This document provides an overview of Consul and Consul Connect for service mesh. It begins with a brief history of applications moving from monoliths to microservices and the need for a service mesh. It then explains what Consul is, including its key features like service discovery, configuration, and segmentation. The document demonstrates Consul Connect through a live demo of a Sock Shop application deployed on Kubernetes with Consul and Ambassador. It concludes with additional best practices and resources for using Consul in production environments.
In a world of disaggregated API-based architectures, developers are increasingly adopting microservices — and Service Mesh is being used to control many service-to-service communications. But Service Mesh is not addressing the concern of how the exploding number of APIs can be exposed in a controlled and secure manner to their API consumers.
In this meetup, we will discuss how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices to APIs, to end-user applications.
AWS Summit 2014 Brisbane - Breakout 2 Sponsor Session
Megaport's elastic connectivity platform complements the AWS elastic compute service. Our platform provides on-demand fast access, self-provisioning and scalable bandwidth via our self managed Megaportal and mobile apps. With access expanding to 35 Data Centres in Australia, Megaport provides the ultimate in on-demand access to AWS.
Megaport CEO and Founder, Bevan Slattery will present on-demand connectivity to AWS with a live demonstration on Megaports recently launched iPhone app.
Presenter: Bevan Slattery, Founder and CEO, Megaport
AWS Summit 2014 Melbourne - Breakout 2
Megaport's elastic connectivity platform complements the AWS elastic compute service. Our platform provides on-demand fast access, self-provisioning and scalable bandwidth via our self managed Megaportal and mobile apps. With access expanding to 35 Data Centres in Australia, Megaport provides the ultimate in on-demand access to AWS.
Megaport CEO and Founder, Bevan Slattery will present on-demand connectivity to AWS with a live demonstration on Megaports recently launched iPhone app.
Presenter: Bevan Slattery, Founder and CEO, Megaport
At the London Biztalk Summit, Mike and Oliver presented an integration architecture session which was about a vision for integration at the university of northumbria. Mike presented a reference architecture which demonstrated some of the techniques within the architecture. The demo used Minecraft as the user interface to drive the demo. Unfortunately due to limited time at the summit, we could not go into too much detail on the demo but in this session we will revisit some of the topics covered and also take a look under the covers of the demo and look at how the architecture works and minecraft can be hooked onto it.
This session will be more in the format of a show and tell rather than a formal presentation but we may revisit some of the slides from the summit. We will cover enough detail so that if you did not make it to the summit you will still understand what is going on.
As more applications are being developed as a set of microservices, containers and platforms such as Kubernetes make many things much easier, but still leave untouched many operational issues such as traffic management and visibility, service authentication, security and policy. Istio, is a new service mesh that attempts to address many of these. We will discuss the architecture of Istio and the benefits it may offer to new microservice-based systems in a multicloud world.
In a world of disaggregated API-based architectures, developers are increasingly adopting microservices — and Service Mesh is being used to control many service-to-service communications. But Service Mesh is not addressing the concern of how the exploding number of APIs can be exposed in a controlled and secure manner to their API consumers.
In this meetup, we will discuss how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices to APIs, to end-user applications.
AWS Summit 2014 Brisbane - Breakout 2 Sponsor Session
Megaport's elastic connectivity platform complements the AWS elastic compute service. Our platform provides on-demand fast access, self-provisioning and scalable bandwidth via our self managed Megaportal and mobile apps. With access expanding to 35 Data Centres in Australia, Megaport provides the ultimate in on-demand access to AWS.
Megaport CEO and Founder, Bevan Slattery will present on-demand connectivity to AWS with a live demonstration on Megaports recently launched iPhone app.
Presenter: Bevan Slattery, Founder and CEO, Megaport
AWS Summit 2014 Melbourne - Breakout 2
Megaport's elastic connectivity platform complements the AWS elastic compute service. Our platform provides on-demand fast access, self-provisioning and scalable bandwidth via our self managed Megaportal and mobile apps. With access expanding to 35 Data Centres in Australia, Megaport provides the ultimate in on-demand access to AWS.
Megaport CEO and Founder, Bevan Slattery will present on-demand connectivity to AWS with a live demonstration on Megaports recently launched iPhone app.
Presenter: Bevan Slattery, Founder and CEO, Megaport
At the London Biztalk Summit, Mike and Oliver presented an integration architecture session which was about a vision for integration at the university of northumbria. Mike presented a reference architecture which demonstrated some of the techniques within the architecture. The demo used Minecraft as the user interface to drive the demo. Unfortunately due to limited time at the summit, we could not go into too much detail on the demo but in this session we will revisit some of the topics covered and also take a look under the covers of the demo and look at how the architecture works and minecraft can be hooked onto it.
This session will be more in the format of a show and tell rather than a formal presentation but we may revisit some of the slides from the summit. We will cover enough detail so that if you did not make it to the summit you will still understand what is going on.
As more applications are being developed as a set of microservices, containers and platforms such as Kubernetes make many things much easier, but still leave untouched many operational issues such as traffic management and visibility, service authentication, security and policy. Istio, is a new service mesh that attempts to address many of these. We will discuss the architecture of Istio and the benefits it may offer to new microservice-based systems in a multicloud world.
AWS Summit 2014 Perth - Breakout 2
Megaport's elastic connectivity platform complements the AWS elastic compute service. Our platform provides on-demand fast access, self-provisioning and scalable bandwidth via our self managed Megaportal and mobile apps. With access expanding to 35 Data Centres in Australia, Megaport provides the ultimate in on-demand access to AWS.
Megaport CEO and Founder, Bevan Slattery will present on-demand connectivity to AWS with a live demonstration on Megaports recently launched iPhone app.
Presenter: Bevan Slattery, Founder and CEO, Megaport
Microservices and elastic resource pools with Amazon EC2 Container ServiceBoyan Dimitrov
This talk explores a scalable and cost efficient way of deploying and running microservices workloads using quality of service scheduling on top of Amazon EC2 Container service. Running services in a pay as you go fashion will soon be a reality as much as todays on demand compute
Allwyn Sequeira
CTO and VP, Security & Networking
VMware
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Production ready microservices (by Viktor Bushmin)ViktorBushmin
My view of the production ready microservices. By the way I prefer nanoservices.
microservice-per-host model
load balancing
worker-based system
one microservice per one feature (function)
each microservice contains API endpoints, backend and storage (DB)
no API versions just Consumer-Driven Contracts behaviors
no tight coupling between microservices
secured connections between microservices
global session UUID for all microservices
scalable, reliable, fault-tolerant, performant, monitored, documented, and catastrophe-prepared microservices
In this talk we explore some of the tools we built at Hailo to monitor our microservices platform. By using a combination of instrumentation, in-depth service monitoring, request tracing, event correlation and automation frameworks we manage to present a holistic view of our infrastructure.
Observability foundations in dynamically evolving architecturesBoyan Dimitrov
Holistic application health monitoring, request tracing across distributed systems, instrumentation, business process SLAs - all of them are integral parts of today’s technical stacks. Nevertheless many teams decide to integrate observability last which makes it an almost impossible challenge - especially if you have to deal with hundreds and thousands of services. Therefore starting early is essential and in this talk we are going to see how we can solve those challenges early and explore the foundations of building and evolving complex microservices platforms in respect to observability.
We are going to share some of the best practices and quick wins that allow us to correlate different telemetry systems and gradually build up towards more sophisticated use-cases.
We are also going to look at some of the standard AWS services such as X-Ray and Cloudwatch that help us get going "for free" and then discuss more complex tooling and integrations building up towards a fully integrated ecosystem. As part of this talk we are also going to share some of the learnings we have made at Sixt on this topic and we are going to introduce some of the solutions that help us operate our microservices stack
Trawex is one of the leading travel technology company having expertise in developing travel api. We develop travel portals as per customers requirements for travel companies and travel agents. Our travel API offers you a cost-effective way to build and update your own customized travel booking applications.
Using Cloud Management to Deliver Speed and Consistency in an Agile EnvironmentOstrato
Deploying in the cloud doesn't guarantee speed and consistency -- two necessary components of continuous delivery. Learn how Ostrato's cloudSM cloud management platform can help developers & agile testers.
Organization should be culturally aligned, as well as provide a subtle environment in adopting to a Micro Services architecture. Transitioning or Developing applications using Micro Services architecture is definitely not a cake walk
AWS Summit 2014 Perth - Breakout 2
Megaport's elastic connectivity platform complements the AWS elastic compute service. Our platform provides on-demand fast access, self-provisioning and scalable bandwidth via our self managed Megaportal and mobile apps. With access expanding to 35 Data Centres in Australia, Megaport provides the ultimate in on-demand access to AWS.
Megaport CEO and Founder, Bevan Slattery will present on-demand connectivity to AWS with a live demonstration on Megaports recently launched iPhone app.
Presenter: Bevan Slattery, Founder and CEO, Megaport
Microservices and elastic resource pools with Amazon EC2 Container ServiceBoyan Dimitrov
This talk explores a scalable and cost efficient way of deploying and running microservices workloads using quality of service scheduling on top of Amazon EC2 Container service. Running services in a pay as you go fashion will soon be a reality as much as todays on demand compute
Allwyn Sequeira
CTO and VP, Security & Networking
VMware
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Production ready microservices (by Viktor Bushmin)ViktorBushmin
My view of the production ready microservices. By the way I prefer nanoservices.
microservice-per-host model
load balancing
worker-based system
one microservice per one feature (function)
each microservice contains API endpoints, backend and storage (DB)
no API versions just Consumer-Driven Contracts behaviors
no tight coupling between microservices
secured connections between microservices
global session UUID for all microservices
scalable, reliable, fault-tolerant, performant, monitored, documented, and catastrophe-prepared microservices
In this talk we explore some of the tools we built at Hailo to monitor our microservices platform. By using a combination of instrumentation, in-depth service monitoring, request tracing, event correlation and automation frameworks we manage to present a holistic view of our infrastructure.
Observability foundations in dynamically evolving architecturesBoyan Dimitrov
Holistic application health monitoring, request tracing across distributed systems, instrumentation, business process SLAs - all of them are integral parts of today’s technical stacks. Nevertheless many teams decide to integrate observability last which makes it an almost impossible challenge - especially if you have to deal with hundreds and thousands of services. Therefore starting early is essential and in this talk we are going to see how we can solve those challenges early and explore the foundations of building and evolving complex microservices platforms in respect to observability.
We are going to share some of the best practices and quick wins that allow us to correlate different telemetry systems and gradually build up towards more sophisticated use-cases.
We are also going to look at some of the standard AWS services such as X-Ray and Cloudwatch that help us get going "for free" and then discuss more complex tooling and integrations building up towards a fully integrated ecosystem. As part of this talk we are also going to share some of the learnings we have made at Sixt on this topic and we are going to introduce some of the solutions that help us operate our microservices stack
Trawex is one of the leading travel technology company having expertise in developing travel api. We develop travel portals as per customers requirements for travel companies and travel agents. Our travel API offers you a cost-effective way to build and update your own customized travel booking applications.
Using Cloud Management to Deliver Speed and Consistency in an Agile EnvironmentOstrato
Deploying in the cloud doesn't guarantee speed and consistency -- two necessary components of continuous delivery. Learn how Ostrato's cloudSM cloud management platform can help developers & agile testers.
Organization should be culturally aligned, as well as provide a subtle environment in adopting to a Micro Services architecture. Transitioning or Developing applications using Micro Services architecture is definitely not a cake walk
Service Discovery and Registration in a Microservices ArchitecturePLUMgrid
Microservices, Service Discovery and Registration have been heading towards the peak of inflated expectations on the Gartner Hype cycle for over the last year or so, but there has often been a lack of clarity as to what these are, why are they needed or how to implement them well.
Service discovery and registration are key components of most distributed systems and service oriented architectures. In this session we will talk about what, why and how of service registration and discovery in distributed systems in general and OpenStack in particular.
We will talk about some of the technologies that address this challenge like Zookeeper, Etcd, Consul, Mesos-DNS, Minuteman, SkyDNS, SmartStack or Eureka. We will also address how these technologies as well as existing OpenStack projects can be used to solve this problem inside OpenStack environments.
See a demo of HashiCorp Consul Service (HCS) on Azure and learn how it could be used to migrate from monolithic, VM-based apps to microservices running on Kubernetes.
#JaxLondon keynote: Developing applications with a microservice architectureChris Richardson
The micro-service architecture, which structures an application as a set of small, narrowly focused, independently deployable services, is becoming an increasingly popular way to build applications. This approach avoids many of the problems of a monolithic architecture. It simplifies deployment and let’s you create highly scalable and available applications. In this keynote we describe the micro-service architecture and how to use it to build complex applications. You will learn how techniques such as Command Query Responsibility Segregation (CQRS) and Event Sourcing address the key challenges of developing applications with this architecture. We will also cover some of the various frameworks such as Spring Boot that you can use to implement micro-services.
OpenStack and Cloud Foundry - Pair the leading open source IaaS and PaaSDaniel Krook
OpenStack is the leading open source Infrastructure-as-a-Service, and Cloud Foundry has become the leading open source Platform-as-a-Service. Deploying them together is a natural fit for your next generation systems of engagement.
This special joint meetup of the OpenStack NY and NYC Cloud Foundry communities will give both audiences an introduction to these popular open source IaaS and PaaS projects.
The presentation will describe the compelling advantages of each technology, and then explain how they can be integrated, optimized, and scaled to provide a complete cloud application hosting solution.
Speaker:
Owen Garrett
Sr. Director, Product Management
NGINX, Inc.
On-Deman Link: https://www.nginx.com/resources/webinars/need-service-mesh/
About the webinar:
Service mesh is one of the hottest emerging technologies. Even though it’s a nascent technology, many vendors have already released their implementation. But do you really need a service mesh?
Attend this webinar to learn about the levels of maturity on the journey to modernizing your apps using microservices, and the traffic management approaches best suited to each level. We’ll help you figure out if you really need a service mesh.
Early Draft: Service Mesh allows developers to focus on business logic while the crosscutting network data layer code is handled by the Service Mesh. This is a boon because this code can be tricky to implement and hard to test all of the edge cases. Service Mesh takes this a few steps further than AOP or Servlet Filters or custom language-specific frameworks because it works regardless of the underlying programming language being used which is great for polyglot development shops. Thus standardizing how these layers work, while allowing teams to pick the best tools or languages for the job at hand. Kubernetes and Istio Service Mesh automate best practices for DevSecOps needs like: failover, scale-out, scalability, health checks, circuit breakers, rate limiters, metrics, observability, avoiding cascading failure, disaster recovery, and traffic routing; supporting CI/CD and microservices architecture.
Istio’s ability to automate and maintaining zero trust networks is its most important feature. In the age of high-profile data breaches, security is paramount. Companies want to avoid major brand issues that impact the bottom line and shrink market capitalization in an instant. Istio allows a standard way to do mTLS and auto certificate rotation which helps prevent a breach and limits the blast radius if a breach occurs. Istio also takes the concern of mTLS from microservices deployments and makes it easy to use taking the burden off of application developers.
Presentation from DDD Sydney, May 28th, 2016
Buzz word! More buzz words! And another buzz word!! Now that that's out of the way, if you're thinking of heading down the microservices path, then how do you do it? How do you build the services? What do you need to think about if you're starting from scratch? What if you're converting a legacy app? How do we deal with versioning? Do we have to use a NoSQL solution, just because Netflix does? Do we need to use docker/containers? What about the code? Show me the code! Well, that's what this session is all about. Designing and building microservices in .NET and then handling a bunch of other concerns that a microservices approach will force you to think about. Sounds interesting, doesn't it? You betcha.
Consul is a Service Networking tool designed to connect applications and services across a multi-cloud world. With Consul, organizations can manage service discovery and health monitoring, automate their middleware and leverage service mesh to connect virtual machine environments and Kubernetes clusters.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
3. Agenda 1. What is service mesh? A brief history lesson
2. What is Consul and how does it work?
3. Live demo: building a working Kube cluster
with Consul, Ambassador, and demo app
4. Q&A
5. The Dawn of Time (pre-2010)
In the beginning was the monolith
6. The Age of Enlightenment
Breaking up the Monolith
7. The Age of Enlightenment
Google Trends: Microservices
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
8. The Age of Enlightenment?
Enterprise Services Buses
9. The Reformation
Service mesh is a lightweight infrastructure component designed to
answer these questions:
▪ Where are my services?
▪ Are they all healthy?
▪ How do I connect them securely?
10. The Renaissance
Google Trends: ESB, SOA, Service Mesh
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
enterprise service bus
service oriented architecture
service mesh
12. Application Security
Monolithic architecture (pre-cloud)
Statically provisioned servers live in your
corporate datacenter, probably in a DMZ,
fronted by a firewall and a load balancer.
Security is based on IP address and port.
13. Application Security
Cloud microservices
Monoliths are decomposed into small units
of code (microservices), easier to deploy
and scale in the cloud (or multiple clouds).
But where do you put the security barrier?
17. What is Consul?
Consul is a service mesh solution providing a full featured control plane
with service discovery, configuration, and segmentation functionality.
19. What is Consul?
Consul is a service mesh solution
providing a full featured control plane with
service discovery,
configuration, and
segmentation functionality.
20. Features Service Registry
Keeps a real-time list of services, their location,
and their current health status.
Multi Datacenter
Supports multiple datacenters out of the box.
Automatic failover to other data centers.
DNS Interface
Enables service discovery using a built-in DNS
server.
Health Checks
Prevents routing requests to unhealthy hosts and
enables services to easily provide circuit breakers.
HTTP Interface
HTTP API to query the service registry for nodes,
services, and health check information. This allows
automation tools to react to services in real time.
Load Balancing
Provides dynamic east-west load balancing of
services and distributes traffic to healthy instances
only.
27. Service Mesh Demos
Heat Clinic
Legacy monolithic e-commerce application with three tiers — database, app
server, web server — running on 6 cloud compute instances.
Sock Shop
Modern microservice e-commerce application deployed in a Kubernetes cluster
with Consul and Ambassador.
29. Why do we need Ambassador?
Consul is designed to manage East-West traffic between services.
Ambassador is designed to manage North-South traffic.
▪ URL-based routing and rewriting
▪ Canary release/traffic shadowing/AB testing
▪ Session management
30. Consul Connect in Kubernetes
Injection of sidecar proxies
Adding the connect-inject annotation to a
pod will cause Consul to spin up a proxy
sidecar in the pod and register the service
with Consul.
31. Consul Connect in Kubernetes
Adapting your existing services
1. Add annotations.
2. Configure app to use localhost.
3. There is no step 3.
Replace
with”localhost”
36. Walk
Turn on Consul Connect and
secure traffic between
services.
Crawl
Deploy Consul, register some
services, start using it for
service discovery.
Run
Connect multiple datacenters,
incorporate both Kubernetes
and legacy environments, etc.
Crawl-Walk-Run Approach
37. Securing for
production
1. Gossip encryption
2. TLS for RPC between Consul nodes
3. TLS for HTTP
4. Bootstrap the ACL system
#1 and #4 are fully supported in Helm chart.
#2 and #3 will be added soon.
Not talking about the monolith from 2001 A Space Odyssey, I’m talking about application architecture
Spent the last 30 years learning how to break up code into components
Hadn’t made the same leap with deployments - compile components into libraries, link libraries into main program, deploy the whole mess
Drawback: have to wait for all teams to be ready
Maybe we should deploy our apps the same way we build them:
Break up our app into lots of small web services
You can see how interest in microservices started to grow
Around the same time we saw interest in some other concepts - cloud, DevOps, & containers
Not an accident -
Containers made it easier to package apps, especially small apps
Made sense to give each team control over deploying their own stuff
The problem then became - how do I discover, connect and monitor these services?
The first sort of corporate enterprise-y solution was called an ESB
ESB itself was a huge, complex, finicky application
Needed a whole middleware team - sysadmins, DBA’s, priests
Single point of failure
We needed something lighter weight. Thus the service mesh was born.
You can see how interest in service mesh has taken off the last 2-3 years
They had already built a tool called Consul designed to do a lot of the same stuff
Had a service catalog you could query
Had a key/value store for configuration
Distributed, scales to thousands of servers or cloud instances
Missing one thing: security
Drawbacks:
Deployments are slow and complicated
Bringing more capacity online can take weeks
Can only move as fast as the slowest team
How do you draw a box around your environment?
Draw lots of little boxes. Put a firewall around each unit.
This leads to 500,000 security groups.
The only thing that makes sense is to trust no one
Or, as Ronald Reagan once said: “Trust, but verify”
1. If you don’t trust the network, encrypt the traffic
2. If you don’t know who you’re talking to, authenticate them
3. If you’re not sure they’re allowed to talk to you, make sure they’re authorized
Either rewrite apps to handle all of that, or…
Put proxy in front of each app. Proxies are transparent.
Proxies are data plane, Consul is control plane.
Pluggable data plane - use whatever you like
If you go to our web site and open our documentation, the very first page says this (read the text aloud)
If you’re like me, sometimes too many buzzwords makes your brain lock up
What did that mean?
Segmentation is a fancy name for applying security at a more granular level
Clients generate certificates for each service, signed by a common CA
I can authenticate peer based on common CA, SNI
Kubernetes has service catalog, health checks, etc.
We just leverage that existing data.