The document discusses service meshes and Consul. It provides an overview of smart networking principles like service discovery, identity, authorization and encryption between services. It describes how a service mesh like Consul separates the control plane and data plane. The control plane handles configuration and policy while the data plane handles traffic routing. The document outlines Consul's architecture, usage and capabilities like service discovery, configuration and segmentation. It also previews exercises on exploring Consul's service discovery, KV store and service mesh features.
With the GA release of Consul 1.6, HashiCorp Dev Advocate Nic Jackson demos several new features in this release, including Layer 7 controls and Mesh Gateways.
Infrastructure as Code has gained a lot of traction within DevOps culture over the past ten years and brought significant changes how we manage IT infrastructure and its lifecycle. We want to deploy it as efficiently and frictionless as possible and there are many different tools available we can choose from. Using off-the-shelf SaaS solution can save us a lot of time and other resources needed to achieve that. At HashiConf'19 Terraform Cloud was announced and made generally available, which confirms IaC is getting more commodified and easily available as SaaS product.
This talk will focus on a detailed overview of Terraform Cloud features, such as remote execution, state/lock management, private modules/registry and others. Further it will examine how is Terraform Cloud abstracting complexity and amending current infrastructure deployment workflows. We will also look into CI/CD integration, collaboration features and discuss current shortcomings with possible upcoming features.
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
Netflix was one of the earliest very large AWS customers. By 2014, we were running hundreds of applications in Amazon EC2. That was great, until we needed to move to VPC. Given our scale, uptime requirements, and the decentralized nature of how we manage our production environment, the VPC migration (still ongoing) presented particular challenges for us and for AWS as it sought to support our move. In this talk, we discuss the starting state, our requirements and the operating principles we developed for how we wanted to drive the migration, some of the issues we ran into, and how the tight partnership with AWS helped us migrate from an EC2-Classic platform to an EC2-VPC platform.
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020Mitoc Group
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Best practices include collaborative approach to infrastructure provisioning, use of version control systems and prevent manual changes, as well as efficient management of boundaries between different teams, roles, applications and deployment tiers. In this session we will walk you through our journey of helping customers set up AWS Landing Zone -- a secure, multi-account AWS environment based on AWS best practices. We will focus on lessons learned and best practices that goes above and beyond official documentation.
The upcoming 0.10 release of Nomad brings many exciting network-oriented features to the product. In this session, you will learn how you can use Nomad, including these new features with Consul Connect, to provide secure communication and service mesh capabilities to your applications.
This presentation was made by Madhusudan Shekar of AWS as as main session in Container Conference 2018 on 3rd August in Bangalore.
The Evolution to Microservices – A Container Story
"Technology improves at a rapid pace across compute, storage and networking, but we tend to continue to build applications that are yet to take advantage of much of these capabilities. Cloud platforms provide a way to abstract these complexities from the developer, enabling them to adopt these innovations rapidly. In this session, we will look at how application architectures are evolving, and how it is now possible for developers to prioritise on innovation rather than operation and bring value to the user base."
With the GA release of Consul 1.6, HashiCorp Dev Advocate Nic Jackson demos several new features in this release, including Layer 7 controls and Mesh Gateways.
Infrastructure as Code has gained a lot of traction within DevOps culture over the past ten years and brought significant changes how we manage IT infrastructure and its lifecycle. We want to deploy it as efficiently and frictionless as possible and there are many different tools available we can choose from. Using off-the-shelf SaaS solution can save us a lot of time and other resources needed to achieve that. At HashiConf'19 Terraform Cloud was announced and made generally available, which confirms IaC is getting more commodified and easily available as SaaS product.
This talk will focus on a detailed overview of Terraform Cloud features, such as remote execution, state/lock management, private modules/registry and others. Further it will examine how is Terraform Cloud abstracting complexity and amending current infrastructure deployment workflows. We will also look into CI/CD integration, collaboration features and discuss current shortcomings with possible upcoming features.
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
Netflix was one of the earliest very large AWS customers. By 2014, we were running hundreds of applications in Amazon EC2. That was great, until we needed to move to VPC. Given our scale, uptime requirements, and the decentralized nature of how we manage our production environment, the VPC migration (still ongoing) presented particular challenges for us and for AWS as it sought to support our move. In this talk, we discuss the starting state, our requirements and the operating principles we developed for how we wanted to drive the migration, some of the issues we ran into, and how the tight partnership with AWS helped us migrate from an EC2-Classic platform to an EC2-VPC platform.
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020Mitoc Group
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Best practices include collaborative approach to infrastructure provisioning, use of version control systems and prevent manual changes, as well as efficient management of boundaries between different teams, roles, applications and deployment tiers. In this session we will walk you through our journey of helping customers set up AWS Landing Zone -- a secure, multi-account AWS environment based on AWS best practices. We will focus on lessons learned and best practices that goes above and beyond official documentation.
The upcoming 0.10 release of Nomad brings many exciting network-oriented features to the product. In this session, you will learn how you can use Nomad, including these new features with Consul Connect, to provide secure communication and service mesh capabilities to your applications.
This presentation was made by Madhusudan Shekar of AWS as as main session in Container Conference 2018 on 3rd August in Bangalore.
The Evolution to Microservices – A Container Story
"Technology improves at a rapid pace across compute, storage and networking, but we tend to continue to build applications that are yet to take advantage of much of these capabilities. Cloud platforms provide a way to abstract these complexities from the developer, enabling them to adopt these innovations rapidly. In this session, we will look at how application architectures are evolving, and how it is now possible for developers to prioritise on innovation rather than operation and bring value to the user base."
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
AWS re:Invent 2016: Media Delivery from the Cloud: Integrated AWS Solutions f...Amazon Web Services
Learn from AWS and Sony DADC how the transformation in content aggregation, management, and delivery are optimized with Sony Ven.ue; a Media as a Service (MaaS) offering. In this session, you learn about the Ven.ue architecture, which uses end-to-end AWS services for content preparation, protection, management, and global content delivery. We dive deep on the integrations with AWS that make Amazon CloudFront a core component of the Ven.ue service. You also hear from a customer of Sony Ven.ue, Funimation, on how they benefit from this platform.
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
IT infrastructure and apps are moving en masse to public clouds – AWS, Azure, Google – understanding leveraging infrastructure as code to provision the network services, connectivity and security to maximize simplicity, security and performance is critical to DevOps success in building and managing the new Enterprise Multi-Cloud Backbone.
In this webinar, you’ll learn more about critical use cases such as (1) Using Terraform to spin up transit networking services in AWS, (2) profile-based secure cloud access for developers, and (3) VPC secure egress filtering to meet compliance, including deeper dives into:
Deploying the network as code using automation tools
Addressing specific operational challenges for high availability, across multiple VPCs
Isolating environments for dev and test easily
Design pattern details and the pros and cons of each approach
Understanding the limitation of native services and how to add value and capabilities with advanced services
How to architect an Enterprise Multi-Cloud Backbone to support all your cloud use case
Ever wished you had a list of cheat codes to unleash the full power of AWS Lambda for your production workload? Come learn how to build a robust, scalable, and highly available serverless application using AWS Lambda. In this session, we discuss hacks and tricks for maximizing your AWS Lambda performance, such as leveraging customer reuse, using the 500 MB scratch space and local cache, creating custom metrics for managing operations, aligning upstream and downstream services to scale along with Lambda, and many other workarounds and optimizations across your entire function lifecycle.
You also learn how Hearst converted its real-time clickstream analytics data pipeline from a server-based model to a serverless one. The infrastructure of the data pipeline relied on Amazon EC2 instances and cron jobs to shepherd data through the process. In 2016, Hearst converted its data pipeline architecture to a serverless process that relies on event triggers and the power of AWS Lambda. By moving from a time-based process to a trigger-based process, Hearst improved its pipeline latency times by 50%.
Serverless Architectural Patterns and Best Practices - Madhu Shekar - AWSCodeOps Technologies LLP
This presentation was made by Madhusudan Shekar (Principal Evangelist) at AWS - on 9th June 2018 in Bridgei2i Analytics, Bangalore as part of Cloud Native meetup.
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
Distributed denial of service (DDoS) attack mitigation has traditionally been a challenge for those hosting on fixed infrastructure. In the cloud, users can build applications on elastic infrastructure that is capable of mitigating and absorbing DDoS attacks. What once required overprovisioning, additional infrastructure, or third-party services is now an inherent capability of many cloud-based applications. This session explains common DDoS attack vectors and how AWS customers with different use cases are addressing these challenges. As part of the session, we show you how to build applications that are resilient to DDoS and demonstrate how they work in practice.
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
In this session, Datapipe's Chief Technology Officer, John Landy, will lead a conversation with Datapipe Solution Architects around the steps taken to architect and manage an end-to-end hybrid infrastructure. This session will cover real world hybrid use-cases including migration, disaster recovery, governance, compliance and redundancy with multi-zone, multi-region deployments through discussion of three common challenges organizations face when moving to the cloud:
Architecting a Secure and Compliant Hybrid Solution
Staging Migrations: Getting from point A to point B to point AB
Ongoing management and optimization
Sponsored by Datapipe
Watch this succinct guide to the benefits of modern scheduling and how HashiCorp Nomad can help you move your organization toward more modern deployment patterns.
HashiCorp Nomad is an easy-to-use and flexible workload orchestrator that enables organizations to automate the deployment of any applications on any infrastructure at any scale across multiple clouds. While Kubernetes gets a lot of attention, Nomad is an attractive alternative that is easy to use, more flexible, and natively integrated with HashiCorp Vault and Consul. In addition to running Docker containers, Nomad can also run non-containerized, legacy applications on both Linux and Windows servers.
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
If your institution is beginning your cloud journey with Internet2 NET+ AWS, join this webinar to learn how to get started. This webinar will spend 30 minutes covering how to connect to AWS via the Internet2 Network, and then deep dive into networking topics. You’ll learn high-level network design, how to transfer packets to and from the AWS Cloud, and the basics of Amazon Virtual Private Cloud (VPC), VPNs to AWS, and Direct Connect. Finally, you’ll get an overview of how the Internet2 Network facilitates connections to Regional Networks in the US and other National Research and Education Networks (NREN) internationally.
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...Amazon Web Services
Today, many enterprises' data centers are at capacity, and these data centers are looking to expand their infrastructure footprint using the cloud. By leveraging a hybrid architecture, enterprises can expand their capabilities while maintaining some or all of their existing management tools. This session will go into detail on managing your AWS infrastructure with the AWS Management Portal for vCenter, integrating the AWS Management Pack for Microsoft System Center for monitoring your AWS resources, and possible future System Center and vCenter AWS cloud management features and functionality.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Forward Networks - Networking Field Day 13 presentationAndrew Wesbecher
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
Forward Networks - Networking Field Day 13 presentationForward Networks
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
AWS re:Invent 2016: Media Delivery from the Cloud: Integrated AWS Solutions f...Amazon Web Services
Learn from AWS and Sony DADC how the transformation in content aggregation, management, and delivery are optimized with Sony Ven.ue; a Media as a Service (MaaS) offering. In this session, you learn about the Ven.ue architecture, which uses end-to-end AWS services for content preparation, protection, management, and global content delivery. We dive deep on the integrations with AWS that make Amazon CloudFront a core component of the Ven.ue service. You also hear from a customer of Sony Ven.ue, Funimation, on how they benefit from this platform.
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
IT infrastructure and apps are moving en masse to public clouds – AWS, Azure, Google – understanding leveraging infrastructure as code to provision the network services, connectivity and security to maximize simplicity, security and performance is critical to DevOps success in building and managing the new Enterprise Multi-Cloud Backbone.
In this webinar, you’ll learn more about critical use cases such as (1) Using Terraform to spin up transit networking services in AWS, (2) profile-based secure cloud access for developers, and (3) VPC secure egress filtering to meet compliance, including deeper dives into:
Deploying the network as code using automation tools
Addressing specific operational challenges for high availability, across multiple VPCs
Isolating environments for dev and test easily
Design pattern details and the pros and cons of each approach
Understanding the limitation of native services and how to add value and capabilities with advanced services
How to architect an Enterprise Multi-Cloud Backbone to support all your cloud use case
Ever wished you had a list of cheat codes to unleash the full power of AWS Lambda for your production workload? Come learn how to build a robust, scalable, and highly available serverless application using AWS Lambda. In this session, we discuss hacks and tricks for maximizing your AWS Lambda performance, such as leveraging customer reuse, using the 500 MB scratch space and local cache, creating custom metrics for managing operations, aligning upstream and downstream services to scale along with Lambda, and many other workarounds and optimizations across your entire function lifecycle.
You also learn how Hearst converted its real-time clickstream analytics data pipeline from a server-based model to a serverless one. The infrastructure of the data pipeline relied on Amazon EC2 instances and cron jobs to shepherd data through the process. In 2016, Hearst converted its data pipeline architecture to a serverless process that relies on event triggers and the power of AWS Lambda. By moving from a time-based process to a trigger-based process, Hearst improved its pipeline latency times by 50%.
Serverless Architectural Patterns and Best Practices - Madhu Shekar - AWSCodeOps Technologies LLP
This presentation was made by Madhusudan Shekar (Principal Evangelist) at AWS - on 9th June 2018 in Bridgei2i Analytics, Bangalore as part of Cloud Native meetup.
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
Distributed denial of service (DDoS) attack mitigation has traditionally been a challenge for those hosting on fixed infrastructure. In the cloud, users can build applications on elastic infrastructure that is capable of mitigating and absorbing DDoS attacks. What once required overprovisioning, additional infrastructure, or third-party services is now an inherent capability of many cloud-based applications. This session explains common DDoS attack vectors and how AWS customers with different use cases are addressing these challenges. As part of the session, we show you how to build applications that are resilient to DDoS and demonstrate how they work in practice.
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
In this session, Datapipe's Chief Technology Officer, John Landy, will lead a conversation with Datapipe Solution Architects around the steps taken to architect and manage an end-to-end hybrid infrastructure. This session will cover real world hybrid use-cases including migration, disaster recovery, governance, compliance and redundancy with multi-zone, multi-region deployments through discussion of three common challenges organizations face when moving to the cloud:
Architecting a Secure and Compliant Hybrid Solution
Staging Migrations: Getting from point A to point B to point AB
Ongoing management and optimization
Sponsored by Datapipe
Watch this succinct guide to the benefits of modern scheduling and how HashiCorp Nomad can help you move your organization toward more modern deployment patterns.
HashiCorp Nomad is an easy-to-use and flexible workload orchestrator that enables organizations to automate the deployment of any applications on any infrastructure at any scale across multiple clouds. While Kubernetes gets a lot of attention, Nomad is an attractive alternative that is easy to use, more flexible, and natively integrated with HashiCorp Vault and Consul. In addition to running Docker containers, Nomad can also run non-containerized, legacy applications on both Linux and Windows servers.
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
If your institution is beginning your cloud journey with Internet2 NET+ AWS, join this webinar to learn how to get started. This webinar will spend 30 minutes covering how to connect to AWS via the Internet2 Network, and then deep dive into networking topics. You’ll learn high-level network design, how to transfer packets to and from the AWS Cloud, and the basics of Amazon Virtual Private Cloud (VPC), VPNs to AWS, and Direct Connect. Finally, you’ll get an overview of how the Internet2 Network facilitates connections to Regional Networks in the US and other National Research and Education Networks (NREN) internationally.
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...Amazon Web Services
Today, many enterprises' data centers are at capacity, and these data centers are looking to expand their infrastructure footprint using the cloud. By leveraging a hybrid architecture, enterprises can expand their capabilities while maintaining some or all of their existing management tools. This session will go into detail on managing your AWS infrastructure with the AWS Management Portal for vCenter, integrating the AWS Management Pack for Microsoft System Center for monitoring your AWS resources, and possible future System Center and vCenter AWS cloud management features and functionality.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Forward Networks - Networking Field Day 13 presentationAndrew Wesbecher
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
Forward Networks - Networking Field Day 13 presentationForward Networks
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
I'm a developer; should I care about a service mesh?Aspen Mesh
A disruptive technology pattern like a service mesh is exciting, but it can also be confusing as it straddles various concerns and responsibilities ranging from SecOps to application developers.
Neeraj Poddar dissects service mesh capabilities using Istio as an example, focusing on the pieces you should care about, and explores how you can offload some of the logic traditionally baked into the applications—distributed tracing and telemetry, request retries and timeouts, mutual transport layer security (TLS) and end user validation, and service decomposition—into a common infrastructure layer. Neeraj then walks you through some of the questions you should be asking your platform team, such as if you need to update your applications to use service mesh and whether or not the sidecars will downgrade your application performance, as you adopt a service mesh environment.
OSCON 2019 - I'm a Developer, should I care about a service mesh?Neeraj Poddar
A disruptive technology pattern like a service mesh is exciting, but it can also be confusing as it straddles various concerns and responsibilities ranging from SecOps to application developers.
Neeraj Poddar dissects service mesh capabilities using Istio as an example, focusing on the pieces you should care about, and explores how you can offload some of the logic traditionally baked into the applications—distributed tracing and telemetry, request retries and timeouts, mutual transport layer security (TLS) and end user validation, and service decomposition—into a common infrastructure layer. Neeraj then walks you through some of the questions you should be asking your platform team, such as if you need to update your applications to use service mesh and whether or not the sidecars will downgrade your application performance, as you adopt a service mesh environment.
Networking @Scale'19 - Getting a Taste of Your Network - Sergey FedorovSergey Fedorov
Sergey Fedorov, Senior Software Engineer at Netflix, describes a client-side network measurement system called "Probnik", and how it can be used to improve performance, reliability and control of client-server network interactions.
Modern application architectures are embracing public clouds, microservices, and container schedulers like Kubernetes and Nomad. These bring complex service-to-service communication patterns, increased scale, dynamic IP addresses, ephemeral infrastructure, and higher failure rates. These changes require a new approach for service discovery, configuration, and segmentation. Service discovery enables services to find and communicate with each other. Service configuration allows us to dynamically configure applications at runtime. Service segmentations lets us secure our microservices architectures by limiting access. In this talk, we cover these challenges and how to solve them with Consul providing as a service mesh.
Jan Lindblad's presentation at Layer123 SDN and OpenFlow World Congress in Bad Homburg, Germany. Focusing on a multi-vendor SDN deployment at a Tier 1 Service Provider in Asia.
Tail-f Network Control System (NCS) use case:
• Dynamic control of L3-L7 devices using service- oriented network API
• Service chaining using OpenFlow
• Virtualized appliances
There is a lot of talk now around the term Service Mesh. The hype is high and the promise is real. The problem is that there is not really a good definition of what service mesh really is. In this talk we are going to review the problem service meshes are trying to solve, name the core components that make up a service mesh, and discuss the benefits an organization can receive by implementing this new technology.
PostgreSQL High-Availability and Geographic Locality using consulSean Chittenden
Virtual IPs or floating IPs have long been the workhorse mechanism for providing high-availability for database systems, however floating IP addresses have several limitations that make it problematic in modern data centers and cloud environments, notably that it requires all members be in the same Layer-2 domain. consul is a strongly consistent way of providing high-availability services in Layer-3 environments and provides fail-over across different geographic regions. In this talk we will discuss the benefits, setup, and use of consul for fail-over of PostgreSQL, both in a local data center scenario and a geographic redundancy scenario where databases are split across multiple data centers.
#JaxLondon keynote: Developing applications with a microservice architectureChris Richardson
The micro-service architecture, which structures an application as a set of small, narrowly focused, independently deployable services, is becoming an increasingly popular way to build applications. This approach avoids many of the problems of a monolithic architecture. It simplifies deployment and let’s you create highly scalable and available applications. In this keynote we describe the micro-service architecture and how to use it to build complex applications. You will learn how techniques such as Command Query Responsibility Segregation (CQRS) and Event Sourcing address the key challenges of developing applications with this architecture. We will also cover some of the various frameworks such as Spring Boot that you can use to implement micro-services.
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeAcademy
Load balancing is an important part of any resilient web application. Kubernetes supports a few options for external load balancing, but they are limited in features. After a brief discussion of those options and the features they lack, we’ll show how to build an advanced load balancing solution for Kubernetes on top of NGINX, utilizing Kubernetes features including Ingress, Annotations, and ConfigMap. We’ll conclude with a demo of how to use NGINX and NGINX Plus to expose services to the Internet.
Sched Link: http://sched.co/6Bc9
This exam requires a foundation or apprentice knowledge of network design for the Cisco converged networks based on borderless network architecture. CCDA certified professionals can design routed and switched network infrastructures and services involving LAN, WAN, wireless, and broadband access for businesses and organizations.
http://www.pass4sureexam.co/640-864.html
Similar to Smart networking with service meshes (20)
Consul is a Service Networking tool designed to connect applications and services across a multi-cloud world. With Consul, organizations can manage service discovery and health monitoring, automate their middleware and leverage service mesh to connect virtual machine environments and Kubernetes clusters.
See what deploying across polycloud environments using cross-workloads looks like in HashiCorp Nomad. And See Consul tie these workloads together with secure routing.
An important use-case for Vault is to provide short lived and least privileged Cloud credentials. In this webinar we will review specifically how Vault's Azure Secrets Engine can provide dynamic Azure credentials. We will cover details on how to configure the Azure Secrets Engine in Vault and use it in an application. If you are using Azure now or in the near future, join us for some patterns on maintaining a high security posture with Vault's dynamic credentials model!
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMitchell Pronschinske
DevOps tools became very popular with the adoption of public cloud, but Operational teams now realize that their benefits can be extended to enterprise data centers. In reality, cloud native tools can help bridge public clouds and private data centers by enabling a common framework to manage applications and their underlying infrastructure components.
In this session you’ll learn about the latest Cisco ACI integrations with Hashicorp Terraform and Consul to deliver a powerful solution for end-to-end on-prem and cloud infrastructure deployments.
Empowering developers and operators through Gitlab and HashiCorpMitchell Pronschinske
Companies digitally transforming themselves into modern, software-defined businesses are building their foundation on cloud native solutions like GitLab and Hashicorp. Together, GitLab, Terraform, and Vault are empowering organizations to be more iterative, flexible, and secure. Join us in this session to learn more about how GitLab and Hashicorp are lowering the barrier of entry into industrializing the application development and delivery process across the entire application lifecycle.
Automate and simplify multi cloud complexity with f5 and hashi corpMitchell Pronschinske
In this session, Lori Mac Vittie, principal technology evangelist at F5 discusses digital transformation and how F5 and HashiCorp are working together to unlock the full potential of the cloud
In this webinar we will cover the new features in Vault 1.5. This release introduces several new improvements along with new features around the following areas: Usage Quotas for Request Rate Limiting, OpenShift Helm Support (beta), Telemetry and Monitoring Enhancements, and much more. Join Vault technical marketer Justin Weissig as he demos Vault 1.5's new features.
Integrated Storage, a key feature now available in Vault 1.4, can streamline your Vault architecture and improve performance. See demos and documentation of its use cases and migration process.
Learn how Cisco ACI and HashiCorp Terraform can help you increase productivity while reducing risks for your organization by managing infrastructure as code.
Terraform allows you to define your infrastructure as code. Variables and modules empower you to extend and reuse your Infrastructure as Code. With the Consul provider for Terraform, you can also let your Consul KV data drive your Terraform runs.
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
See a demo of HashiCorp Consul Service (HCS) on Azure and learn how it could be used to migrate from monolithic, VM-based apps to microservices running on Kubernetes.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
7. PROVISION, SECURE AND RUN ANY INFRASTRUCTURE
Nomad Consul
Vault
Vagrant Packer Terraform
Consul Enterprise
Terraform Enterprise
Vault Enterprise
PRODUCT SUITEOSS TOOL SUITE
RUN
Applications
SECURE
Application Infrastructure
PROVISION
Infrastructure
FOR INDIVIDUALS FOR TEAMS
Nomad Enterprise
8. @anubhavmBlog Post Link: https://www.hashicorp.com/blog/smart-networking-with-consul-and-service-meshes
10. @anubhavm
Agenda
1. Introduction to “Smart Networking” and “Service Mesh”
2. Introduction to HashiCorp Consul
3. Architecture and overview of Consul
4. Exercises (Hands-On Lab)
• Exploring Service Discovery, K/V Store, and Consul Template
• NGINX and Consul (Smart Proxy)
• Fabio and Consul (Smart Networking in containers)
• Consul Connect (Service Mesh)
• Consul Connect for Service to Service Communication
• Consul Connect for Service to Database Communication
• Consul Connect for Serverless Applications
5. Conclusion
6. Discussion / Q&A
25. @anubhavm
Smart Networking - First Principles
Dumb Pipe or Smart Network
Protocol Awareness
Service
A
Service
B
Ribbon
26. @anubhavm
Dumb Pipe
Pros:
Simplicity for Networks
Smart Applications (“What you see is what you get”)
Easily Customizable
Cons:
Redundant Code
Every Application has to Implement the Code (Polyglot?)
28. @anubhavm
Smart Networking - First Principles
Dumb Pipe or Smart Network
Protocol Awareness
Service
A
Service
B
Proxy Proxy
29. @anubhavm
Smart Network
Pros:
Little to no Application Code changes are required
Features like Traffic Shaping, Service Discovery and Network Policy Control come
out of the Box
Cons:
Smart Network becomes an Implicit Dependency of the Application
Harder to Reason about the Whole System
35. @anubhavm
Separation of Control and Data Plane
Control Plane
Data Plane
• Traffic Routing / Shaping
• Configuring the Data Plane
• Policy Enforcement
• Provide Service Discovery Data to Data Plane
37. @anubhavm
Separation of Control and Data Plane
Control Plane
Data Plane
• Forward Request from the Applications
• Health Checking
• Load Balancing
• Circuit Breaking
• Timeouts
• Retries
• Authentication
• Authorization
38. @anubhavm
Separation of Control and Data Plane
Control Plane
Data Plane
…..
• Forward Request from the Applications
• Health Checking
• Load Balancing
• Circuit Breaking
• Timeouts
• Retries
• Authentication
• Authorization
42. @anubhavm
Protocol Awareness
Layer 4 vs Layer 7
TCP, UDP vs HTTP “Universally” Compatible
High Performance
Difficult to provide Sophisticated
request aware features
Layer 4
43. @anubhavm
Protocol Awareness
Layer 4 vs Layer 7
TCP, UDP vs HTTP Perform complex routing decisions
Header and Path based routing
Can yield lower performance
Layer 7
46. @anubhavm
Service Mesh for Microservices
Service Discovery. Connect services with a dynamic registry
Service Configuration. Configure services with runtime configs
Service Segmentation. Secure services based on identity
51. @anubhavm
Multi Data Center
CLIENT CLIENT CLIENT CLIENT CLIENT CLIENT
SERVER SERVER SERVER
REPLICATION REPLICATION
RPC
RPC
LAN GOSSIP
SERVERSERVER SERVER
REPLICATION REPLICATION
WAN GOSSIP
52. @anubhavm
Service Mesh for Microservices
Service Discovery. Connect services with a dynamic registry
Service Configuration. Configure services with runtime configs
Service Segmentation. Secure services based on identity
54. T E R M I N A L
$ dig llama.node.consul
; <<>> DiG 9.10.3-P4-Ubuntu <<>> testing-llama.node.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;testing-llama.node.consul.IN A
;; ANSWER SECTION:
testing-llama.node.consul. 0 IN A 10.1.1.148
59. @anubhavm
Excercise: SSH into your workstations
SSH into your workstation using the provided credentials.
ssh servicemesh@<your.ip.address>
password: veloc1ty2018
Run consul members command to see what happens!
Your tutorial working directory will be /workstation/consul
60. T E R M I N A L
$ consul members
Node Address Status Type Build Protocol DC Segment
velocity-server-0 10.1.1.73:8301 alive server 1.2.3 2 dc1 <all>
velocity-server-1 10.1.2.16:8301 alive server 1.2.3 2 dc1 <all>
velocity-server-2 10.1.1.164:8301 alive server 1.2.3 2 dc1 <all>
velocity-ant 10.1.1.82:8301 alive client 1.2.3 2 dc1 <default>
velocity-badger 10.1.2.22:8301 alive client 1.2.3 2 dc1 <default>
61. WA R N I N G You are sharing a cluster
Let’s be nice to each other.
63. @anubhavm
Service Discovery - DNS Interface
Consul's DNS interface is zero touch
Randomized Round-Robin DNS
Filters on Health Checks
64. T E R M I N A L
$ dig llama.node.consul
; <<>> DiG 9.10.3-P4-Ubuntu <<>> testing-llama.node.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;testing-llama.node.consul.IN A
;; ANSWER SECTION:
testing-llama.node.consul. 0 IN A 10.1.1.148
65. @anubhavm
Exercise: Query Service
Query for consul service information using dig and the DNS
interface.
HINT: Remember the DNS naming format is
{service_name}.service.consul
66. T E R M I N A L
$ dig consul.service.consul
; <<>> DiG 9.10.3-P4-Ubuntu <<>> consul.service.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9334
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;consul.service.consul. IN A
;; ANSWER SECTION:
consul.service.consul. 0 IN A 10.1.1.164
consul.service.consul. 0 IN A 10.1.1.73
consul.service.consul. 0 IN A 10.1.2.16
;; ADDITIONAL SECTION:
consul.service.consul. 0 IN TXT "consul-network-segment="
consul.service.consul. 0 IN TXT "consul-network-segment="
consul.service.consul. 0 IN TXT "consul-network-segment="
67. T E R M I N A L
$ dig +short consul.service.consul
10.1.1.164
10.1.2.16
10.1.1.73
70. {
"service": {
"name": "my-service",
"tags": ["tag-1", "tag-2"],
"port": 1234
}
}
C O D E E D I T O R
Exposed via DNS and HTTP APIs
Referred to as the "logical service" name
dig my-service.service.consul
74. @anubhavm
Service Discovery - Consul CLI
Consul CLI provides basic interactions with service discovery
Do not use the CLI to build tooling (use API instead)
Allows easily querying services
Currently only supports the catalog
76. T E R M I N A L
$ consul catalog -h
Usage: consul catalog <subcommand> [options] [args]
This command has subcommands for interacting with Consul's catalog. The
catalog should not be confused with the agent, although the APIs and
responses may be similar.
Here are some simple examples, and more detailed examples are available
in the subcommands or the documentation.
List all datacenters:
$ consul catalog datacenters
List all nodes:
$ consul catalog nodes
List all services:
$ consul catalog services
.....
78. T E R M I N A L
$ consul catalog services -tags
consul
counting velocity
counting-proxy
dashboard velocity
dashboard-proxy
fabio
http
nomad http,rpc,serf
nomad-client http
80. @anubhavm
K/V Store
Highly-available, globally accessible key-value store
Folder-like architecture allows for easy organization
Optional ACLs can enforce policy and access
Accessible via HTTP API (no DNS interface)
Can be used via the CLI or via a tool like curl
K/V Store: Use Cases
81. @anubhavm
K/V Store: Use Cases
Runtime configuration data
Secrets or sensitive application data (eg. Vault’s encrypted data)
82. @anubhavm
K/V Store: Use Cases
Runtime configuration data
Secrets or sensitive application data (eg. Vault’s encrypted data)
83. T E R M I N A L
$ consul kv put <KEY> <DATA>
Success! Data written to: <KEY>
$ curl -X PUT -d <DATA> http://localhost:8500/v1/kv/<KEY>
true
84. T E R M I N A L
$ consul kv get <KEY>
<DATA>
$ curl http://localhost:8500/v1/kv/<KEY>
85. @anubhavm
Exercise: Create KV Data
Create two new key-value pairs in the store.
Keep in mind that everyone is using the same Consul servers, so
choose a unique name that won't conflict with another user.
Read those values back out.
86. T E R M I N A L
$ consul kv put anubhavmishra/velocity hello
Success! Data written to: anubhavmishra/velocity
$ consul kv get anubhavmishra/velocity
hello
88. @anubhavm
Consul Template: A Helper tool for Consul
Consul Template handles the HTTP API flow with Consul
Retrieves keys and services from Consul and renders them into a
template
Optionally integration with HashiCorp Vault as well
91. T E R M I N A L
$ consul-template -h
Usage: consul-template [options]
Watches a series of templates on the file system, writing new changes when
Consul is updated. It runs until an interrupt is received unless the -once
flag is specified.
Options:
-config=<path>
Sets the path to a configuration file or folder on disk. This can be
specified multiple times to load multiple files or folders. If multiple
values are given, they are merged left-to-right, and CLI arguments take
the top-most precedence.
-consul-addr=<address>
Sets the address of the Consul instance
92. @anubhavm
Exercise: Create Template
Create and execute a Consul Template template that iterates over
all the healthy services named "consul" and prints out the IP
address.
HINT: Consul Template's documentation is very verbose and
probably has examples that you can follow.
93. {{ range service “consul" }}
{{ .Address }}
{{ end }}
C O D E E D I T O R
94. T E R M I N A L
$ consul-template -dry —template=in.tpl
>
10.1.1.13
10.1.2.250
10.1.1.36
95. @anubhavm
“Smart Proxy” with NGINX and Consul
Similar to AirBnB’s “Smart Stack”
Configure NGINX dynamically using Consul’s service catalog
Make the simplest form of a “Smart Proxy”
Use Consul Template as the helper tool to achieve this
97. @anubhavm
“Smart NGINX”
server {
listen 5051;
server {
listen 5050;
.....
NGINX
SERVICE A
server {
listen 5051;
server {
listen 5050;
.....
NGINX
SERVICE B
:8080
10.0.0.1 10.0.0.2
98. @anubhavm
“Smart NGINX”
server {
listen 5051;
server {
listen 5050;
.....
NGINX
SERVICE A
server {
listen 5051;
server {
listen 5050;
.....
NGINX
SERVICE B
:8080
https://10.0.0.2:5051/service/service-b/hello
10.0.0.1 10.0.0.2
99. @anubhavm
“Smart NGINX”
server {
listen 5051;
server {
listen 5050;
.....
NGINX
SERVICE A
server {
listen 5051;
server {
listen 5050;
.....
NGINX
SERVICE B
:8080
https://10.0.0.2:5051/service/service-b/hello
10.0.0.1 10.0.0.2
103. @anubhavm
Counting Application
For the purpose of this tutorial we will be using a simple Golang
application called “counting-service”.
The application is already installed on your workstations can be
started by typing the following command in your shell:
sudo service counting start
104. T E R M I N A L
$ sudo service counting start
$ curl http://localhost:9001
{“count":8,"hostname":"velocity-ant.node.consul"}
$ curl http://localhost:9001/health
Hello, you've hit /health
105. @anubhavm
Exercise: Register Counting Service in Consul
Register a new service named “counting” with tags “velocity”,
running on port 9001.
Query that service using the DNS interface.
Note: Use consul reload command to reload Consul.
106. T E R M I N A L
$ vim /workstation/consul/counting.json
# INSERT PORT AND HEALTH CHECK ENDPOINT
$ sudo mv /workstation/consul/counting.json /etc/consul.d/counting.json
$ ls /etc/consul.d/
107. {
"service": {
"name": “counting",
"tags": [“velocity-ant"],
"port": 9001,
"check": {
"id": "counting-check",
"http": "http://localhost:9001/health",
"method": "GET",
"interval": "1s",
"timeout": "1s"
}
}
}
C O D E E D I T O R
108. T E R M I N A L
$ consul reload
Configuration reload triggered
$ dig $(identity).counting.service.consul
109. @anubhavm
Exercise: Create a NGINX Template
Create and execute a Consul Template template that iterates over
all services that are tagged as “velocity” and create NGINX
backends for them.
110. T E R M I N A L
$ cd /workstation/consul/nginx
$ vim nginx.conf.tpl
111. T E R M I N A L
$ consul-template -template=nginx.conf.tpl -dry
112. {
"service": {
"name": "counting",
"tags": ["velocity-ant", "velocity"],
"port": 9001,
"check": {
"id": "counting-check",
"http": "http://localhost:9001/health",
"method": "GET",
"interval": "1s",
"timeout": "1s"
}
}
}
C O D E E D I T O R
113. T E R M I N A L
$ consul-template -template=nginx.conf.tpl -dry
114. @anubhavm
Exercise: Create Consul Template Config file
Create a config file for Consul Template that can be used to supply
NGINX with the dynamic configuration and then reload it.
115. T E R M I N A L
$ sudo vim /etc/consul.d/templates/nginx-smart-router.json
116. log_level = "info"
wait {
min = "5s"
max = "600s"
}
max_stale = "1m"
template {
source = "/etc/consul.d/templates/template/nginx.conf.tpl"
destination ="/etc/nginx/sites-available/nginx-smart-router.conf"
command = "nginx -s reload"
}
C O D E E D I T O R
117. T E R M I N A L
# Move nginx.conf.tpl to /etc/consul.d/templates/template/nginx.conf.tpl
$ sudo mv nginx.conf.tpl /etc/consul.d/templates/template/nginx.conf.tpl
# Open consul-template systemd configuration and supply it the configuration
$ sudo vim /etc/systemd/system/consul-template.service
118. [Unit]
Description=Template rendering, notifier, and supervisor for HashiCorp Consul and
Vault data
Requires=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/consul-template -config /etc/consul.d/templates/nginx-
smart-router.json
ExecReload=/bin/kill -HUP
KillSignal=SIGINT
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
C O D E E D I T O R
119. [Unit]
Description=Template rendering, notifier, and supervisor for HashiCorp Consul and
Vault data
Requires=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/consul-template -config /etc/consul.d/templates/nginx-
smart-router.json
ExecReload=/bin/kill -HUP
KillSignal=SIGINT
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
C O D E E D I T O R
120. T E R M I N A L
$ sudo systemctl daemon-reload
$ sudo service consul-template start
121. T E R M I N A L
$ cd /etc/nginx/sites-enabled
$ sudo ln -s /etc/nginx/sites-available/nginx-smart-router.conf nginx-smart-router
$ sudo service nginx restart
122. @anubhavm
Exercise: Request Counting Service via “Smart NGINX”
Make a request to the counting service using the newly configured
NGINX router.
HINT: Use the local port 5050
123. T E R M I N A L
$ curl http://localhost:5050/service/counting/
{“count":1,"hostname":"velocity-badger.node.consul"}
124. T E R M I N A L
# Try the -i flag in curl to include the protocol headers
$ curl -i http://localhost:5050/service/counting/
125. @anubhavm
Exercise: Use the Dashboard Service to Connect to Counting Service
Explore the Dashboard service on your workstations. Start the
service and register it in Consul.
126. T E R M I N A L
$ vim /etc/systemd/system/dashboard.service
127. [Unit]
Description=An simple dashboard service
Requires=network-online.target
After=network-online.target
[Service]
Environment=PORT=9002
Environment=COUNTING_SERVICE_URL=http://localhost:5050/service/counting/
ExecStart=/usr/local/bin/dashboard-service
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
C O D E E D I T O R
128. [Unit]
Description=An simple dashboard service
Requires=network-online.target
After=network-online.target
[Service]
Environment=PORT=9002
Environment=COUNTING_SERVICE_URL=http://localhost:5050/service/counting/
ExecStart=/usr/local/bin/dashboard-service
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
C O D E E D I T O R
129. T E R M I N A L
$ cp /workstation/consul/dashboard.json /etc/consul.d/dashboard.json
$ vim /etc/consul.d/dashboard.json
130. {
"service": {
"name": "dashboard",
"tags": ["velocity-ant"],
"port": 9002,
"check": {
"id": "dashboard-check",
"http": "http://localhost:9002/health",
"method": "GET",
"interval": "1s",
"timeout": "1s"
}
}
}
C O D E E D I T O R
131. T E R M I N A L
$ sudo service dashboard start
$ consul reload
132. @anubhavm
Exercise: Verify Dashboard Application
Open the dashboard application and make sure it is able to
connect to the counting service via “Smart NGINX”.
Your dashboard application will be available at the following URL:
http://{workstation_ip}:9002
133. @anubhavm
Use Consul K/V as a Control Plane for NGINX
Consul K/V store can be used to store runtime configuration for
the proxy.
Consul Template will watch for these values to change, if they do
then it will immediately make them available for the proxy.
134. T E R M I N A L
$ while true;do curl -i http://localhost:5050/service/counting/;sleep 0.5;done
135. T E R M I N A L
$ consul kv put config/global/router/prefer-local-routing 1
136. @anubhavm
Runtime Configuration
Consul K/V store can be used to store runtime configuration for
the proxy.
These can extend to things like storing values for request retries,
rate limits, etc.
137. @anubhavm
“Smart Proxy” with X and Consul
This approach can be extended to other proxies like HAProxy,
Apache2, etc.
This approach will also work with containers.
139. @anubhavm
Fabio: A Consul Load Balancer
Fabio integrates with Consul and acts as a load balancer for all
healthy services in a given name.
HTTP(S) and TCP router
Developed at Ebay and used by Ebay, kijiji
Github Repository: https://github.com/fabiolb/fabio
Website: https://fabiolb.net/
140. @anubhavm
Exercise: Use Fabio as an Ingress into Nomad
Run the counting service using a cluster scheduler (in this case we
will use Nomad).
Use Fabio to get to the counting service using host headers.
141. T E R M I N A L
$ cd /workstation/nomad
$ vim counting-service.nomad
142. job "counting-service-velocity-badger" {
datacenters = ["dc1"]
group "counting-service" {
count = 1
task "web" {
driver = "docker"
config {
image = "anubhavmishra/counting-service"
port_map = {
http = 9001
}
}
.....
service {
name = "counting-service"
port = "http"
tags = [
"velocity-badger",
"velocity",
"urlprefix-counting-service.hashicorp.live/",
C O D E E D I T O R
143. job "counting-service-velocity-badger" {
.....
service {
name = "counting-service"
port = "http"
tags = [
"velocity-badger",
"velocity",
"urlprefix-counting-service.hashicorp.live/",
]
check {
type = "http"
path = "/health"
interval = "2s"
timeout = "2s"
}
}
}
}
}
C O D E E D I T O R
144. T E R M I N A L
$ nomad run counting-service.nomad
$ nomad status counting-service
145. T E R M I N A L
$ curl -i -H 'Host: counting-service.hashicorp.live' http://localhost:9999
HTTP/1.1 200 OK
Content-Length: 37
Content-Type: text/plain; charset=utf-8
Date: Fri, 28 Sep 2018 19:09:01 GMT
{“count":2,"hostname":"09cb1e97a2bf"}
# Access your application using the internet
$ curl -i -H 'Host: counting-service.hashicorp.live' http://fabio.hashicorp.live
146. @anubhavm
Fabio: A Consul Load Balancer
Fabio feels like a “global” load balancer since it spans both, VMs
and Containers!
147. @anubhavm
Service Mesh for Microservices
Service Discovery. Connect services with a dynamic registry
Service Configuration. Configure services with runtime configs
Service Segmentation. Secure services based on identity
148. @anubhavm
Service Mesh for Microservices
Service Discovery. Connect services with a dynamic registry
Service Configuration. Configure services with runtime configs
Service Segmentation. Secure services based on identity
149. @anubhavm
Service Mesh for Microservices
Service Discovery. Connect services with a dynamic registry
Service Configuration. Configure services with runtime configs
Service Segmentation. Secure services based on identity
Zero Trust Networks!
153. T E R M I N A L
$ consul intention create -deny web '*'
Created: web => * (deny)
$ consul intention create -allow web db
Created: web => db (allow)
164. T E R M I N A L
$ consul connect proxy
-service web
-upstream postgresql:8181
$ psql -h 127.0.0.1 -p 8181 -U mitchellh mydb
>
165. @anubhavm
Exercise: Connect Two Service via Consul Connect
Take two services, dashboard and counting service and connect
them over TLS using Consul’s Connect feature.
dashboard counting
mTLS
166. @anubhavm
Exercise: Connect Two Service via Consul Connect
Edit the dashboard and counting Consul service files to enable
connect.
167. T E R M I N A L
$ sudo vim /etc/consul.d/counting.json
168. {
"service": {
"name": "counting",
"tags": ["velocity"],
"port": 9001,
"connect": {
"proxy": {}
},
"check": {
"id": "counting-check",
"http": "http://localhost:9001/health",
"method": "GET",
"interval": "1s",
"timeout": "1s"
}
}
}
C O D E E D I T O R
169. T E R M I N A L
$ sudo vim /etc/consul.d/dashboard.json
170. {
"service": {
"name": "dashboard",
"port": 9002,
"tags": [“velocity-ant"],
"connect": {
"proxy": {
"config": {
"upstreams": [
{
"destination_name": "counting",
"local_bind_port": 9003
}
]
}
}
},
"check": {
"id": "dashboard-check",
"http": "http://localhost:9002/health",
"method": "GET",
"interval": "1s",
"timeout": "1s"
C O D E E D I T O R
171. @anubhavm
Exercise: Connect Two Service via Consul Connect
Edit the dashboard systemd config file to point to the
local_bind_port 9003.
172. T E R M I N A L
$ vim /etc/systemd/system/dashboard.service
173. [Unit]
Description=An simple dashboard service
Requires=network-online.target
After=network-online.target
[Service]
Environment=PORT=9002
Environment=COUNTING_SERVICE_URL=http://localhost:5050/service/counting/
ExecStart=/usr/local/bin/dashboard-service
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
C O D E E D I T O R
174. [Unit]
Description=An simple dashboard service
Requires=network-online.target
After=network-online.target
[Service]
Environment=PORT=9002
Environment=COUNTING_SERVICE_URL=http://localhost:9003
ExecStart=/usr/local/bin/dashboard-service
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
C O D E E D I T O R
176. T E R M I N A L
$ consul reload
Configuration reload triggered
$ sudo systemctl daemon-reload
$ sudo service dashboard restart
177. @anubhavm
Exercise: Verify Dashboard and Counting Services
Use the Consul UI to verify that both, dashboard and counting
services are healthy and running.
Consul UI is located at http://consul.hashicorp.live
HINT: Navigate the “services” tab in the Consul UI and filter for
your node.
178. T E R M I N A L
$ open http://consul.hashicorp.live
179. @anubhavm
Exercise: Verify Dashboard Application
Open the dashboard application and make sure it is able to
connect to the counting service via Consul Connect.
Your dashboard application will be available at the following URL:
http://{workstation_ip}:9002
181. @anubhavm
Exercise: Connect to a Database Using Consul Connect
Use Consul Connect to open a encrypted connection to a database
running on a VM.
Client will use Consul Connect to spin up a proxy masquerading as
the “web” service, connecting to the “redis-db” service, binding on
local port 8081
182. T E R M I N A L
$ sudo apt-get install -y redis-tools
$ redis-cli -h
183. T E R M I N A L
# Instructor will run this command.
$ sudo apt-get install redis-server
# Register redis service in Consul
# Show traffic without Consul Connect.
# Enable Consul Connect.
184. T E R M I N A L
$ consul connect proxy
-service web
-upstream redis-db:6379 &
$ redis-cli
187. // Create a Consul API client
client, _ := api.NewClient(api.DefaultConfig())
// Create an instance representing this service.
svc, _ := connect.NewService("my-service", client)
defer svc.Close()
// Creating an HTTP server that serves via Connect
server := &http.Server{
Addr: ":8080",
TLSConfig: svc.ServerTLSConfig(),
// ... other standard fields
}
// Serve!
server.ListenAndServeTLS("", "")
C O D E E D I T O R
188. @anubhavm
Consul Connect Lambda Integration
Consul’s Connect feature can be used to connect AWS Lambda
functions to services running inside a datacenter (EC2 instances,
RDS databases etc).
DISCLAIMER: THIS IS NOT PRODUCTION READY!
Github Repository: https://github.com/anubhavmishra/consul-connect-lambda
189. @anubhavm
Consul Connect Lambda Integration
SERVER
Internal Loadbalancer
SERVER
SERVER
LB
App
App
App
App
VPC
Lambda
Function
SDK
API
GATEWAY
Internet
190. @anubhavm
Consul Connect Lambda Integration
SERVER
Internal Loadbalancer
SERVER
SERVER
LB
App
App
App
App
VPC
Lambda
Function
SDK
API
GATEWAY
Internet Mutual TLS
192. @anubhavm
Consul Connect
Service Access Graph. Intentions allow or deny communication of
logical services.
Certificate Distribution. Standard TLS certificates with SPIFFE
compatibility.
Application Integration. Native integrations or side car proxies.
194. @anubhavm
Consul for Service Mesh Control Plane
Service Discovery. Connect services with a dynamic registry
Service Configuration. Configure services with runtime configs
Service Segmentation. Secure services based on identity
Pluggable Control Plane and Data Plane.
195. @anubhavm
Useful Links
• Envoy Consul Service Discovery Service: https://github.com/
anubhavmishra/envoy-consul-sds
• Consul Connect Lambda Integration: https://github.com/
anubhavmishra/consul-connect-lambda
196. Thanks! I have stickers!
Consul: https://consul.io
@anubhavm