodologies. Next, we teach you how to make the most of your new FOSS cloud capabilities and discuss in detail high availability infrastructure for storage and networking, advanced networking capabilities like bonding/VLANs, and the cloud orchestration tools that save you time and money. All of this with a focus on XCP in enterprise environments. Tools discussed include DRBD, Pacemaker, Open vSwitch, Cloudstack, Openstack, and more.
We conclude by shedding light on exciting developments: Xen 4.2 has recently been released, with just over a year of development time and nearly 3,000 changesets. We will discuss many of the new features introduced in 4.2, as well as what changes we have in store for the 4.3 release as well as other exciting developments.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture and on common challenges for KVM and Xen.
I will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale and show how advanced security features suchas Xen Security Modules and SELinux can help secure your cloud further.
The talk will conclude with exciting developments in the Xen community, such as Xen for ARM servers, a new virtualization mode for Xen, running applications without OS in a Xen guest and point out their implications for building open source clouds.
My (very brief!) presentation at Interzone.io on March 11, 2015. A more in depth exploration of these ideas can be found at http://www.slideshare.net/bcantrill/docker-and-the-future-of-containers-in-production video: https://www.joyent.com/developers/videos/docker-and-the-future-of-containers-in-production
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
This session offers techniques for securing Docker containers and hosts using open source network virtualization technologies to implement microsegmentation. Come learn real tips and tricks that you can apply to keep your production environment secure.
Manta: a new internet-facing object storage facility that features compute by...Hakka Labs
As the amount of unstructured data has greatly exceeded a single computer's ability to process it, data has become increasingly isolated from the compute elements . The resulting haul from stores of record (e.g., SAN, NAS, S3) to transient compute (e.g., Hadoop, EC2) creates needless mechanical work and human labor. Is there a better way? In this talk, we'll explore the coming convergence of data and compute in the cloud, focusing in particular on Joyent's Manta, a new internet-facing object storage facility that features compute. We will describe the design principles for Manta, the engineering challenges in building it, and more generally, the opportunities presented by the convergence of compute and data.
RBD, the RADOS Block Device in Ceph, gives you virtually unlimited scalability (without downtime), high performance, intelligent balancing and self-healing capabilities that traditional SANs can't provide. Ceph achieves this higher throughput through a unique system of placing objects across multiple nodes, and adaptive load balancing that replicates frequently accessed objects over more nodes. This talk will give a brief overview of the Ceph architecture, current integration with Apache CloudStack, and recent advancements with Xen and blktap2.
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera Docker, Inc.
Looking to move your application to run in a container? Need to move existing x86 legacy applications to Docker? Let's break down your fundamental application concerns. This includes persistent storage, networking, configuration management, policy, logging, health monitoring, and service discovery. You won't want to miss this talk.
Using Open Source technologies to create Enterprise Level Cloud SystemOpenFest team
Using Open Source technologies to create Enterprise Level Cloud System, optimize your costs and offset your carbon footprint on the environment - Венелин Горнишки, Илиян Стоянов
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...Haggai Philip Zagury
The overwhelming growth of technologies in the Cloud Native foundation overtook our toolbox and completely changed (well, really enhanced) the Developer Experience.
In this talk, I will try to provide my personal journey from the "Operator to Developer's chair" and the practices which helped me along my journey as a Cloud-Native Dev ;)
The Effectiveness, Efficiency and Legitimacy of Outsourcing Your Data DataCentred
Presentation given by our CEO Mike Kelly at this year's Excellence in Policing conference talking about the benefits of cloud computing and the Effectiveness, Efficiency and Legitimacy of outsourcing data. The presentation looks at the long term trends supporting the adoption of cloud technologies and dispels some of the myths and reasons why not to adopt cloud.
The presentation concludes with an examination of the benefits of utilising cloud technology and examines how best to adopt a cloud approach.
The Cloud Convergence: OpenStack and KubernetesIhor Dvoretskyi
The new cloud era brings us a lot of different technologies and products that can make process of development easier.
On the one hand we have OpenStack - an Open Source product that provides you a possibility to deploy your own cloud. On the other hand - Google, with its extensive experience operating a cloud using container technology, developed the open source Kubernetes orchestration system to manage containerized applications in a clustered environment.
This presentation will show you how to manage Containers easily using Kubernetes system on the OpenStack cloud environment.
Presentation given at the 2017 LinuxCon China
Unikernel is a novel software technology that links an application with OS in the form of a library and packages them into a specialized image that facilitates direct deployment on a hypervisor. Comparing to the traditional VM or the recent containers, Unikernels are smaller, more secure and efficient, making them ideal for cloud environments. There are already lots of open source projects like OSv, Rumprun and so on. But why these existing unikernels have yet to gain large popularity broadly? We think Unikernels are facing three major challenges: 1. Compatibility with existing applications; 2. Lack of production support (e.g. monitoring, debugging, logging); 3. Lack of compelling use case. In this presentation, we will review our investigations and exploration of if-how we can convert Linux as Unikernel to eliminate these significant shortcomings, plus some explorations of coordinating and cooperating with hypervisor.
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Mainframe Project
In it's 3rd year, the Open Mainframe Project continues to invest in the open source ecosystem on mainframe through it's summer internship program. This year's class focused on improving mainframe open source packaging and support of modern technologies such as Cloud Foundry and Kubernetes.
In this session, interns will present their work and experience in working in the internship program.
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageMayaData Inc
Webinar Session - https://youtu.be/_5MfGMf8PG4
In this webinar, we share how the Container Attached Storage pattern makes performance tuning more tractable, by giving each workload its own storage system, thereby decreasing the variables needed to understand and tune performance.
We then introduce MayaStor, a breakthrough in the use of containers and Kubernetes as a data plane. MayaStor is the first containerized data engine available that delivers near the theoretical maximum performance of underlying systems. MayaStor performance scales with the underlying hardware and has been shown, for example, to deliver in excess of 10 million IOPS in a particular environment.
Eager to learn more about OpenStack? This presentation provides an overview of OpenStack basics and an introduction to the types of storage in OpenStack. Choosing the right storage for your cloud can be the hardest part of building out your environment – this is a great primer to picking the right storage for your OpenStack deployment.
Triangle Devops Meetup covering Netflix open source, cloud architecture, and what Andrew did in his first year working as a senior software engineer in the cloud platform group.
Why Cloud Computing has to go the FOSS wayAhmed Mekkawy
This presentation tries to show the trends of software industry to reach the conclusion that cloud computing as a concept is inevitable, and having them as open clouds in inevitable as well.
Intro to OpenShift, MongoDB Atlas & Live DemoMongoDB
Get the fundamentals on working with containers in the cloud. In this session, you will learn how to run and manage containers in production. We'll level set with a quick intro to Kubernetes and OpenShift, so you understand some basic terminology. From there, it's all live demo. We’ll spin up Java, MongoDB (including Atlas, the hosted DBaas), integrate code from Github, and make some shiny JSON spatial services. Finally, we’ll cover best practices in using containers when going to production with an application, and answer all of your questions.
OSDC 2018 | Migrating to the cloud by Devdas BhagatNETWAYS
This is an experience report of a migration from self-hosted services to running in the cloud. While there have been plenty of business case studies showing the benefits of a cloud migration, there are very few reports on the IT side of the migration. This talk covers the migration of Spilgames (a small Dutch games publisher) from a self-hosted Openstack and hardware based infrastructure to Google cloud, challenges, tooling (and lack thereof). This migration is still work in progress, and the talk will cover as much detail as possible.
Similar to OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Software Architecture (20)
Geek Empowerment - The Real Heart of Open SourceRussell Pavlicek
As delivered at Linuxfest Northwest 2014. Open Source has succeeded in so many ways. But is it in danger of losing its greatest single value: empowering geeks to be more than just obedient coders?
openSUSE Summit-15 Years of Open Source: It's About the PeopleRussell Pavlicek
Open Source has flourished in the past decade and a half, but we need to make sure we don't lose our soul in the process. We must tend to the roots of the plant and not allow the corporate influence to compromise the liberation which Open Source provided to geeks.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Software Architecture
1. O'Reilly Software Architecture 2016
Unikernel-powered transient
microservices: Changing the face of
software architecture
Russell Pavlicek
rcpavlicek@yahoo.com
2. About the Old, Fat Geek Up Front
● Linux user since 1995; became a Linux advocate immediately
● Delivered many early talks on Open Source Advocacy
● Former Open Source columnist for Infoworld, Processor magazines
● Former weekly panelist on “The Linux Show”
● Wrote one of the first books on Open Source: Embracing Insanity:
Open Source Software Development
● 30 years in the industry; 20+ years in software services consulting
● Formerly Evangelist for the Xen Project, now looking for new
opportunities
● Over 100 FOSS talks delivered; over 200 FOSS pieces published
3. Why Am I Talking About This?
● I am not a unikernel implementer
● I had been Evangelist for Xen Project, which is at the forefront of
unikernel development
● There are a number of people implementing unikernels and discussing
what they've done, but relatively few discussing the big picture, and
almost no one talking about the changes to S/W architecture
● This talk will attempt to examine both the forest and the trees:
– We will discuss the value of the unikernel movement
– We will examine several prominent unikernels and their uses
● The existence of these unikernels will alter the architecture of the cloud.
Microservices will become smaller, faster, and more transient than today.
4. The Current Basis for Architecture
● Workloads are essentially Persistent, even in clouds
– Clouds may move the the workload around, but the workload itself is
virtually identical to workloads in the pre-cloud era
● Someone has to authorize their birth, check their health, and
authorize their shutdown
● Services tend to be long-lived, because it takes so long to start
one up or shut one down
– Ever get stuck at a Point-Of-Sale terminal run off a modem?
● Services will often sit idle for long periods waiting for a client to
make a request
– Resources needed by the service are, therefore, underutilized
5. A New Basis for Architecture
● Imagine workloads which are as nimble as the clouds
which deploy them
● Instant startup and shutdown
– Able to be deployed the instant the need appears
● Lasting only as long as the immediate need
● And much more secure than what we have now
● Key capability to implement the Internet Of Things (IoT)
● This is a Transient workload
6. How Did We Get Here?
● The history of computing tells us why we have a love with Persistent
machines
● Once upon a time, machines were really expensive
– When I was in college, our student computer center consisted of one machine – a
DEC PDP 11/34a – for the entire campus
– 248kb addressable memory
– 25 MB total disk storage (not including 8” floppies)
– No virtualization available
– One machine had to do everything for everyone, so we loaded it down with
thousands of programs
– This beast cost over US$100K fully configured
– Startup and shutdown was slow – minutes. So Persistent service was a
necessity
7. How Does This Match Today's Reality?
● Hardware today is dirt cheap!
● A smart phone is several orders of magnitude more powerful
than my college's old PDP-11; we frequently send PCs to a
landfill which would have been supercomputers by comparison
● Memory and storage are cheap and plentiful
● Virtualization is stable and available
● Startup and shutdown is much quicker
● So why are we still focused on building Persistent
machines with 1000s of programs like we used to when
hardware was expensive?
8. Let's Upgrade Our Architecture
● Much modern solution architecture is focused on
leveraging physical components designed in
1980
● Let's rethink software architecture to best use the
current truths, and let go of the assumptions
created in a bygone era
● Let's start with the Cloud and ask, “What should
your machine images look like to be optimal
today?”
9. A View From the Clouds
What does a Really Good Cloud look like?
10. The Cloud So Far
● The major field of innovation is in the orchestration
– The Cloud Engine is paramount (OpenStack, CloudStack, etc.)
– But the workloads adapted to the cloud strongly resemble their
Persistent non-cloud predecessors
● Some basic adaptations to facilitate life in the cloud, but basically the
same stuff that was used before the cloud
● Applications with full stacks (operating system, utilities, languages, and
apps) which could basically run on hardware, but are run on VMs
instead.
●
VMs are beefy; large memory footprint, slow to start up
●
It all works, but its not overly efficient
●
10s of VMs per physical host
11. The Next Generation Cloud
● Let's turn our scrutiny to the workloads
– Should be easier to deploy and manage
– Smaller footprint, removing unnecessary duplication
– Faster startup
– Mixture of Persistent and Transient microservices
– Higher levels of security
– 1000s of VMs per host
12. The New Stuff: Docker & Containers
● Makes deployment easier
● Smaller footprint by leveraging kernel of host
● Less memory needed to replicate shared kernel
space
● Less disk needed to replicate shared executables
● Really fast startup times
● Higher number of VMs per host
13. Docker Downsides
● Improvements, yes; but not without issues
– Can't run any payload that can't use host kernel
– Potential limits to scalability
● Linux not really optimized for 1000s of processes
– Security
● Security is a HUGE issue in clouds
● Still working on security which brings containers up to the level of
current solutions
– Cumbersome add-ons won't work; security needs to be baked in
– We need to raise the bar higher in the cloud; status quo is not enough
● Containers are still often run within VMs when security is needed
14. Security: 800 Ton Gorilla in the Room
● For too long, Security is the Red-Headed Step
Child of Software Architecture
– We've used bolt-on solutions
– “The sysadmin will handle that!”
● Which quickly becomes “It's the sysadmin's fault that they
DIDN'T handle that!”
● You only need to glance at the news to know
the state of security in our industry today: IT
SUCKS!
15. Security By Design is a Requirement
● We MUST raise the defacto level of security in
our cloud and web applications!
● “Good enough” is no longer good enough
● Some enhanced level of security needs to be
baked in so that even a totally incompetent idiot
can deploy applications which are more secure
than today's status quo
16. The Unikernel: A Real Cloud Concept
● Very small
● Very efficient
● Very quick to boot
● And very, VERY secure!
● It's a Green (energy) technology which saves you
green (cash); extremely important to foster adoption
● Many unikernels already exist, and the number is
growing steadily
21. Unikernel Concepts
● Use just enough to do the job
– No need for multiple users; one VM per user
– No need for a general purpose operating system
– No need for utilities
– No need for a full set of operating system functions
● Lean and mean
– Minimal waste
– Tiny size
22. Unikernel Concepts
● Similar to an embedded application
development environment
– Limited debugging available for deployed production
system
● You have exactly the tools you built into the stack
– Instead, system failures are reproduced and
analyzed on a full operating system stack and then
encapsulated into a new image to deploy
– Tradeoff is required for ultralight images
23. What Do the Results Look Like?
● Mirage OS examples:
– DNS Server: 449 KB
– Web Server: 674 KB
– OpenFlow Learning Switch: 393 KB
● LING metrics:
– Boot time to shell in under 100ms
– Erlangonxen.org memory usage: 8.7 MB
● ClickOS:
– Network devices processing >5 million pkt/sec
– 6 MB memory with 30 ms boot time
24. What About Security?
● Type-Safe Solution Stack
– Can be certified
– Certification is crucial for certain highly critical tasks, like
airplane fly-by-wire control systems
● Image footprints are unique to the image
– Intruders cannot rely on always finding certain libraries
– No utilities to exploit, no shell to manipulate
– Make the attack surface much smaller and much less
consistent
26. What's Out There Right Now?
● MirageOS, from the Xen Project Incubator
● HaLVM, from Galois
● LING, from Erlang-on-Xen
● ClickOS, from NEC Europe Labs
● OSv, from Cloudius Systems
● Rumprun, from the Rump Kernel Project
● And that's just the beginning...
27. MirageOS
● From the Xen Project Incubator
● Language support: Ocaml
● Hypervisor support: Xen Project
● V2.0 released in 2014
● General purpose devices
● Can be run on Amazon EC2
● http://www.openmirage.org/
28. HaLVM
● Galois, Inc.
● Language support: Haskell
● Hypervisor support: Xen Project
● Originally designed to prototype operating
system components
● Now suitable for creating network devices
● https://galois.com/project/halvm/
29. LING
● Erlang-on-Xen project
● Language support: Erlang
● Hypervisor support: Xen Project
● Use cases include Zero-Footprint Cloud
● http://erlangonxen.org/
32. ClickOS
● NEC Europe Labs
● Language support: C, C++, Python
● Hypervisor support: Xen Project
● V0.2 released in 2014
● Suited for Network Function Virtualization
(NFV) devices
● http://cnp.neclab.eu/clickos/
34. OSv
● Cloudius Systems (now ScyllaDB)
– Company may have moved on, but their Open Source project survives
– Language support: C, C++, Java, Python, Javascript, Node.js, Ruby
● Hypervisor support: Xen Project, KVM, VMware
● Slightly different from “standard” unikernels
– Kind of “fat”
– Full Java JVM stack, minus multi-processes (threads yes, forks no)
– Can run almost any JAR file
● NFV optimized
● http://osv.io/
35. Rumprun
● A working product of the rump kernel ecosystem
(which we'll discuss shortly)
● Under active development, rumprun does allow a
growing number of programs to run as-is
– Its goal is to a universal base for most unikernel-
appropriate workloads for currently existing real-world
POSIX-based applications
– It has the potential to open the door to a hugehuge number of
functional unikernels
● http://repo.rumpkernel.org/rumprun
36. What About the Unikernel Ecosystem?
● If this is more than just a few isolated
experiments in unikernel concepts, we'd expect to
see some advances in the general ecosystem
● The unikernel ecosystem is forming:
– Jitsu (https://github.com/MagnusS/jitsu)
– MiniOS (http://wiki.xenproject.org/wiki/Mini-OS)
– Rump Kernels (http://rumpkernel.org/)
– Xen Project itself
37. Jitsu
The Jitsu Website says:
Just-In-Time Summoning of Unikernels
● Jitsu is a forwarding DNS server that automatically starts virtual
machines (VMs) on demand. When a DNS query is received, jitsu first
checks for a local VM that is mapped to the requested domain. If a VM
is found, the VM is started and its IP is returned to the client. Otherwise,
the request is forwarded to the next DNS server. If no DNS requests are
received for the VM within a given timeout period it is automatically
stopped.
● Although Jitsu can be used with any VM that can be controlled with
libvirt, it is mainly intended for use with unikernels that can be started
quickly and be able to respond to the client request within the time it
takes to send the DNS response.
38. MiniOS
● Small basic unikernel
● Distributed with Xen Project source
● Originally designed for driver disaggregation
● Base for others to build their unikernel projects
– ClickOS, for example
– Also the base for the earliest version of rumprun,
which has advanced considerably since
39. Rump Kernels
● Derived from the work of the NetBSD community
● Employs the notion of a kernel containing just enough
code to get real work done
– Concept is not limited to NetBSD, but existing work leverages
NetBSD
● An open-ended framework containing production-quality
drivers, currently manifesting itself in the rumprun
unikernel
● Supports Xen Project, bare metal, userspace
environments
41. THIS JUST IN...
News Flash: The Fat Boy up front was wrong!
You CAN do databases as Unikernels!
42. The “RAMP” Stack!
● Major announcement 1 year ago: Nginx, MySQL, and PHP built on
Rump Kernels!
● No rearchitecting the application; the work is in getting things to
cross compile correctly (Nginx & MySQL)
● Working out usability and configuration kinks still
● Unikernel-compatible unmodified POSIX C and C++ applications
“just work” on top of Rump Kernels, provided that they can be cross-
compiled
– Stacks on Rump Kernels are always cross-compiled, since the compiler
never runs directly on the Rump Kernel
● Still in skunkworks stage; watch Twitter @rumpkernel for
announcement when it is done
43. More Rump Kernel & RAMP Info
● Rump Kernels contain the work of many BSD contributors, all the way
back to the 1980s
● Antti Kantee leading the Rump Kernel project
● Martin Lucina leading the RAMP work
● Current Temporary Github repositories (will probably be replaced with a
permanent Wiki page):
– https://github.com/mato/rump-php
– https://github.com/mato/rump-mysql
● Rump Kernel Mailing List:
– http://www.freelists.org/list/rumpkernel-users
● Rump Kernel Twitter:
– @rumpkernel
44. Xen Project as Ecosystem Enabler
● Work proceeds on support for 1000s of VMs per host
– Recent redesign of Event Channels removes obstacles to
uncap VM growth (theoretically, into millions of VMs)
– Currently, performance is strong up to around 600 VMs per
host
– Other areas identified and targeted to enable 2000-3000
VMs per host
● Paravirtualization makes creation of a unikernel much
simpler
– Simpler PV interfaces remove need for complex H/W drivers
45. And Still More To Come...
● Arrakis (http://arrakis.cs.washington.edu/)
– Derived from the Barrelfish operating system
● Clive (http://lsub.org/ls/clive.html)
– Using the go language
● Solo5 (https://developer.ibm.com/open/solo5-unikernel/)
– A new unikernel base from IBM
● IncludeOS
– C++ on KVM
46. Are Unikernels a Panacea?
● Nope!
– But it doesn't have to be a panacea to return value
– There will always be really large databases and beefy apps
which won't fit in this mold
– The truth is that different problems are likely to require different
optimal solutions for the foreseeable future
– It is likely that the solution spectrum of the next few years will
include a blend of unikernels, containers, and standard
virtualization
– But the arrival of unikernels means that the bar to efficiency
has been raised to new heights
47. What Does This Mean for Architecture?
● We like to talk about (Persistent) Microservices; we
are witnessing the birth of Transient MicroservicesTransient Microservices
– Lifetimes possibly measured in fractions of second
– Populations in the thousands concurrently per host
– Now these aren't small just from an external standpoint,
but internally as well
– It's much easier manipulating smaller items than bigger
ones, so what was once difficult to change becomes
easier to change
48. How Do You Control a Transient Microservice?
● Excellent question!
● How can we tell if a service was born, executed
correctly, and died appropriately?
● Do you know the answer?
– This is where Open Source shines – and why all this is
coming from Open Source efforts
– “Given enough eyeballs, all bugs are shallow” – ESR, CatB
– Get enough people looking at the problem and the solution
will be obvious to someone
49. Open Source Leading the Way
● This is an example of how Open Source is
working to expand horizons of the cloud
– Closed source in the next-gen cloud just isn't the
way to go
– The real innovation continues to come from Open
Source
– Friends don't let friends go closed source in the
cloud!
50. Questions?
rcpavlicek@yahoo.com
Twitter: @RCPavlicek
Thanks to the Mirage OS team and Antti Kantee of the Rump Kernel project for the use of
their images. Thanks to NEC Europe Ltd (ClickOS) and ErlangOnXen (LING) for the use
of images from their respective websites. Rights to same belong to the copyright holders.
Look for my upcoming article in BSD Magazine and an upcoming
eBook from your favorite publisher!
And don't forget my session at 4:35pm here today!
If anyone is looking for a community guy / evangelist, drop me a line!