Puppet day v1.1

•

0 likes•580 views

Puppet is an automation tool that uses a master-agent architecture to configure and report on nodes. The Puppet master stores configuration templates (manifests) and compiles them into a catalog for each agent based on facts collected from the node. The agent downloads the catalog and any plugins and uses local methods to apply the configuration. Cisco's onePK provides a manageability layer that allows Puppet to configure Cisco devices by running as an agent inside a Linux container on the device OS, avoiding direct CLI access.

Technology News & Politics

Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.
Puppet Agent for Cisco
devices
Wojciech Dec – wdec@cisco.com
April 12, 2013

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
•  Puppet is client (node agent) – server (master) software & framework designed to
automate node configuration and reporting.
•  Puppet master stores target high level resource “intent” (manifest) for nodes.
Manifest is compiled into a node’s list of dependent resource into catalog at puppet
run time based on “facts” collected from the node
•  Puppet client downloads the “catalog”, and any Puppet code (plugin) from Master.
•  Puppet client uses local methods to realize catalog into config

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
•  onePK provides manageability
abstraction.
Avoids CLI scraping
Consistent across cisco OSes
Exposes dynamic device state +
device configuration
•  Linux Container
Runs distro on OS kernel
Fitted with cisco onepk libs
Isolates app failures from Network
Element
Superior flexibility for application
developers (compared to SDK
enforced walled garden)Device Components
Management
Agents
Manageability
Abstraction
Device
Management
Infrastructure
OS-specific
Management
Infrastructure
XOS and
Component APIs
Traditional
Management
Agents (CLI, syslog,
SNMP, XML)
Next Generation
Management
Agents (Puppet, ..)
onePK PL
Transport/Marshaling
onePK AL
OS Shim
LinuxContainerNXOS

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Master
Device
Proxy
Agent
SSH,
OnePK
Device Proxy AgentDevice Agent
Master
Agent
OnePK
Linux container(s) on NXOS
Agent
OnePK

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Master
Device
Proxy
Agent
SSH,
OnePK
Device Proxy AgentDevice Agent
Master
Agent
OnePK
Linux container(s) on NXOS
Agent
OnePK
Pros:
-  Each Agent maps directly to
managed device
-  machine’s characteristics (facts)
exposed as own
-  Easily extensible. Does not
require core puppet code
changes
-  Automated agent plugin code
download from master
-  Better Scale
Cons:
-  Requires LXC container +
OnePK capability on device
Pros:
-  No specific device requirements
-  One agent can proxy for
multiple machines
Cons:
-  CLI Scraping method
-  More complicated Puppet agent
(device proxy).
-  Requires extensions in puppet
core “device” mode code
-  Scale and authentication
management

$© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 (Demo) Sample Manifest node ”cisco-switch" { include onepk_module onepk_vlan { "1000": description => "Green_Vlan", ensure => present } onepk_interface { "Ethernet 1/2": mode => "access", vlan => "1000", ensure => present } $patch_f = "sysinfo_patch.tar.gz” onepk_patch { ”sysinfo_patch": patch => ” ${patch_f}", server_type => ”bootflash", ensure => present, } }$

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Puppet Master
Infra
1
2
3
1.  Based on push or pull trigger, agent runs facter to obtain device configuration
information
2.  Agent sends facter data to master along with a catalog request + plugin (if needed)
3.  Master sends agent catalog response (subset of manifest based on agent’s facter
data)
4.  Agent processes catalog
- Provider applies necessary configuration changes
5.  After provider execution report sent to master
ProviderFacter
Puppet Agent
4
5
onePK API
Cisco plugin
Cisco plugin

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
•  Demo Flow:
•  Show on N7k device
•  A puppet agent run
Agent run triggered. Facts/Catalog exchanged with master
Agent uses OnePK to communicate with switch OS
Applies VLAN + switch port configuration
Downloads & applies NXOS patch
•  Show on N7k device
Note: A “bare-metal” version of this demonstration is also available for
virgin switch provisioning using PoAP + Puppet: Includes image and
container download & install.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9Cisco Confidential 9Cisco Confidential 9© 2010 Cisco and/or its affiliates. All rights reserved.
Thank you

"Puppet for Production in WebEx" by Reinhardt Quelle, Cloud Services Architect, Cisco. Presentation Overview: Getting started with Puppet configuring an individual machine is straightforward. Managing a cluster of machines across multiple data centers, supporting upgrades while running a 7x24 service, and building for collaboration is significantly more challenging. The WebEx team will discuss the problems and some strategies they are using to manage this complexity. Speaker Bio: Reinhardt Quelle is a Cloud Services Architect in the Cloud Collaboration Applications group at Cisco, where he’s responsible for defining infrastructure architecture and deployment automation . His group manages thousands of servers across multiple data centers around the world serving multiple applications, including WebEx conferencing, to tens of millions of users. In prior roles, he’s worked extensively in SaaS operations, delivering diverse applications from email security through social media applications.

Présentation et démo ELK/SIEM/Wazuh

clevernetsystemsgeneva

Solving the Open Source Security Puzzle

Vic Hargrave

Aws security with HIDS, OSSEC

Mayank Gaikwad

SCAP and NETCONF

c3i

Further expanding the discussion on inter-networking devices (Routers and Switches) the NETCONF protocol will be discussed. NETCONF is a open standard protocol supported by major inter-networking vendors. This session looks to leveraging the NETCONF schema to retrieve the configuration files from inter-networking devices. This session will cover issues and challenges related to: •Security Automation and inter-networking devices. •Access methods to retrieve and process device configuration settings.

Enterprise Node - Securing Your Environment

Kurtis Kemple

Just like any other language, Node is susceptible to vulnerabilities, dependency issues, and other problems that can bring down or prevent you from releasing new versions of your application. Learn how to safe-guard your environment with things like private registries and vulnerability testing during your CI build in this one-hour lightning talk. ================================= TOPICS COVERED: Why is Securing Your Environment Important • Protects Your Company from Potential Threats • Improves Confidence in Code and Systems • Helps You Meet Legal and Organization Restrictions Securing Your Runtime • N|Solid - Enterprise Runtime • Containerization • Monitoring Securing Your Dependencies • Whitelisting Modules • NSP Securing Your Applications • HTTPS ALL THE THINGS • Encrypt Sensitive Data =================================

Enabling policy migration in the Data Center with Ansible

Joel W. King

At AnsibleFest Austin 2018, we demonstrated using Ansible to extract policy from Cisco Tetration Analytics and expose it as variables to playbooks. The internal World Wide Technology IT department is migrating from a traditional Nexus fabric to Application Centric Infrastructure (ACI). This talk describes how Ansible is used to migrate policy to, and automate the configuration of, the new data center fabric.

Node.js wrapper for mbed Device Connector REST calls 艾鍗教你從實作中認識物聯網！ https://bit.ly/3kLZhAq 課程使用Raspberry Pi結合ARM mbed Cloud來實現一個物聯網解決方案。你會了解M2M(Machine-to-Machine)網路協定,包含CoAP、MQTT、LWM2M等協定，並藉由Raspberry Pi連接 Cloud。 Raspberry Pi的部份教你連接一些感測器，包含GPIO、數位界面I2C的溫溼度感測器、類比感測器如光感應器等，並將這些感測器成為定義為不同的Resource Path並註冊在mbed cloud中。本課程將採用Node.js撰寫WebAPP，使用HTTP/RESTful API存取Resource。在實作WebAPP中，除了後端Node.js，你也將會看到後端如何與前端瀏覽器之間要如何溝通的方式，如AJAX或WebSocket

Equifax cyber attack contained by containers

Aqua Security

Intro to the FIWARE Lab

FIWARE

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security

DevOpsDays Riga

Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.

[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN

OpenStack Korea Community

Container Runtime Security with Falco

Michael Ducy

Effective security requires a layered approach. If one layer is comprised, the additional layers will (hopefully) stop an attacker from going further. Much of container security has focused on the image build process and providing providence for the artifacts in a container image, and restricting kernel level tunables in the container runtime (seccomp, SELinux, capabilities, etc). What if we can detect abnormal behavior in the application and the container runtime environment as well? In this talk, we’ll present Falco - an open source project for runtime security - and discuss how it provides application and container runtime security. We will show how Falco taps Linux system calls to provide low level insight into application behavior, and how to write Falco rules to detect abnormal behavior. Finally we will show how Falco can trigger notifications to stop abnormal behavior, notify humans, and isolate the compromised application for forensics. Attendees will leave with a better understanding of the container security landscape, what problems runtime security solves, & how Falco can provide runtime security and incident response.

Ossec Lightning

wremes

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Michael Man

OpenStack keystone identity serviceopenstackindia

Advanced OSSEC Training: Integration Strategies for Open Source Security

AlienVault

During this technical one-hour session, Santiago Gonzalez, an OSSEC core team member (System integration, rules & SIEM) and AlienVault Director of Professional Services, will demonstrate how to integrate OSSEC with other 3rd party applications for greater security visibility and response. To learn more, check out the video: https://www.alienvault.com/resource-center/webcasts/advanced-ossec-training-integration-strategies-for-open-source-security

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Michael Man

How to detect side channel attacks in cloud infrastructures

Pasquale Puzio

http://www.secludit.com We integrated Elastic Detector, which is SecludIT's product, with OSSIM in order to detect side-channel attacks occurring in cloud infrastructures. Elastic Detector takes care of solving the cloud elasticity issue, collecting security-relevant logs and forwarding (rsyslog) them to OSSIM where the correlation takes place (thanks to our plugin). DEMO showed at the RaSIEM workshop (ARES conference) in Regensburg, Germany.

Secure Keystone Deployment

Priti Desai

In the Juno summit, Symantec presented it's perspective on securing Keystone. Security is really a mindset and process. We proposed a layered security approach starting with the process for securing Keystone architecture, followed by securing the environment where Keystone is deployed and configured. Since then we have been implementing those security measures in our production environment. In this talk, we will discuss exactly how we have made our Keystone deployment secure and what we have learnt along the way.

3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013

Puppet

"3 Years of Puppet at Cisco: The Secrets to Our Success" by Keith Chambers and Ryan Uber, Cisco WebEx. Presentation Overview: WebEx Social (WxS) is an enterprise social networking product by Cisco. Customers can subscribe to WxS as a cloud service or they can purchase a license and run WxS on-premise. Puppet is at the core of our technology stack that includes MongoDB, Solr, RabbitMQ, memcached, ZooKeeper, Nagios, and Graphite. We love Puppet. We pioneered embedding Puppet in Cisco products 3 years ago and have been tireless advocates ever since. We have learned valuable technology/process/culture lessons and developed reusable patterns for: - Scaling to thousands hosts with Puppet - Ensuring host upgrades are 100% reliable - Avoiding Puppet codebase spaghetti - Detecting and eliminating system drift at scale - Creating a culture of shared responsibility through architecture design. Speaker Bio: Keith Chambers,Technical Leader, Cisco Keith Chambers is the platform architect for the WebEx Social product at Cisco. He joined Cisco in 2000 and is based out of Seattle Washington. In his current role, Keith leads the engineering team responsible for deploying and operating WebEx Social. Prior to joining the WebEx Social team, Keith worked in Cisco's Unified Communication Business Unit and Technical Assistance Center. Keith was instrumental in the successful virtualization of Cisco's entire Unified Communications portfolio and spoke at VMworld 2009 on the topic of "virtualizing real-time applications". VMware presented Keith with their prestigious vExpert award in 2009. Outside of Cisco, Keith is a house deejay and producer. He enjoys traveling the world and spending time with his family, friends, and beautiful wife Jackie.

Using Kubernetes to make cellular data plans cheaper for 50M users

Mirantis

SecPod: A Framework for Virtualization-based Security Systems

Yue Chen

The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memory protection. Unfortunately, such memory protection requires to monitor every update to the guest’s page tables. This fundamentally conflicts with the recent advances in the hardware virtualization support. In this paper, we propose SecPod, an extensible framework for virtualization-based security systems that can provide both strong isolation and the compatibility with modern hardware. SecPod has two key techniques: paging delegation delegates and audits the kernel’s paging operations to a secure space; execution trapping intercepts the (compromised) kernel’s attempts to subvert SecPod by misusing privileged instructions. We have implemented a prototype of SecPod based on KVM. Our experiments show that SecPod is both effective and efficient.

Hug #9 who's keeping your secrets

Cameron More

Chris Rutter: Avoiding The Security Brick

Michael Man

Exploring the Final Frontier of Data Center Orchestration: Network Elements -...

Puppet

Fwf

ibtesam sorker

Reporte semanal de trámites ingresados en la VUD del 23 al 27 enero, 2017

Delegación Miguel Hidalgo

What's hot

Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin

Vietnam Open Infrastructure User Group

Node.js wrapper for mbed Device Connector REST calls

艾鍗科技

Equifax cyber attack contained by containers

Aqua Security

Intro to the FIWARE Lab

FIWARE

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security

DevOpsDays Riga

[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN

OpenStack Korea Community

Container Runtime Security with Falco

Michael Ducy

Ossec Lightning

wremes

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Michael Man

OpenStack keystone identity serviceopenstackindia

Advanced OSSEC Training: Integration Strategies for Open Source Security

AlienVault

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Michael Man

How to detect side channel attacks in cloud infrastructures

Pasquale Puzio

Secure Keystone Deployment

Priti Desai

3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013

Puppet

Using Kubernetes to make cellular data plans cheaper for 50M users

Mirantis

SecPod: A Framework for Virtualization-based Security Systems

Yue Chen

Hug #9 who's keeping your secrets

Cameron More

Chris Rutter: Avoiding The Security Brick

Michael Man

Exploring the Final Frontier of Data Center Orchestration: Network Elements -...

Puppet

What's hot (20)

Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin

Node.js wrapper for mbed Device Connector REST calls

Equifax cyber attack contained by containers

Intro to the FIWARE Lab

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security

[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN

Container Runtime Security with Falco

Ossec Lightning

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

OpenStack keystone identity service

Advanced OSSEC Training: Integration Strategies for Open Source Security

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

How to detect side channel attacks in cloud infrastructures

Secure Keystone Deployment

3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013

Using Kubernetes to make cellular data plans cheaper for 50M users

SecPod: A Framework for Virtualization-based Security Systems

Hug #9 who's keeping your secrets

Chris Rutter: Avoiding The Security Brick

Exploring the Final Frontier of Data Center Orchestration: Network Elements -...

Viewers also liked

Fwf

ibtesam sorker

Reporte semanal de trámites ingresados en la VUD del 23 al 27 enero, 2017

Delegación Miguel Hidalgo

Lesson 1Tamar Acevedo

Método Científico por Yolanda PilaYolandaPila

Foredi gresik

Foredi Pemalang

Enterprise 2.0 and the project manager

Ben Blanquera

Principales puertos del mundo

Juan Manuel arias garcia

Salmo 92Mensagens Virtuais

Problemas ambientales enPablo Segura

NLP TOP COACH, International Training & Coaching & Leadership Development

Ah Roi

NLP TOP COACH is a team of dedicated, enthusiastic and motivational Coaches, Trainers & Business strategists. From experiences covering 5 continents, our breadth of knowledge and expertise will ensure you receive the best advice, consultancy and solutions for yourself and your corporation. We are passionate about helping you ‘Unleash your Power for Success and Happiness. MISSION Creating World-Class Leaders, Coaches & Trainers. VISION World’s No.1 Certification provider for NLP, Coaching & Leadership Development Training. CORE VALUES Passion– We coach and train with passion, enthusiasm and confidence Authentic – Genuine team, delivering pure high quality NLP, Coaching & Leadership Certification Results – Creating Success & Happiness in your business, health, wealth & relationships.

Ethical Decision-Making Models and Application

John Gavazzi, PsyD, ABPP

El derecho y otras ciencias

soportedocente

社會回饋

mountaineer

Viewers also liked (13)

Fwf

Reporte semanal de trámites ingresados en la VUD del 23 al 27 enero, 2017

Lesson 1

Método Científico por Yolanda Pila

Foredi gresik

Enterprise 2.0 and the project manager

Principales puertos del mundo

Salmo 92

Problemas ambientales en

NLP TOP COACH, International Training & Coaching & Leadership Development

Ethical Decision-Making Models and Application

El derecho y otras ciencias

社會回饋

Similar to Puppet day v1.1

Puppet devops wdec

Wojciech Dec

Cisco Automation with Puppet and onePK - PuppetConf 2013

Puppet

"Cisco Automation with Puppet and onePK" by Jason Pfeifer Technical Marketing Engineer, Cisco. Presentation Overview: This session will provide an overview of the cisco developed puppet functionality for management and configuration of Cisco devices. Speaker Bio: Jason is a Cisco Technical Marketing Engineer focusing on programmability and automation of Cisco network devices. He is currently supporting, discussing, evangelizing, and writing applications against Cisco's onePK SDK. He also has a long term love affair with Cisco's Embedded Event Manager.

citus™ iot ecosystem

DUONG Dinh Cuong

Stage 1 Tradecraft

matt806068

Dan Norris: Exadata security

Kyle Hailey

ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptxVivek Kumar

Better Network Management Through Network Programmability

Cisco Canada

As we enter the age of network programmability the data models, protocols, and tools provided by a programmable network can greatly improve and simplify network management tasks. Configuration and operational data can be read and set regardless of the underlying device. Errors are properly reported to ensure reliable delivery of data. Connections are secure and robust. Data is more intelligently extracted. This presentation will explore how tools like NETCONF, YANG, as well as Cisco's Embedded Event Manager, onePK APIs, and embedded Python scripting can radically improve network management applications by offering visibility and provisioning power throughout the network stack. For more information please visit our website here: http://www.cisco.com/web/CA/index.html

20151222_Interoperability with ML2: LinuxBridge, OVS and SDN

Sungman Jang

FIWARE Wednesday Webinars - Short Term History within Smart Systems

FIWARE

Study notes for CompTIA Certified Advanced Security Practitioner

David Sweigert

Pluggable Infrastructure with CI/CD and Docker

Bob Killen

DPDK & Cloud Native

Michelle Holley

Cloud native architecture is emerging for Telecom workloads. To support these emerging trends, Intel is targeting enhancements to the Dataplane Development Kit (DPDK). The enhancements would target network service mesh with dedicated sidecar accelerators and the mechanism to build the mesh dynamically. Speaker: Gerald Rogers. Gerald Rogers is a Principal Engineer in the Network Products Group focused on virtual switching, network function virtualization and Data Plane Development Kit (DPDK). After joining Intel in 2005, Gerald has worked as a software engineer and architect in the embedded and networking groups. For the past 7 years Gerald has led the network virtual switching software and hardware acceleration effort to drive Intel architecture into the networking and telecommunications industry. Gerald holds a Bachelor’s degree in Electrical Engineering and a Master’s degree in Computer Science, and has 20 years of experience in the networking and telecommunications industry.

26.1.7 lab snort and firewall rules

Freddy Buenaño

"Wie passen Serverless & Autonomous zusammen?"

Volker Linz

Moderne Serverless-Computing-Plattformen sind in aller Munde und stellen ein Programmiermodell zur Verfügung, wo sich der Nutzer keine Gedanken mehr über die Administration der Server, Storage, Netzwerk, virtuelle Maschinen, Hochverfügbarkeit und Skalierbarkeit machen brauch, sondern sich auf das Schreiben von eigenen Code konzentriert. Der Code bildet die Geschäftsanforderungen modular in Form von kleinen Funktionspaketen (Functions) ab. Functions sind das Herzstück der Serverless-Computing-Plattform. Sie lesen von der (oft Standard-)Eingabe, tätigen ihre Berechnungen und erzeugen eine Ausgabe. Die zu speichernden Ergebnisse von Funktionen werden in einem permanenten Datastore abgelegt, wie z.B. der Autonomous Database gespeichert. Die Autonomous Database besitzt folgende drei Eigenschaften self-driving, self-repairing und self-securing, die für einen modernen Anwendungsentwicklungsansatz benötigt werden.

Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...

mfrancis

The “internet of things” is the next revolutionary wave following profound changes brought to us by Personal Computers (connecting places) and Mobile Phones (connecting people on the go). This third wave heralds the beginning of the new era of pervasive connectivity, embedded intelligence, and application convergence. It will be the world where smart things will communicate among themselves and with us enabling greener, more efficient, and at the same time more comfortable environment. This talk will present a platform and products designed to serve the new markets enabled by the Internet of Things, with a particular focus on the value of the OSGi framework enabling convergence of Home Automation, Smart Energy, Electric Vehicle Charging, and e-health on a single remotely manageable platform. It will also provide insights on how the platform was developed leveraging the extensibility offered by the OSGi framework and ProSyst’s modular architecture. The built-in OSGi stack provides Java-level abstraction of the network interfaces and Smart Energy Profile 2.0 stack as well as cloud integration features such as web server, web services and standards-based remote management. The OSGi framework is the key enabler of the product lifecycle and remote application management mandatory for service provider driven deployments. The Smart Energy 2.0 standard is a key element of the future smart grid. And the work presented in this talk describes the first platform integrating the SEP 2.0 protocol stack with an OSGi based middleware. The OSGi based solution also provides higher level of device security through the use of secure element. The UDK-21 is build around a System-on-Chip STreamPlug (ST2100), the solution features a fully integrated HomePlug PHY/MAC and Analog Front End combined with the ARM926EJ-S processor and a rich set of interfaces. A demo showing Smart Energy Profile 2.0 use cases will outline these features. The demo will show how web based applications can interact with the OSGi stack on the already publicly available UDK-21 based gateway to control remote devices, such as a thermostat or an electric load. The access to SEP 2.0 devices will be done by the means of JSON-RPC based APIs, independent of the underlying device protocol, hence highlighting the benefits of a generic protocol agnostic architecture from the application standpoint. Other examples of the products that can be built around UDK-21 include Electric Vehicle Charger, Smart Meter, and a Basement Sensor Hub.

TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches

Robb Boyd

Watch the REPLAY right now: http://bit.ly/2YoLbt3 Enterprise networks are now dealing with massive volumes of data, with a critical need to collect and analyze this data to respond faster and deliver insightful context. Traditional approaches, in which data is processed in remote servers, will no longer work. Data can burden the network unless some context is known. Edge computing can greatly reduce the data sent to the cloud or a remote server. Collecting and analyzing the data at the edge and making decisions locally rather than in centralized servers significantly reduces the latency and bandwidth of the network. Powered by an x86 CPU, the application hosting solution on the Cisco Catalyst 9000 switching family provides the intelligence required at the edge. Native Docker engine support on the switches will enable users to build and bring their own applications without additional packaging. Cisco DNA Center will provide consistent workflows to manage the entire application lifecycle across multiple Cisco Catalyst 9000 switches through the App Hosting dashboard. Resources: Watch the related TechWiseTV episode: http://cs.co/9001EIbih TechWiseTV: http://cs.co/9009DzrjN

Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM

mfrancis

Container & kubernetes

Ted Jung

OpenStack with OpenDaylight

Vikram G Hosakote

BsidesSP: Pentesting in SDN - Owning the Controllers

Roberto Soares

Conference: BsidesSP Description: SDN (Software Defined Network) has attracted the attention of many technology giants from various segments such as VMware, Juniper, Cisco, HP, IBM, Google, China Telecom, Huawei and others by providing more virtualized services that can be scheduled, managed and monitored faster, more efficient and in a less costly manner than the usual solutions. Defining routes, switching, QoS treatment and security policies that happened in stocky and specific hardware now has performed his duties in higher layers of software, installed on virtualized machine. But how can we test this? First, we'll address an overview of the SDN architecture, soon after, it will be explained how to find SDN controllers, and if present in our network, steal critical information so that we can proceed with our exploitation. In the end, we will take possession of the controllers and make unexpected. There will be a smattering of codes for metasploit that will be demonstrated. Does a controller can control us? We'll see.

Similar to Puppet day v1.1 (20)

Puppet devops wdec

Cisco Automation with Puppet and onePK - PuppetConf 2013

citus™ iot ecosystem

Stage 1 Tradecraft

Dan Norris: Exadata security

ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptx

Better Network Management Through Network Programmability

20151222_Interoperability with ML2: LinuxBridge, OVS and SDN

FIWARE Wednesday Webinars - Short Term History within Smart Systems

Study notes for CompTIA Certified Advanced Security Practitioner

Pluggable Infrastructure with CI/CD and Docker

DPDK & Cloud Native

26.1.7 lab snort and firewall rules

"Wie passen Serverless & Autonomous zusammen?"

Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...

TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches

Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM

Container & kubernetes

OpenStack with OpenDaylight

BsidesSP: Pentesting in SDN - Owning the Controllers

Recently uploaded

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Knowledge engineering: from people to machines and back

Elena Simperl

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Recently uploaded (20)

Generating a custom Ruby SDK for your web service or Rails API using Smithy

UiPath Test Automation using UiPath Test Suite series, part 3

Knowledge engineering: from people to machines and back

Assuring Contact Center Experiences for Your Customers With ThousandEyes

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

PCI PIN Basics Webinar from the Controlcase Team

Elevating Tactical DDD Patterns Through Object Calisthenics

Designing Great Products: The Power of Design and Leadership by Chief Designe...

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

JMeter webinar - integration with InfluxDB and Grafana

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

GraphRAG is All You need? LLM & Knowledge Graph

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Securing your Kubernetes cluster_ a step-by-step guide to success !

Puppet day v1.1

2. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 •  Puppet is client (node agent) – server (master) software & framework designed to automate node configuration and reporting. •  Puppet master stores target high level resource “intent” (manifest) for nodes. Manifest is compiled into a node’s list of dependent resource into catalog at puppet run time based on “facts” collected from the node •  Puppet client downloads the “catalog”, and any Puppet code (plugin) from Master. •  Puppet client uses local methods to realize catalog into config

3. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 •  onePK provides manageability abstraction. Avoids CLI scraping Consistent across cisco OSes Exposes dynamic device state + device configuration •  Linux Container Runs distro on OS kernel Fitted with cisco onepk libs Isolates app failures from Network Element Superior flexibility for application developers (compared to SDK enforced walled garden)Device Components Management Agents Manageability Abstraction Device Management Infrastructure OS-specific Management Infrastructure XOS and Component APIs Traditional Management Agents (CLI, syslog, SNMP, XML) Next Generation Management Agents (Puppet, ..) onePK PL Transport/Marshaling onePK AL OS Shim LinuxContainerNXOS

4. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Master Device Proxy Agent SSH, OnePK Device Proxy AgentDevice Agent Master Agent OnePK Linux container(s) on NXOS Agent OnePK

5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Master Device Proxy Agent SSH, OnePK Device Proxy AgentDevice Agent Master Agent OnePK Linux container(s) on NXOS Agent OnePK Pros: -  Each Agent maps directly to managed device -  machine’s characteristics (facts) exposed as own -  Easily extensible. Does not require core puppet code changes -  Automated agent plugin code download from master -  Better Scale Cons: -  Requires LXC container + OnePK capability on device Pros: -  No specific device requirements -  One agent can proxy for multiple machines Cons: -  CLI Scraping method -  More complicated Puppet agent (device proxy). -  Requires extensions in puppet core “device” mode code -  Scale and authentication management

6. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 (Demo) Sample Manifest node ”cisco-switch" { include onepk_module onepk_vlan { "1000": description => "Green_Vlan", ensure => present } onepk_interface { "Ethernet 1/2": mode => "access", vlan => "1000", ensure => present } $patch_f = "sysinfo_patch.tar.gz” onepk_patch { ”sysinfo_patch": patch => ” ${patch_f}", server_type => ”bootflash", ensure => present, } }

7. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Puppet Master Infra 1 2 3 1.  Based on push or pull trigger, agent runs facter to obtain device configuration information 2.  Agent sends facter data to master along with a catalog request + plugin (if needed) 3.  Master sends agent catalog response (subset of manifest based on agent’s facter data) 4.  Agent processes catalog - Provider applies necessary configuration changes 5.  After provider execution report sent to master ProviderFacter Puppet Agent 4 5 onePK API Cisco plugin Cisco plugin

8. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 •  Demo Flow: •  Show on N7k device •  A puppet agent run Agent run triggered. Facts/Catalog exchanged with master Agent uses OnePK to communicate with switch OS Applies VLAN + switch port configuration Downloads & applies NXOS patch •  Show on N7k device Note: A “bare-metal” version of this demonstration is also available for virgin switch provisioning using PoAP + Puppet: Includes image and container download & install.

Puppet day v1.1

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (13)

Similar to Puppet day v1.1

Similar to Puppet day v1.1 (20)

Recently uploaded

Recently uploaded (20)

Puppet day v1.1