Sonatype Software Supply Chain 2017 - JAVA Users Group
•
0 likes•63 views
Update to 2016 presentation to be at JAVA Users Groups [JUGs]. This was presented in Tampa discussing OSS governance.
Report
Share
Report
Share
Download to read offline
Recommended
From 0 to DevOps: Lessons Learned Moving from On-Prem to Cloud Native
This document discusses the transition from on-premise software development to cloud native development. It outlines how Dynatrace has transformed its development process, increasing the number of releases per year from 2 to 26 and the number of code commits and tests performed. This allows for faster innovation, immediate feedback, and more stability. It advocates adopting a DevOps model with continuous delivery and feedback across development, testing, and production stages. All stages should use the same automation and orchestration layer to reduce manual touches and ensure consistency. The goal is for development teams to own the full lifecycle of their features.
DevOps for AI Apps
DevOps for AI Applications - How to apply best practices from software engineering to the world of data science and machine learning
DevOps and All the Continuouses w/ Helen Beal
DevOps promises to make better software faster and more safely and many organizations begin by practicing Continuous Integration and moving on to Continuous Delivery and sometimes even extending as far as Continuous Deployment - but this is only the tip of the iceberg.
DevOps demands a fundamental shift in the way we work and requires all participants in an organization to live its principles. It’s much more than a tool chain.
When you are delivering software in an Agile manner in fortnightly sprints, are you still funding in an annual manner? Are you adhering to The Third Way? I.e. are you practicing Continuous Experimentation? Continuous Learning? How are you doing Continuous Testing? Are you including security in that? Have you have Continuous Improvement in your organization for years? When does Continuous Everything turn into Continuous Apathy?
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and Kubernetes
Chris Van Tuin
Red Hat - Chief Technologist, NA West
Boston DevOps Days 2016: Implementing Metrics Driven DevOps - Why and How
How can we detect a bad deployment before it hits production? By automatically looking at the right architectural metrics in your CI/CD and stop a build before its too late. Lets hook up your test automation with app metrics and use them as quality gates to stop bad builds early!
Continuous Security: Using Automation to Expand Security's Reach
Any optimization outside the critical constraint is an illusion. In DevSecOps , the size of the security team is always the most scarce resource. The best way to optimize the security team is automation. This talk provides an overview of key DevSecOps automation principles and provide real world experiences of creating DevSecOps Pipeline’s augmented with automation in multiple enterprises. Getting started can feel overwhelming but this talk provides coverage of the fundamental building blocks of adding automation to an DevSecOps program including API integration, webhooks, Docker, ChatOps and a vulnerability repository to manage all the issues discovered. The talk covers how DevSecOps automation has provided significant increases in productivity at several different companies in different verticals. Multiple potential architectures for DevSecOps automation will be covered with the goal of inspiring the audience to adopt one of these for their program. By taking an example, customizing it to fit their situation, attendees will have a roadmap to start their security automation journey.
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
Slides used for https://www.devopsdays.org/events/2017-toronto/program/andreas-grabner/
In 2011 we delivered 2 major releases of our on premise enterprise software. Market, technology and customer requirements forced us to change that in order to remain competitive.
Now – in 2017 - we are deploying and providing feature releases every 2 weeks for both our on premise and SaaS-based offering. We deploy 170 SaaS production changes per day and have a DevOps pipeline that allows us to deploy a code change within 1h if necessary.
To increase quality, we built and provide a DevOps pipeline that currently executes 31000 Unit & Integration Tests per Hour as well as 60h UI Tests per Build. Our application teams are responsible end-to-end for their features and use production monitoring to validate their deployments which allows them to find 93% of bugs in production before it impacts our end users.
In this session I explain how this transformation worked from both “Top Down” as well as “Bottom Up” in our organization. A key component was the 4 people strong DevOps Team who developed and “sell” their DevOps Pipeline to the globally distributed application teams. I will give insights into how our pipeline enables application teams to design, code, test and run a new feature for our user base.
I will also talk about the “dark moments” as change is never without friction. Both internally as well as with our customers who also had to get used to more rapid changes.
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Deck used for my talk at the 2016 Spring User Conference in Toronto. Deck was followed up by a walkthrough of a Jenkins workflow that deployed to Cloud Foundry based on jmeter test results
Recommended
From 0 to DevOps: Lessons Learned Moving from On-Prem to Cloud Native
This document discusses the transition from on-premise software development to cloud native development. It outlines how Dynatrace has transformed its development process, increasing the number of releases per year from 2 to 26 and the number of code commits and tests performed. This allows for faster innovation, immediate feedback, and more stability. It advocates adopting a DevOps model with continuous delivery and feedback across development, testing, and production stages. All stages should use the same automation and orchestration layer to reduce manual touches and ensure consistency. The goal is for development teams to own the full lifecycle of their features.
DevOps for AI Apps
DevOps for AI Applications - How to apply best practices from software engineering to the world of data science and machine learning
DevOps and All the Continuouses w/ Helen Beal
DevOps promises to make better software faster and more safely and many organizations begin by practicing Continuous Integration and moving on to Continuous Delivery and sometimes even extending as far as Continuous Deployment - but this is only the tip of the iceberg.
DevOps demands a fundamental shift in the way we work and requires all participants in an organization to live its principles. It’s much more than a tool chain.
When you are delivering software in an Agile manner in fortnightly sprints, are you still funding in an annual manner? Are you adhering to The Third Way? I.e. are you practicing Continuous Experimentation? Continuous Learning? How are you doing Continuous Testing? Are you including security in that? Have you have Continuous Improvement in your organization for years? When does Continuous Everything turn into Continuous Apathy?
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and Kubernetes
Chris Van Tuin
Red Hat - Chief Technologist, NA West
Boston DevOps Days 2016: Implementing Metrics Driven DevOps - Why and How
How can we detect a bad deployment before it hits production? By automatically looking at the right architectural metrics in your CI/CD and stop a build before its too late. Lets hook up your test automation with app metrics and use them as quality gates to stop bad builds early!
Continuous Security: Using Automation to Expand Security's Reach
Any optimization outside the critical constraint is an illusion. In DevSecOps , the size of the security team is always the most scarce resource. The best way to optimize the security team is automation. This talk provides an overview of key DevSecOps automation principles and provide real world experiences of creating DevSecOps Pipeline’s augmented with automation in multiple enterprises. Getting started can feel overwhelming but this talk provides coverage of the fundamental building blocks of adding automation to an DevSecOps program including API integration, webhooks, Docker, ChatOps and a vulnerability repository to manage all the issues discovered. The talk covers how DevSecOps automation has provided significant increases in productivity at several different companies in different verticals. Multiple potential architectures for DevSecOps automation will be covered with the goal of inspiring the audience to adopt one of these for their program. By taking an example, customizing it to fit their situation, attendees will have a roadmap to start their security automation journey.
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
Slides used for https://www.devopsdays.org/events/2017-toronto/program/andreas-grabner/
In 2011 we delivered 2 major releases of our on premise enterprise software. Market, technology and customer requirements forced us to change that in order to remain competitive.
Now – in 2017 - we are deploying and providing feature releases every 2 weeks for both our on premise and SaaS-based offering. We deploy 170 SaaS production changes per day and have a DevOps pipeline that allows us to deploy a code change within 1h if necessary.
To increase quality, we built and provide a DevOps pipeline that currently executes 31000 Unit & Integration Tests per Hour as well as 60h UI Tests per Build. Our application teams are responsible end-to-end for their features and use production monitoring to validate their deployments which allows them to find 93% of bugs in production before it impacts our end users.
In this session I explain how this transformation worked from both “Top Down” as well as “Bottom Up” in our organization. A key component was the 4 people strong DevOps Team who developed and “sell” their DevOps Pipeline to the globally distributed application teams. I will give insights into how our pipeline enables application teams to design, code, test and run a new feature for our user base.
I will also talk about the “dark moments” as change is never without friction. Both internally as well as with our customers who also had to get used to more rapid changes.
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Deck used for my talk at the 2016 Spring User Conference in Toronto. Deck was followed up by a walkthrough of a Jenkins workflow that deployed to Cloud Foundry based on jmeter test results
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Continuous Delivery only works if you combine automation with automatic metrics driven quality gates focusing on architectural, scalabilty and performance metrics.
In this presentation I start with several dashboard examples explaining key metrics in production and explain how to automate these metrics into your delivery pipeline.
DevOps Pipelines and Metrics Driven Feedback Loops
The goal behind devops is Faster Lead Times
What this really means for Software Delivery -> my Kodak/Smart Phone Analogy
How and Which Metrics to use along the Delivery Pipeline to make better decisions along the way.
How to explain DevOps to your mom
These are the slides used in my #devone (www.devone.at) keynote presentation:
DevOps is one of the most abused and overrated marketing terms in the last years! That’s not an alternative fact! It’s just Andi’s opinion! Yet - it is a very real thing that allowed many software companies to transform the way they think about software engineering. DevOps can mean something totally different thought depending on who you are and what type of business your company is doing. To clarify things, Andi gives us insights on how he explains the benefits to “DevOps Newbies” and how software companies around the world implement it in their own ways. Andi will answer: What does it really mean for developers, testers and operators? What will change? How does Facebook deploy twice a day without big issues? How does DevOps work in financial, government or healthcare where you have tight regulations? Does it mean Devs are responsible for Ops? Does it only work in the cloud? Or can we apply it to “old fashioned” on premise software as well? Learn for yourself and make up your own mind on whether DevOps is just a marketing term or something that can benefit you!
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
When Spotify started in 2006, with just 20 people, they were more worried about selling the idea of music streaming than of setting up monitoring systems. Fast forward to 2015 and
more than 400 engineers are collecting more than 30 million time series from more than 10000 hosts; so how did we get here? The journey has been a long one, with plenty of false starts and growing pains, from scaling systems to scaling teams to scaling the business itself; challenging what we thought we knew about operational monitoring at every step.
This talk is about some of the more interesting challenges we've faced along the way, and about what we've learned so far; covering some of the technical details but primarily focusing on the human aspects, and how our monitoring solutions have both shaped and been shaped by organizational structures and changing engineering practices.
AI-Powered DevOps: Injecting Speed & Quality Across Verizon’s Cloud Pipelines
Customer experience is a top priority for Verizon, so they turned to DevOps best practices to address technical issues. The result was tremendous – 3x faster build times and a 50% drop in reported bugs – all within the first six months!
This success evolved to an automated delivery pipeline approach that leveraged cloud and container technology, and teams were able to deploy new features faster, directly into production.
With faster releases came vast technical complexity. Using Artificial Intelligence (AI)-powered monitoring, Verizon was able to transcend this problem, and today easily manages complex, web-scale DevOps in the cloud.
• Learn the DevOps “shift-left” quality model Verizon embraced to find issues before they reached production.
• Discover best practices that accelerated Verizon’s build and test cycle times by 3x in just six months.
• Understand what AI-powered technology is, and how it can help you master the complexity of DevOps cloud environments.
• Learn how Verizon uses DevOps and cloud monitoring as part of one integrated application delivery chain.
You’ll gain best practices and insights you can use immediately!
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
CI/CD process has been something your DevOps engineer purpose-built for your team. But with Kubernetes & cloud-native, that’s becoming “legacy.” The rising level of platform abstraction allows all the good practices that the industry has developed over time to be integrated, hidden, and simplified behind just one practice called “GitOps.” That simplified world is what Jenkins X enables.
We will discuss GitOps, Jenkins X, and how that combination drastically simplifies cloud-native web app development. You’ll understand why traditional DevOps is not suitable in a Kubernetes and cloud-native world, explore GitOps principles and discover how they facilitate high-velocity app development.
And finally, Kohsuke will make a fool of himself by talking about the future — now that Jenkins X simplifies the CD process, where is the next frontier?
Facilitating DevOps Execution in an All Digital Environment
The history of how LinkedIn optimizes for developer happiness while maintaining reliability through our SRE & Foundation teams
4 Node.js Gotchas: What your ops team needs to know
To register for this webinar replay, click here:
https://info.dynatrace.com/apm_wc_nodejs_na_registration.html
There is no doubt that Node.js is one of the fastest growing platforms today. It can be found at start-ups and enterprises throughout all industries from high-tech to healthcare.
A lot of people have written about the reasons for its popularity and why it has made sense in “digital transformation” efforts. But when you implement Node.js, do you have to replace your mainframes and legacy software with a shiny new Node.js-based microservice architecture?
This 30-minute webinar walks in the shoes of those who oversee the whole digital value chain: Operation and performance teams. We will cover:
Node.js implementation requirements (Hint: you might not have to gut your whole system)
What challenges operations and performance teams face when they begin to implement Node.js
The big four gotchas that can make using Node.js difficult for an operations team
Gain the know-how to support your development and ops teams in implementing Node.js.
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools needed to actually start that testing? This talk does exactly that. It provides an overview of the open source AppSec Pipeline tool which has been used in real world companies to do real security work. Beyond a stand alone tool, the OWASP AppSec Pipeline provides numerous docker containers ready to automate, a specification to customize with the ability to create your own implementation and references to get you started.
The talk will also cover how to add an AppSec Pipeline to your team’s arsenal and provide example templates of how best to run the automated tools provided. Finally, we’ll briefly cover using OWASP Defect Dojo to store and curate the issues found by your AppSec Pipeline. The goal of this talk is to share the field-tested methods of two AppSec professionals with nearly 20 years of experience between them. If you want to start your DevSecOps journey by continuously testing rather then hear about it, this talk is for you.
Applying AI to Performance Engineering: Shift-Left, Shift-Right, Self-Healing
The document discusses how artificial intelligence can be applied to performance engineering to make it self-healing and self-service. It describes how monitoring needs have evolved from just looking at dashboards and logs to dealing with dynamic cloud environments. It outlines how AI can be used for full-stack monitoring with one agent, automated end-to-end tracing, automated log analytics and change detection. It then discusses how AI can enable shifting work left to break the pipeline earlier, improve mean time to resolution with auto-mitigation, and shift work right with tags, deployments and events to create actionable feedback loops across development, operations and business teams.
Global DevOps BootCamp
This document announces a Global DevOps Bootcamp event with hands-on challenges related to DevOps. It will take place at 73 venues worldwide with 8,000 tickets available. The agenda includes introductions to DevOps, Azure CLI, continuous integration, and demonstrations. DevOps is presented as an approach combining development, testing, and operations to enable continuous delivery. Traditional and modern IT approaches are compared. The document also outlines DevOps principles, practices, automation, containers, and serverless computing.
Spring Webflux
This document discusses reactive programming and Spring Webflux. It begins with an introduction to reactive programming and why it is needed for applications with high user expectations. It then covers reactive streams and the Reactive Manifesto. It introduces Project Reactor and compares it to RxJava. It discusses how Spring Webflux allows for non-blocking reactive REST APIs. It concludes with an overview of a demo and next steps including support for SQL, web sockets, and MongoDB.
Taking the Best of Agile, DevOps and CI/CD into security
Software development continues to move faster with the rise of Agile, DevOps, and CI/CD, while traditional AppSec continues with slow delivery and failure to scale. In this talk, we’ll discuss lessons learned from forward thinking software development at a multitude of companies, and show you how to apply them to your org. By taking the best of DevOps, CI/CD and Agile, you can iteratively up your AppSec program and ascend out of traditional AppSec pitfalls.
My talk from Secure Coding Virtual Summit (2021-03-24)
The Role of Automation in the Journey to Continuous Delivery
Presenters Robert Reeves, CTO and Cofounder of Datical, and Tim Buntel, VP of Products at XebiaLabs, give an expert presentation on the role of automation in Continuous Delivery. Find the entire webinar here: https://xebialabs.com/community/webinars/
Metrics driven dev ops 2017
Metrics-Driven DevOps discusses how Dynatrace has shifted to continuous delivery of software using a DevOps approach. Some key points:
- Dynatrace has moved to releasing major updates 26 times per year with 170 production deployments daily, up from a previous model of major releases every 6 months.
- They implemented practices like continuous integration/delivery, performance testing pipelines, and monitoring of production metrics to optimize lead time and catch issues earlier.
- Dynatrace uses its own products to monitor pipelines and applications, enabling teams to get feedback and fail builds quickly when issues arise.
- Culture change and collaboration across teams was important to align engineers as the company transformed practices to support continuous delivery at
Continuously serving the developer community with Continuous Integration and...
Snap CI enables software teams to do Continuous Delivery (CD). When practicing CD, the goal is to automate the deployment process and build software in such a way that it can be deployed to production any time. As a deployment tool, Snap CI cannot have downtime. If it did, our users would not be able to deploy their own software. We had to change Snap CI’s architecture to ensure zero-downtime and we chose to do blue-green deployments to achieve it. In this approach, we had to maintain two instances of our system: one active instance, and one inactive instance. Based on our experiences, we will share some tricks of the trade from the numerous challenges we faced such as: making the application aware of whether it was active or inactive, handling data migrations, and babysitting long-running jobs.
These are the slides from Akshay Karle and Fernando Junior's presentation on Agile Brazil 2015.
DevSecOps Fundamentals and the Scars to Prove it.
This document discusses the fundamentals and evolution of DevSecOps. It begins by introducing the author and their background. It then outlines key DevSecOps concepts like reducing complexity, managing dependencies, shared understanding, enabling default security controls, fully utilizing frameworks, embracing cloud-native principles, codifying processes, treating servers as cattle, and automating workflows. The document also discusses the importance of DefectDojo and generating AppSec pipelines to integrate security testing into development pipelines in order to scale efforts and increase visibility, consistency, and flow. It emphasizes automating non-human tasks to optimize security personnel.
Microservices 101: From DevOps to Docker and beyond
Containers and microservices are two of the fastest-growing trends in technology, enabled by a modern approach to software development and deployment called DevOps. This talk will delve into the increasingly mainstream trend of DevOps, the Docker and containers ecosystem including current enterprise adoption, and how they combine to form a new style of software architecture dubbed microservices. We'll close by looking at real-world examples of containers and microservices architectures at leading-edge companies.
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
This document outlines the top 10 ways to fail at DevOps. It discusses failing to include management buy-in, becoming too reliant on open source software, and failing to consider IT history. It also notes that DevOps should not mean "DevNo-Ops" and that the same automation used in development and testing environments should also be applied to production, with the production environment in mind from the beginning. Centralizing DevOps and thinking failures in production are acceptable are also outlined as ways to fail at DevOps. The document provides context and examples for each of the top 10 ways.
DOES SFO 2016 - Daniel Perez - Doubling Down on ChatOps in the Enterprise
HPE's Research Development & Engineering team has been on a fast-tracked DevOps journey over the past couple of years.
During our DOES 2014 talk we shared our deployment of ElectricFlow as a highly available and centralized self-service solution that has enabled HPE developers to quickly onboard onto ElectricFlow for build/test/deployment pipelines in a repeatable and cost-effective way.
At DOES 2015 we expanded on our investments into a comprehensive monitoring, self-healing, and accelerated deployment strategy across all of our applications to further bridge our Dev and Ops gap with greater visibility into our environments and to accelerate our time-to-market with repeatable and fully automated deploys.
Join us this year as we continue in this journey with our biggest transformation yet: the proliferation of ChatOps within our organization. We will discuss the decisions that lead us to these investments, the key lessons we have learned, and share our various Hubot integrations and capabilities.
Containers, Serverless, Polyglot Development World, And Others…10 trends resh...
During this presentation, you will learn about the 10 changes that might reshape the developer tools market in the next 10 years. Jarek will discuss containers, serverless functions, and how it all supports an agile and CI/CD experience. The move to a polyglot development world means most applications will be written in a mix of languages, with developers favoring tools that help them navigate easily between languages. Jarek will also walk us through the evolution away from stand-alone developer workstations toward cloud-and-container based development environments offered as a service.
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
At Rackspace::Solve NYC, Jon Hyman, CIO of Appboy and Prashanth Chandrasekar, GM of DevOps at Rackspace, discuss the role of DevOps in helping to solve the technical challenges that come with rapid growth.
Rackspace (NYSE: RAX) is the #1 managed cloud company. Our technical expertise and Fanatical Support® allow companies to tap the power of the cloud without the pain of hiring experts in dozens of complex technologies. Rackspace is also the leader in hybrid cloud, giving each customer the best fit for its unique needs — whether on single- or multi-tenant servers, or a combination of those platforms. Rackspace is the founder of OpenStack®, the open-source operating system for the cloud. Headquartered in San Antonio, we serve more than 200,000 business customers from data centers on four continents. We rank 29th on Fortune’s list of 100 Best Companies to Work For. For more information, visit www.rackspace.com.
More Related Content
What's hot
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Continuous Delivery only works if you combine automation with automatic metrics driven quality gates focusing on architectural, scalabilty and performance metrics.
In this presentation I start with several dashboard examples explaining key metrics in production and explain how to automate these metrics into your delivery pipeline.
DevOps Pipelines and Metrics Driven Feedback Loops
The goal behind devops is Faster Lead Times
What this really means for Software Delivery -> my Kodak/Smart Phone Analogy
How and Which Metrics to use along the Delivery Pipeline to make better decisions along the way.
How to explain DevOps to your mom
These are the slides used in my #devone (www.devone.at) keynote presentation:
DevOps is one of the most abused and overrated marketing terms in the last years! That’s not an alternative fact! It’s just Andi’s opinion! Yet - it is a very real thing that allowed many software companies to transform the way they think about software engineering. DevOps can mean something totally different thought depending on who you are and what type of business your company is doing. To clarify things, Andi gives us insights on how he explains the benefits to “DevOps Newbies” and how software companies around the world implement it in their own ways. Andi will answer: What does it really mean for developers, testers and operators? What will change? How does Facebook deploy twice a day without big issues? How does DevOps work in financial, government or healthcare where you have tight regulations? Does it mean Devs are responsible for Ops? Does it only work in the cloud? Or can we apply it to “old fashioned” on premise software as well? Learn for yourself and make up your own mind on whether DevOps is just a marketing term or something that can benefit you!
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
When Spotify started in 2006, with just 20 people, they were more worried about selling the idea of music streaming than of setting up monitoring systems. Fast forward to 2015 and
more than 400 engineers are collecting more than 30 million time series from more than 10000 hosts; so how did we get here? The journey has been a long one, with plenty of false starts and growing pains, from scaling systems to scaling teams to scaling the business itself; challenging what we thought we knew about operational monitoring at every step.
This talk is about some of the more interesting challenges we've faced along the way, and about what we've learned so far; covering some of the technical details but primarily focusing on the human aspects, and how our monitoring solutions have both shaped and been shaped by organizational structures and changing engineering practices.
AI-Powered DevOps: Injecting Speed & Quality Across Verizon’s Cloud Pipelines
Customer experience is a top priority for Verizon, so they turned to DevOps best practices to address technical issues. The result was tremendous – 3x faster build times and a 50% drop in reported bugs – all within the first six months!
This success evolved to an automated delivery pipeline approach that leveraged cloud and container technology, and teams were able to deploy new features faster, directly into production.
With faster releases came vast technical complexity. Using Artificial Intelligence (AI)-powered monitoring, Verizon was able to transcend this problem, and today easily manages complex, web-scale DevOps in the cloud.
• Learn the DevOps “shift-left” quality model Verizon embraced to find issues before they reached production.
• Discover best practices that accelerated Verizon’s build and test cycle times by 3x in just six months.
• Understand what AI-powered technology is, and how it can help you master the complexity of DevOps cloud environments.
• Learn how Verizon uses DevOps and cloud monitoring as part of one integrated application delivery chain.
You’ll gain best practices and insights you can use immediately!
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
CI/CD process has been something your DevOps engineer purpose-built for your team. But with Kubernetes & cloud-native, that’s becoming “legacy.” The rising level of platform abstraction allows all the good practices that the industry has developed over time to be integrated, hidden, and simplified behind just one practice called “GitOps.” That simplified world is what Jenkins X enables.
We will discuss GitOps, Jenkins X, and how that combination drastically simplifies cloud-native web app development. You’ll understand why traditional DevOps is not suitable in a Kubernetes and cloud-native world, explore GitOps principles and discover how they facilitate high-velocity app development.
And finally, Kohsuke will make a fool of himself by talking about the future — now that Jenkins X simplifies the CD process, where is the next frontier?
Facilitating DevOps Execution in an All Digital Environment
The history of how LinkedIn optimizes for developer happiness while maintaining reliability through our SRE & Foundation teams
4 Node.js Gotchas: What your ops team needs to know
To register for this webinar replay, click here:
https://info.dynatrace.com/apm_wc_nodejs_na_registration.html
There is no doubt that Node.js is one of the fastest growing platforms today. It can be found at start-ups and enterprises throughout all industries from high-tech to healthcare.
A lot of people have written about the reasons for its popularity and why it has made sense in “digital transformation” efforts. But when you implement Node.js, do you have to replace your mainframes and legacy software with a shiny new Node.js-based microservice architecture?
This 30-minute webinar walks in the shoes of those who oversee the whole digital value chain: Operation and performance teams. We will cover:
Node.js implementation requirements (Hint: you might not have to gut your whole system)
What challenges operations and performance teams face when they begin to implement Node.js
The big four gotchas that can make using Node.js difficult for an operations team
Gain the know-how to support your development and ops teams in implementing Node.js.
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools needed to actually start that testing? This talk does exactly that. It provides an overview of the open source AppSec Pipeline tool which has been used in real world companies to do real security work. Beyond a stand alone tool, the OWASP AppSec Pipeline provides numerous docker containers ready to automate, a specification to customize with the ability to create your own implementation and references to get you started.
The talk will also cover how to add an AppSec Pipeline to your team’s arsenal and provide example templates of how best to run the automated tools provided. Finally, we’ll briefly cover using OWASP Defect Dojo to store and curate the issues found by your AppSec Pipeline. The goal of this talk is to share the field-tested methods of two AppSec professionals with nearly 20 years of experience between them. If you want to start your DevSecOps journey by continuously testing rather then hear about it, this talk is for you.
Applying AI to Performance Engineering: Shift-Left, Shift-Right, Self-Healing
The document discusses how artificial intelligence can be applied to performance engineering to make it self-healing and self-service. It describes how monitoring needs have evolved from just looking at dashboards and logs to dealing with dynamic cloud environments. It outlines how AI can be used for full-stack monitoring with one agent, automated end-to-end tracing, automated log analytics and change detection. It then discusses how AI can enable shifting work left to break the pipeline earlier, improve mean time to resolution with auto-mitigation, and shift work right with tags, deployments and events to create actionable feedback loops across development, operations and business teams.
Global DevOps BootCamp
This document announces a Global DevOps Bootcamp event with hands-on challenges related to DevOps. It will take place at 73 venues worldwide with 8,000 tickets available. The agenda includes introductions to DevOps, Azure CLI, continuous integration, and demonstrations. DevOps is presented as an approach combining development, testing, and operations to enable continuous delivery. Traditional and modern IT approaches are compared. The document also outlines DevOps principles, practices, automation, containers, and serverless computing.
Spring Webflux
This document discusses reactive programming and Spring Webflux. It begins with an introduction to reactive programming and why it is needed for applications with high user expectations. It then covers reactive streams and the Reactive Manifesto. It introduces Project Reactor and compares it to RxJava. It discusses how Spring Webflux allows for non-blocking reactive REST APIs. It concludes with an overview of a demo and next steps including support for SQL, web sockets, and MongoDB.
Taking the Best of Agile, DevOps and CI/CD into security
Software development continues to move faster with the rise of Agile, DevOps, and CI/CD, while traditional AppSec continues with slow delivery and failure to scale. In this talk, we’ll discuss lessons learned from forward thinking software development at a multitude of companies, and show you how to apply them to your org. By taking the best of DevOps, CI/CD and Agile, you can iteratively up your AppSec program and ascend out of traditional AppSec pitfalls.
My talk from Secure Coding Virtual Summit (2021-03-24)
The Role of Automation in the Journey to Continuous Delivery
Presenters Robert Reeves, CTO and Cofounder of Datical, and Tim Buntel, VP of Products at XebiaLabs, give an expert presentation on the role of automation in Continuous Delivery. Find the entire webinar here: https://xebialabs.com/community/webinars/
Metrics driven dev ops 2017
Metrics-Driven DevOps discusses how Dynatrace has shifted to continuous delivery of software using a DevOps approach. Some key points:
- Dynatrace has moved to releasing major updates 26 times per year with 170 production deployments daily, up from a previous model of major releases every 6 months.
- They implemented practices like continuous integration/delivery, performance testing pipelines, and monitoring of production metrics to optimize lead time and catch issues earlier.
- Dynatrace uses its own products to monitor pipelines and applications, enabling teams to get feedback and fail builds quickly when issues arise.
- Culture change and collaboration across teams was important to align engineers as the company transformed practices to support continuous delivery at
Continuously serving the developer community with Continuous Integration and...
Snap CI enables software teams to do Continuous Delivery (CD). When practicing CD, the goal is to automate the deployment process and build software in such a way that it can be deployed to production any time. As a deployment tool, Snap CI cannot have downtime. If it did, our users would not be able to deploy their own software. We had to change Snap CI’s architecture to ensure zero-downtime and we chose to do blue-green deployments to achieve it. In this approach, we had to maintain two instances of our system: one active instance, and one inactive instance. Based on our experiences, we will share some tricks of the trade from the numerous challenges we faced such as: making the application aware of whether it was active or inactive, handling data migrations, and babysitting long-running jobs.
These are the slides from Akshay Karle and Fernando Junior's presentation on Agile Brazil 2015.
DevSecOps Fundamentals and the Scars to Prove it.
This document discusses the fundamentals and evolution of DevSecOps. It begins by introducing the author and their background. It then outlines key DevSecOps concepts like reducing complexity, managing dependencies, shared understanding, enabling default security controls, fully utilizing frameworks, embracing cloud-native principles, codifying processes, treating servers as cattle, and automating workflows. The document also discusses the importance of DefectDojo and generating AppSec pipelines to integrate security testing into development pipelines in order to scale efforts and increase visibility, consistency, and flow. It emphasizes automating non-human tasks to optimize security personnel.
Microservices 101: From DevOps to Docker and beyond
Containers and microservices are two of the fastest-growing trends in technology, enabled by a modern approach to software development and deployment called DevOps. This talk will delve into the increasingly mainstream trend of DevOps, the Docker and containers ecosystem including current enterprise adoption, and how they combine to form a new style of software architecture dubbed microservices. We'll close by looking at real-world examples of containers and microservices architectures at leading-edge companies.
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
This document outlines the top 10 ways to fail at DevOps. It discusses failing to include management buy-in, becoming too reliant on open source software, and failing to consider IT history. It also notes that DevOps should not mean "DevNo-Ops" and that the same automation used in development and testing environments should also be applied to production, with the production environment in mind from the beginning. Centralizing DevOps and thinking failures in production are acceptable are also outlined as ways to fail at DevOps. The document provides context and examples for each of the top 10 ways.
DOES SFO 2016 - Daniel Perez - Doubling Down on ChatOps in the Enterprise
HPE's Research Development & Engineering team has been on a fast-tracked DevOps journey over the past couple of years.
During our DOES 2014 talk we shared our deployment of ElectricFlow as a highly available and centralized self-service solution that has enabled HPE developers to quickly onboard onto ElectricFlow for build/test/deployment pipelines in a repeatable and cost-effective way.
At DOES 2015 we expanded on our investments into a comprehensive monitoring, self-healing, and accelerated deployment strategy across all of our applications to further bridge our Dev and Ops gap with greater visibility into our environments and to accelerate our time-to-market with repeatable and fully automated deploys.
Join us this year as we continue in this journey with our biggest transformation yet: the proliferation of ChatOps within our organization. We will discuss the decisions that lead us to these investments, the key lessons we have learned, and share our various Hubot integrations and capabilities.
What's hot (20)
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
DevOps Pipelines and Metrics Driven Feedback Loops
DevOps Pipelines and Metrics Driven Feedback Loops
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
AI-Powered DevOps: Injecting Speed & Quality Across Verizon’s Cloud Pipelines
AI-Powered DevOps: Injecting Speed & Quality Across Verizon’s Cloud Pipelines
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
Facilitating DevOps Execution in an All Digital Environment
Facilitating DevOps Execution in an All Digital Environment
4 Node.js Gotchas: What your ops team needs to know
4 Node.js Gotchas: What your ops team needs to know
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Applying AI to Performance Engineering: Shift-Left, Shift-Right, Self-Healing
Applying AI to Performance Engineering: Shift-Left, Shift-Right, Self-Healing
Taking the Best of Agile, DevOps and CI/CD into security
Taking the Best of Agile, DevOps and CI/CD into security
The Role of Automation in the Journey to Continuous Delivery
The Role of Automation in the Journey to Continuous Delivery
Continuously serving the developer community with Continuous Integration and...
Continuously serving the developer community with Continuous Integration and...
Microservices 101: From DevOps to Docker and beyond
Microservices 101: From DevOps to Docker and beyond
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Daniel Perez - Doubling Down on ChatOps in the Enterprise
DOES SFO 2016 - Daniel Perez - Doubling Down on ChatOps in the Enterprise
Similar to Sonatype Software Supply Chain 2017 - JAVA Users Group
Containers, Serverless, Polyglot Development World, And Others…10 trends resh...
During this presentation, you will learn about the 10 changes that might reshape the developer tools market in the next 10 years. Jarek will discuss containers, serverless functions, and how it all supports an agile and CI/CD experience. The move to a polyglot development world means most applications will be written in a mix of languages, with developers favoring tools that help them navigate easily between languages. Jarek will also walk us through the evolution away from stand-alone developer workstations toward cloud-and-container based development environments offered as a service.
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
At Rackspace::Solve NYC, Jon Hyman, CIO of Appboy and Prashanth Chandrasekar, GM of DevOps at Rackspace, discuss the role of DevOps in helping to solve the technical challenges that come with rapid growth.
Rackspace (NYSE: RAX) is the #1 managed cloud company. Our technical expertise and Fanatical Support® allow companies to tap the power of the cloud without the pain of hiring experts in dozens of complex technologies. Rackspace is also the leader in hybrid cloud, giving each customer the best fit for its unique needs — whether on single- or multi-tenant servers, or a combination of those platforms. Rackspace is the founder of OpenStack®, the open-source operating system for the cloud. Headquartered in San Antonio, we serve more than 200,000 business customers from data centers on four continents. We rank 29th on Fortune’s list of 100 Best Companies to Work For. For more information, visit www.rackspace.com.
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
The document discusses tools and strategies for accelerating application development using AWS and NetApp technologies. It describes how DevOps approaches can help organizations deploy code faster through continuous integration and delivery pipelines. The presentation covers how NetApp technologies like snapshots, cloning, and a Jenkins plugin can be used to build out infrastructure for continuous integration testing in a DevOps workflow. Integrating these tools is presented as a way to improve developer productivity and accelerate application delivery.
Sencha Tooling - Senchacon Conference
This document discusses cross-platform mobile app development using Cordova and the Sencha Visual Studio Code plugin. It provides an overview of Cordova as an open-source framework that allows building mobile apps with a single shared codebase across platforms. It also summarizes the Sencha Visual Studio Code plugin, which provides features like IntelliSense, code navigation, documentation lookup, code generation templates, and debugging support for building Ext JS applications in Visual Studio Code.
SenchaCon 2016: Cross-Platform Mobile App Development with Cordova and Visual...
The promise of hybrid mobile app development using Cordova is quite alluring. As a web developer, you use your Ext JS skills to build cross-platform mobile applications for iOS/Android/Windows with a single code base. Visual Studio and the latest Ext JS framework provide powerful capabilities with which you can create sophisticated, mobile apps with UX components such as Pivot Grid, Calendar, and D3-based charts. Join Microsoft and Sencha to see how to build enterprise cross-platform mobile apps using Visual Studio, Ext JS, and Apache Cordova, and leverage device capabilities.
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
Adopting containers at scale is fundamentally a cultural change. In late 2015, PayPal decided to migrate en masse to containers for applications built on many different frameworks over the last 15 years. It was a bold and strategic plan that included how to showcase value of containers to leadership, a phased execution strategy, building the right team to lead, and cultural transformation. Changing application code, deployment methods, and operational tools were at onset non-negotiable. This session will share how the plan was pitched and the learnings that unfolded as PayPal carefully changed everything - and nothing at the same time - to get to 150,000 containers running in production in 2 years.
AppSec Pipelines and Event based Security
Matt Tesauro discusses moving application security (AppSec) beyond traditional security testing towards event-based security using continuous integration/continuous delivery (CI/CD) pipelines and automation. Key points include:
- Implementing AppSec pipelines that automate security tasks using tools like Docker to increase efficiency and consistency while reducing friction between AppSec and development teams.
- Treating individual security findings as tests that are run continuously via tools like Jenkins to quickly determine when issues are fixed.
- With increased automation and efficiency, one company increased the number of application assessments from 44 in 2014 to over 400 in 2016 while reducing AppSec staffing levels.
Alibaba Cloud Conference 2016 - Docker Enterprise
This document provides an overview of Docker and John Willis, including:
1. John Willis is the director of ecosystem development at Docker and has extensive experience in the DevOps field, including founding DevOps conferences and companies.
2. It discusses DevOps practices that Docker enables, like continuous delivery, version control, and automating everything.
3. Docker aims to eliminate friction in the development cycle by providing tools for mass innovation through a programmable internet and container platform.
How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...engineermaste solution
React Native is a JavaScript framework that allows developers to build mobile apps for Android and iOS using a single codebase. It was created by Facebook in 2015 for internal use and has since become popular for its cross-platform capabilities. React Native allows businesses to develop higher quality, faster loading mobile apps at a lower cost compared to native development. Performance optimization techniques for React Native apps include removing unnecessary logging, ensuring animations run at 60 frames per second, delaying heavy calculations, using FlatLists over ScrollViews, and compressing large files.Why big organizations like tesla, facebook, walmart, skype are using react na...
Why big organizations like tesla, facebook, walmart, skype are using react na...MoonTechnolabsPvtLtd
The creators of Facebook laid the foundation of React Native – an astonishingly powerful and effective system that developers all over the world swear by. It gave brands like Instagram, Airbnb, Skype, Walmart, Wix, Tesla, SoundCloud, and many others the wings they needed to fly. These brands released world-renowned apps that everyone is using these days. React Native is an exciting open-source framework that’s the most favored choice for the development of both Android and iOS applications.Docker Bday #5, SF Edition: Introduction to Docker
In celebration of Docker's 5th birthday in March, user groups all around the world hosted birthday events with an introduction to Docker presentation and hands-on-labs. We invited Docker users to recognize where they were on their Docker journey and the goal was to help them take the next step of their journey with the help of mentors. This presentation was done at the beginning of the events (this one is from the San Francisco event in HQ) and gives a run down of the birthday event series, Docker's momentum, a basic explanation of containers, the benefits of using the Docker platform, Docker + Kubernetes and more.
Open Source in Security-Critical Environments
As growth and impact of open source in security-critical environments is on the rise, trends in open-source communities are making them more attentive to security issues and best practices. This session will cover best practices for using open-source code in business-critical environments. It will provide practical suggestions, with a focus on DevOps professionals and management.
Learning Objectives:
1: Understand the security impact of using 80–90% open-source code in modern apps.
2: Learn about best practices for helping make open-source code more secure.
3: Gain actionable info about open-source security applied to edge, network, cloud.
(Source: RSA Conference USA 2018)
Open source-in-security-critical-environments
Open Source is here to stay in security critical environments and every place software is used
Creating Applications these days is like making a sandwich
The Enterprise Case for Node.js
Node.js is a popular JavaScript runtime that provides a fast and scalable platform for building modern, server-side web applications. The document discusses Node.js's growth and backing by major companies. It outlines how Node.js can improve performance, customer experience, and productivity for enterprises. Node.js handles high concurrency well due to its event-driven and non-blocking model. Case studies show how companies like Netflix, PayPal and Groupon saw benefits from Node.js. The appendix provides a directory of Node.js enterprise services and tools.
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodeCommit, AWS CodePipeline, and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.
Why react native is the best choice for app development process
if you are still wondering whether to choose the React Native app development framework or the Hybrid app framework, you know React Native wins the discussion here. However, the choice completely depends on your app requirements, budget, time, and app features.
DockerCon EU 2017 - General Session Day 2
This document summarizes Scott Johnston's keynote at a Docker event. It discusses Docker's modernization journey program which helps customers modernize traditional applications through partnerships. It provides examples of modernization projects with the MTA program that reduced costs by 50% while improving portability, agility and security. The keynote outlines Docker's incremental approach and working with customers and partners at their own pace on their modernization journey.
Continuuity Presents at Under the Radar 2013
This document discusses Continuuity's App Fabric platform, which aims to make building big data applications easier. It does this by providing (1) a Hadoop application server and development framework that allows Java developers to build big data apps, slashing development time, and (2) management tools that allow for drag and drop app deployment and one click application portability. This bridges the gap between IT and business users by operationalizing data insights through a standardized and scalable platform.
Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and ...
The SDACK architecture stands for Spark, Docker, Akka, Cassandra, and Kafka. At TrendMicro, we adopted the SDACK architecture to implement a security event inspection platform for APT attack analysis. In this talk, we will introduce SDACK stack with Spark lambda architecture, Akka and Kafka for streaming data pipeline, Cassandra for time series data, and Docker for microservices. Specifically, we will show you how we Dockerize each SDACK component to facilitate the RD team of algorithms development, help the QA team test the product easily, and use the Docker as a Service strategy to ship our products to customers. Next, we will show you how we monitor each Docker container and adjust the resource usage based on monitoring metrics. And then, we will share our Docker security policy which ensures our products are safety before shipping to customers. After that, we'll show you how we develop an all-in-one Docker based data product and scale it out to multi-host Docker cluster to solve the big data problem. Finally, we will share some challenges we faced during the product development and some lesson learned.
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
This document discusses how Spring Boot and Pivotal Application Service (PAS) are well-suited for developing and deploying cloud native applications. Spring Boot helps developers follow the Twelve-Factor App methodology and simplifies tasks like dependency management, configuration, and deployment across environments. When deployed to PAS, Spring apps benefit from features like auto-scaling, service discovery, and integration with services on the Cloud Foundry platform like the User Account and Authentication service.
Similar to Sonatype Software Supply Chain 2017 - JAVA Users Group (20)
Containers, Serverless, Polyglot Development World, And Others…10 trends resh...
Containers, Serverless, Polyglot Development World, And Others…10 trends resh...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
SenchaCon 2016: Cross-Platform Mobile App Development with Cordova and Visual...
SenchaCon 2016: Cross-Platform Mobile App Development with Cordova and Visual...
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
How React Native has changed Web and Mobile Application Development, Engineer...
How React Native has changed Web and Mobile Application Development, Engineer...
Why big organizations like tesla, facebook, walmart, skype are using react na...
Why big organizations like tesla, facebook, walmart, skype are using react na...
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Why react native is the best choice for app development process
Why react native is the best choice for app development process
Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and ...
Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and ...
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
More from Ravi Lachhman
DevOps Days ATL 2022 - Ravi Lachhman
This document discusses the similarities between developer experience (DX) and doughnuts. It introduces DX and compares its three pillars - usability, findability, and credibility - to qualities of doughnuts like ease of eating and location. The document suggests measuring DX in similar ways to user experience, like through user journey mapping and heat maps. It closes by considering optimal team sizes for DX support in terms of pizzas or doughnuts.
DevOps vs SRE - CI/CD Pipelines Bridging the Gap
Two hot job titles that were not around or mainstream several years ago are DevOps and site reliability engineers. What can feel like DevOps engineers are a catch all around engineering efficiency, system administration, and release management tend to have oddly broad job descriptions. Site reliability engineers, on the other hand, have a more defined focus around resiliency but a broad scope in the organization with the teams they support. A conduit between the two teams is a Continous Delivery pipeline. In times of an incident, your SRE team might be redeploying the application as a remedy or day-to-day activity the DevOps team enables efficiency with a pipeline. Learn about different roles and responsibilities on each and how your CI/CD pipelines can be used in both in times of joy and incidents.
What Can We Learn about KBBQ and Kubernetes
This is a sample presentation for {unscripted} conference to give the speakers as a sample talk. Though willing to give this talk for real. Korean BBQ and Kubernetes aka K8s.
Machine Learning for Continuous Delivery
Let our friends, the machines, help with building confidence in your Continuous Delivery pipeline. We can compare doughnuts to software to make this more delicious.
Doughnut Dilemma - SRECon
Doughnuts are made out of eggs, sugar, flour, a milk. An application to be useful requires compute, memory, storage, and networking. What does a delicious doughnut have to do with these pillars of infrastructure? We live in a world of finite resources. There are only so many doughnuts and so much infrastructure to run and power our applications. Resource Managers are crucial to make sure our applications have the firepower to run and be placed on the most efficient infrastructure. Let's look at varying requests for doughnuts and how popular resource manager algorithms work.
AWS re:Invent - AIOps - What do you say you do here
With the rise of AIOps, this presentation from AWS re:Invent sheds some light on exactly what an AIOps system does.
CloudNativeCon Stability in an Unstable World
Architectures and organizations are embracing Cloud Native architectures. Living in a Cloud First world, two key concepts are key pillars in the Cloud Native push. Idempotency and Ephemerality are not new concepts but woven together is ushering in the next generation of Cloud Native enterprise agility.
Caribbean Developers Conference - 201K8s
Kubernetes has celebrated it’s fourth birthday in 2018. This graduated pillar of the Cloud Native Computing Foundation is revolutionizing how workloads are ran. Container orchestrators have been rising in importance and popularity as workloads are being containerized. A recent shift of describing your applications to an orchestrator deployment descriptor to building applications with the orchestrator primitives. This shift is being lead by the orchestrator SDKs. Will be running quickly through the history of Kubernetes and diving into Operators and the Operators SDK.
Twelve Factor App vs Twelve Layer Burrito
The document compares the 12-layer burrito to the 12 Factor App methodology for building cloud-native applications. It outlines the key differences between the two, such as one being food and the other being software principles. It then proceeds to explain each of the 12 factors in the 12 Factor App methodology, such as having a codebase, managing dependencies, separating configuration, and other best practices for app portability and scalability. The document promotes following the 12 Factor App methodology to build apps that are easy to deploy and maintain in modern cloud environments.
Js Conf 2018 - Confessions of a JEE Addict
What is in your NPM Install? Point of view from a JEE developer why your package.json is growing and growing and what you can do to start to get a handle on dependency hell.
Someone Call the Operator - ATL K8's Meetup
Stateful vs Stateless Applications in Kubernetes might be cliche in 2018. A host of advancements and projects in the K8’s ecosystem help bridge the gap. With the Product Owner’s dilemma, having to produce a K8’s deployable was one more distribution for an application.
CloudBees and Sonatype - MeetUp
MeetUp with Enterprise Jenkins from CloudBees and Sonatype's Open Source Management Platform. Helping automate OSS governance.
More from Ravi Lachhman (12)
AWS re:Invent - AIOps - What do you say you do here
AWS re:Invent - AIOps - What do you say you do here
Recently uploaded
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Skybuffer SAM4U tool for SAP license adoption
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Best 20 SEO Techniques To Improve Website Visibility In SERP
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Public CyberSecurity Awareness Presentation 2024.pptx
Cyber security awareness slides for a busisness by TreeTop Security
Azure API Management to expose backend services securely
How to use Azure API Management to expose backend service securely
GNSS spoofing via SDR (Criptored Talks 2024)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Astute Business Solutions | Oracle Cloud Partner |
Your goto partner for Oracle Cloud, PeopleSoft, E-Business Suite, and Ellucian Banner. We are a firm specialized in managed services and consulting.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Recently uploaded (20)
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
Azure API Management to expose backend services securely
Azure API Management to expose backend services securely
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Sonatype Software Supply Chain 2017 - JAVA Users Group
- 1. Tampa JAVA Users Group May 2017 Ravi Lachhman – JAR Wrangler
- 2. 1 COMPANIES DON’T WRITE; 2 3 SOFTWARE ANYMORE;
- 4. Utilizing billions of parts from open source communities... 80% to 90% of modern apps consist of assembled components.
- 5. “You cannot inspect quality into a product.” W. Edwards Deming Out of the Crisis 1982 5
- 6. THE BEST ARE BORROWING FROM DEMING
- 7. NOT ALL PARTS ARE CREATED EQUAL
- 8. Say Hello to Your Software Supply Chain…
- 9. 1,152 new projects per day 10,000 new versions per day 14x releases per year
- 10. THE SSC INDEX Open Source Component Download Requests, The Central Repository, 2008 - 2016
- 11. DOWNLOAD RECORDS FOR 2014 2015 2016 4.6 BILLION 22.5 59.0
- 12. DOCKER HUB DOWNLOADS 1,000,000,000 2014 2015 2016 3,000,000,000 6,000,000,000 9,000,000,000 12,000,000,000 2017 2014 1M PULLS 2015 1B PULLS 2016 6B PULLS 2017 12B PULLS Source: DockerCon 2017 Keynote
- 13. 2014 2015 2016 5.5%6.1%6.2% DEFECT DOWNLOAD RATIO FOR JAVA COMPONENTS
- 14. 125,701 downloads orders 3,185 components - all versions parts 1,346 components suppliers Analysis of 7,500 organizations
- 15. 125,701 downloads Analysis of 7500 organizations 7,248 5.8% known security vulnerabilities
- 16. Warehouses Manufacturers Finished Goods 6.1% component downloads are vulnerable 5.6% components in repository managers are vulnerable 6.8% components in applications are vulnerable
- 17. DEFECT RATIO FOR JAVASCRIPT Source: Thou Shalt Not Depend on Me: Analyzing the Use of Outdated JavaScript Libraries on the Web, © 2017 NDSS, Northeastern University 87% of handlebars inclusions were known vulnerable 37% of jQuery inclusions were known vulnerable 40% of Angular inclusions were known vulnerable 37% websites include at least one library with a known vulnerability
- 18. Source: 2014 Sonatype Open Source Development and Application Security Survey, and Sonatype’s 2017 DevSecOps Community survey ALMOST 4-IN-10 RUN WITHOUT AN OPEN SOURCE POLICY Q: Does your organization have an open source policy? 2014 2017 57% YES 58% YES
- 19. NEWER COMPONENTS MAKE BETTER SOFTWARE Analysis of components in 25,000 applications scans COMPONENTS BY YEAR DEFECT DENSITY 1 2 3 4 5 6 7 8 9 10 11 5% 10% 15% 20% 25% Component Age in Years 3X HIGHER DEFECT DENSITY
- 20. OLDER COMPONENTS DIE OFF Analysis of components in 25,000 applications scans INACTIVE PROJECTS (% on latest version) 1 2 3 4 5 6 7 8 9 10 11 5% 10% 15% 20% 25% Component Age in Years
- 23. 18,330,958 78% downloads were vulnerable COMMONS COLLECTION CWE-502 23,476,966 total downloads in 2016
- 24. 2,731 organizations downloaded the vulnerable versions. STRUTS2 CVE-2017-5638 279,796 total downloads in 2016 Image Source: Canadian Revenue Agency, Wikipedia
- 26. ZTTR (Zero Time to Remediation) EMPOWER DEVELOPERS FROM THE START @weekstweets
- 27. Create your own for free at bit.ly/softwareBOM @sonatype CREATE A SOFTWARE BILL OF MATERIALS