Security in applications is a never-ending story. Most of the knowledge about how to build secure applications is derived from knowledge and experience. And we've all done the same mistakes every Java EE developer does over and over again. But how to solve the real business requirements behind access and authorization with Java EE? Can I have a 15k rights matrix? Does that perform? How to secure the transport layer? How does session binding works? Can I implement 2-Factor-Authentication? And what about social integrations? This talk outlines the key capabilities of the Java EE platform and introduces the audience to additional frameworks and concepts which do help by implementing all kinds of security requirements in Java EE based applications.
Taking the friction out of microservice frameworks with LagomMarkus Eisele
Lagom is a new framework for Java designed with microservices in mind. It aims to simplify the process of building microservice-based systems that communicate asynchronously, self-heal, scale elastically and remain responsive under load and under failure.
Many of the challenges of microservices are caused by the fact we use tools designed without them in mind. So, how can a framework made to build systems composed of microservices from the start offer us a better solution? Because Lagom is a tool that is highly opinionated and explicitly designed to make development and production with microservices easy, it brings back all the fun and productivity into programming while still enabling you to build a reactive, distributed, highly scalable and rock solid application.
By the end of this presentation, you'll have experienced first hand how creating systems of microservices on the JVM using Lagom is dead-simple, intuitive, frictionless and a lot of fun! And we’ll ask whether reactive microservices are potentially so much better than, for example, Java EE?
DevoxxUK https://cfp.devoxx.co.uk/2016/talk/UZA-8885/Taking_the_friction_out_of_microservice_frameworks_with_Lagom
How would ESBs look like, if they were done today.Markus Eisele
Looking past former hype topics such as enterprise application integration, ESBs, and SOA, the fact is that the need for reliable integration solutions that are manageable and scalable is growing. More devices and datasources, combined with new and upcoming use cases and exciting wearables in a cloudified and heterogeneous infrastructure, require more bits and pieces than just a central ESB with some rules and point-to-point connections. What would that look like? And how can we keep the resultant solutions manageable? Attend this session to find out.
Vertical thinking for a simple architecture!
Micro Services are a new way of architectural thinking in web platforms. The key idea is strongly aligned on the unix philosophy: Create small services which are only responsible for one thing and make them work together. With this in mind, you get simple applications, which can be developed, deployed and scaled independent from each other.
The key challenge in using micro services is to decompose applications vertically, by their functional domains. Only with this, you are able to reduce dependencies and create simple applications.
On a technical side, micro services are backed by a wide support in different programming languages and open source frameworks. Especially the state of the art deployment mechanisms make this approach possible at all.
If you need to build highly performant, mission critical ,microservice-based system following DevOps best practices, you should definitely check Service Fabric!
Service Fabric is one of the most interesting services Azure offers today. It provide unique capabilities outperforming competitor products.
We are seeing global companies start to use Service Fabric for their mission critical solutions.
In this talk we explore the current state of Service Fabric and dive deeper to highlight best practices and design patterns.
We will cover the following topics:
• Service Fabric Core Concepts
• Cluster Planning and Management
• Stateless Services
• Stateful Services
• Actor Model
• Availability and reliability
• Scalability and perfromance
• Diganostics and Monitoring
• Containers
• Testing
• IoT
Live broadcast on https://www.youtube.com/watch?v=Zuxfhpab6xo
Microservices architecture has many benefits. But it comes at a cost. Running microservices and monitoring what’s going on is tedious. That’s why MicroProfile adopts monitoring as a first-class concept. In this session, learn how MicroProfile runtimes collect metrics and how to seamlessly collect them with tools like Prometheus and Grafana. Learn how MicroProfile makes it easy to connect information about interrelated service calls, how to gather the information and analyze system bottlenecks, how to deploy and scale MicroProfile applications with Kubernetes and how to react to their health status to detect and automatically recover from failures.
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup
Azure Service Fabric is now Generally Available!
In this meetup we will start from the beginning and define what is microservice.
Next we will have a deep dive in Azure Service Fabric. Azure Service Fabric is one of the most interesting Azure service. Used internally in Microsoft for 5 years and backing up one of the most demanding Azure services today such as Azure SQL, Document DB, Cortana and Skype for Business.
We will be talking about the two models that are supported by Azure Service Fabric:
- Reliable Services (We will explore the reasons for having both stateful and stateless offerings in this model)
- Reliable Actors
Then we will talk how you can create Azure Service Fabric cluster on premise or in another cloud.
We will demo deployments in Azure for the various models.
Azure Service Fabric is the most advanced and complete offering for developing and hosting microservices in Azure. It builds on years experience Microsoft acquired running one of the most demanding services such as Azure SQL. Moreover, Azure Service Fabric solves very difficult distributed computing problems such as data synchronization, zero downtime deployment, update and rollback operations at large scale.
Join us to learn more about Azure Service Fabric and start using it immediately after the meetup!
Taking the friction out of microservice frameworks with LagomMarkus Eisele
Lagom is a new framework for Java designed with microservices in mind. It aims to simplify the process of building microservice-based systems that communicate asynchronously, self-heal, scale elastically and remain responsive under load and under failure.
Many of the challenges of microservices are caused by the fact we use tools designed without them in mind. So, how can a framework made to build systems composed of microservices from the start offer us a better solution? Because Lagom is a tool that is highly opinionated and explicitly designed to make development and production with microservices easy, it brings back all the fun and productivity into programming while still enabling you to build a reactive, distributed, highly scalable and rock solid application.
By the end of this presentation, you'll have experienced first hand how creating systems of microservices on the JVM using Lagom is dead-simple, intuitive, frictionless and a lot of fun! And we’ll ask whether reactive microservices are potentially so much better than, for example, Java EE?
DevoxxUK https://cfp.devoxx.co.uk/2016/talk/UZA-8885/Taking_the_friction_out_of_microservice_frameworks_with_Lagom
How would ESBs look like, if they were done today.Markus Eisele
Looking past former hype topics such as enterprise application integration, ESBs, and SOA, the fact is that the need for reliable integration solutions that are manageable and scalable is growing. More devices and datasources, combined with new and upcoming use cases and exciting wearables in a cloudified and heterogeneous infrastructure, require more bits and pieces than just a central ESB with some rules and point-to-point connections. What would that look like? And how can we keep the resultant solutions manageable? Attend this session to find out.
Vertical thinking for a simple architecture!
Micro Services are a new way of architectural thinking in web platforms. The key idea is strongly aligned on the unix philosophy: Create small services which are only responsible for one thing and make them work together. With this in mind, you get simple applications, which can be developed, deployed and scaled independent from each other.
The key challenge in using micro services is to decompose applications vertically, by their functional domains. Only with this, you are able to reduce dependencies and create simple applications.
On a technical side, micro services are backed by a wide support in different programming languages and open source frameworks. Especially the state of the art deployment mechanisms make this approach possible at all.
If you need to build highly performant, mission critical ,microservice-based system following DevOps best practices, you should definitely check Service Fabric!
Service Fabric is one of the most interesting services Azure offers today. It provide unique capabilities outperforming competitor products.
We are seeing global companies start to use Service Fabric for their mission critical solutions.
In this talk we explore the current state of Service Fabric and dive deeper to highlight best practices and design patterns.
We will cover the following topics:
• Service Fabric Core Concepts
• Cluster Planning and Management
• Stateless Services
• Stateful Services
• Actor Model
• Availability and reliability
• Scalability and perfromance
• Diganostics and Monitoring
• Containers
• Testing
• IoT
Live broadcast on https://www.youtube.com/watch?v=Zuxfhpab6xo
Microservices architecture has many benefits. But it comes at a cost. Running microservices and monitoring what’s going on is tedious. That’s why MicroProfile adopts monitoring as a first-class concept. In this session, learn how MicroProfile runtimes collect metrics and how to seamlessly collect them with tools like Prometheus and Grafana. Learn how MicroProfile makes it easy to connect information about interrelated service calls, how to gather the information and analyze system bottlenecks, how to deploy and scale MicroProfile applications with Kubernetes and how to react to their health status to detect and automatically recover from failures.
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup
Azure Service Fabric is now Generally Available!
In this meetup we will start from the beginning and define what is microservice.
Next we will have a deep dive in Azure Service Fabric. Azure Service Fabric is one of the most interesting Azure service. Used internally in Microsoft for 5 years and backing up one of the most demanding Azure services today such as Azure SQL, Document DB, Cortana and Skype for Business.
We will be talking about the two models that are supported by Azure Service Fabric:
- Reliable Services (We will explore the reasons for having both stateful and stateless offerings in this model)
- Reliable Actors
Then we will talk how you can create Azure Service Fabric cluster on premise or in another cloud.
We will demo deployments in Azure for the various models.
Azure Service Fabric is the most advanced and complete offering for developing and hosting microservices in Azure. It builds on years experience Microsoft acquired running one of the most demanding services such as Azure SQL. Moreover, Azure Service Fabric solves very difficult distributed computing problems such as data synchronization, zero downtime deployment, update and rollback operations at large scale.
Join us to learn more about Azure Service Fabric and start using it immediately after the meetup!
The goal of MicroProfile is to optimise Java EE for a micro-service architecture. It is based on some of the Java EE specifications and standardise a few technologies from the micro-services space.
However, some of the MicroProfile implementations are completely different 'servers', like the KumuluzEE server. So how can you migrate easily from your favorite Java EE server to a MicroProfile implementation?
This session shows you an overview of what MicroProfile.IO is and how it relates to Java EE. It then demonstrates with a few examples how you can adjust your Java EE application to incorporate some of the MicroProfile.IO specifications and how you can transform your Java EE application to a MicroProfile.IO one using Thorntail, Payara Micro, and KumuluzEE.
10 yrs ago, SOA promised a lot of the same things Microservices promise use today. So where did we go wrong? What makes microservices different? In this talk, we discussed from an architectural view how we went sideways with SOA, why we must embrace things like Domain Driven Design and scaled-out architectures, and how microservices can be built with enterprises in mind. We also cover a step-by-step, in-depth tutorial that covers these concepts.
Highlights the services in Azure that provide microservices, including App Service, Logic Apps, Functions, Azure SQL Database, Service Bus, containers, Traffic Manager, etc.
The 6 Rules for Modernizing Your Legacy Java Monolith with MicroservicesLightbend
We change a monolithic system only when we have no other choice. Traditional enterprise systems are tightly-coupled; all-in-one, all-or-nothing, difficult to scale, difficult to understand and difficult to maintain.
Rather than swiftly capture opportunity, we ponder if it’s really worth it—is it worth upsetting the delicate balance of the house of cards we call our enterprise system? Often the opportunity quickly disappears, captured by a faster company. Some people have started calling this “Getting Ubered”.
So what can you do about it? Talking about Microservices is one thing, but how can your organization start taking action to address this issue?
In this webinar by battle-hardened Enterprise Advocate, Kevin Webber, we walk through the 6 key concepts to understand as a guide for taking action:
1. Domain Driven Design (DDD)
2. Asynchronous messaging
3. API management
4. Dependency management
5. CQRS & event sourcing
6. Transactions & ordering
Reactive Platform has what you need to breath new life into your legacy system with a new Microservices-based approach.
Fundamental and Practice.
Explain about microservices characters and pattern. And also how to be good build microservices. And also additional the scale cube and CAP theory.
Reactive Streams 1.0.0 is now live, and so are our implementations in Akka Streams 1.0 and Slick 3.0.
Reactive Streams is an engineering collaboration between heavy hitters in the area of streaming data on the JVM. With the Reactive Streams Special Interest Group, we set out to standardize a common ground for achieving statically-typed, high-performance, low latency, asynchronous streams of data with built-in non-blocking back pressure—with the goal of creating a vibrant ecosystem of interoperating implementations, and with a vision of one day making it into a future version of Java.
Akka (recent winner of “Most Innovative Open Source Tech in 2015”) is a toolkit for building message-driven applications. With Akka Streams 1.0, Akka has incorporated a graphical DSL for composing data streams, an execution model that decouples the stream’s staged computation—it’s “blueprint”—from its execution (allowing for actor-based, single-threaded and fully distributed and clustered execution), type safe stream composition, an implementation of the Reactive Streaming specification that enables back-pressure, and more than 20 predefined stream “processing stages” that provide common streaming transformations that developers can tap into (for splitting streams, transforming streams, merging streams, and more).
Slick is a relational database query and access library for Scala that enables loose-coupling, minimal configuration requirements and abstraction of the complexities of connecting with relational databases. With Slick 3.0, Slick now supports the Reactive Streams API for providing asynchronous stream processing with non-blocking back-pressure. Slick 3.0 also allows elegant mapping across multiple data types, static verification and type inference for embedded SQL statements, compile-time error discovery, and JDBC support for interoperability with all existing drivers.
With the rise of micro-services, REST communication is more popular than ever. But the communication between the different parts must also be performed in a secure way.
First, we need to know if the user or system is allowed to call the JAX-RS endpoint. For this authentication part, self-contained tokens are the best option to not overload any of our services in the system. JWT which contains the authentication but also can contain the authorization info is ideal for this use-case.
And secondly, we need guarantees that the message isn't altered, that we can have message integrity. For that part, we can use signatures as specified in the HTTP signature draft specification.
Hello All,
Let's meet and discuss what are the new announcements from Build 2016 and how we can best leverage them in our business!
Here are some of the topics we will cover this time:
- Azure Functions
- Service Fabric
- Azure Storage
- Document DB
- Azure Container Services
- Power BI Embedded
- ASP.NET Core
- Virtual Machine Scale Sets
I will be happy to share my experience from the conference, especially the session I visited and also the conversations I had with various Microsoft representatives.
Azure is developing faster than ever and Microsoft is driving the platform in very interesting direction that require us to know and work with more and more new technologies!
Come and join us to learn more about Azure!
I am arranging the venue but my plan for the meetup is to be on April 25-th or April 27-th from 19:30. I will keep you updated on that!
Thank you!
Kanio
MVC 6 - the new unified Web programming modelAlex Thissen
Presentation for Dutch Microsoft TechDays 2015:
With ASP.NET 5 comes MVC 6 with a programming model that unifies Web Pages, MVC and Web API. Each of these has been rebuilt to reflect Microsoft's vision of lean and composable web applications. In this session you will see the changes that have been made to the programming model. We will cover topics such as the new POCO controllers, View Components, dependency injection and much more. Plus, you are going to see the significant changes to the ASP.NET runtime on which MVC 6 is built.
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Lucas Jellema
Microservices are independent, encapsulated entities that produce meaningful results and business functionality in tentative collaboration. Events and pub/sub are great for allowing such decoupled interaction. Using Apache Kafka as robust, distributed, real-time, high volume event bus, this session demonstrates how microservices implemented in Java, Node, Python and SQL collaborate unknowingly. The microservices respond to social (media) events - courtesy of IFTTT - and publish results to multiple channels. The event bus operates across cloud services and on premises platforms: both the bus and the microservices can run anywhere.
Microservices with Apache Camel, DDD, and KubernetesChristian Posta
Building microservices requires more than just infrastructure, but infrastructure does have a role. In this talk we look at microservices from an enterprise perspective and talk about DDD, Docker, Kubernetes and how established open-source projects in the integration space fits a microservices architecture
"It’s open source. It’s highly opinionated.
Build greenfield microservices and decompose your Java EE monolith like a boss."
Lightbend (formerly Typesafe) has come up with their own framework, Lagom, for architecting microservices based systems. With Lagom, Lightbend wants to take up the competition with the Spring Cloud stack.
Lagom is built upon Akka and Play and focuses on reactive and message-driven APIs, distributed persistence with Event Sourcing and CQRS and high developer productivity. On the 10th of March a first MVP version has been released with a Java API, the Scala API is being worked on.
This workshop acts as an introduction to Lagom during which we will have a look at developing and deploying Lagom microservices.
As a warm-up, you could check out the newest blogpost on the JWorks Tech Blog: https://ordina-jworks.github.io/microservices/2016/04/22/Lagom-First-Impressions-and-Initial-Comparison-to-Spring-Cloud.html.
Github repo with presentation: https://github.com/yannickdeturck/lagom-shop
Blogpost Lagom: First Impressions and Initial Comparison to Spring Cloud: https://ordina-jworks.github.io/microservices/2016/04/22/Lagom-First-Impressions-and-Initial-Comparison-to-Spring-Cloud.html
Podcast Lightbend Podcast Ep. 09: Andreas Evers test drives Lagom in comparison with Spring Cloud: https://www.lightbend.com/blog/lightbend-podcast-ep-09-andreas-evers-test-drives-lagom-in-comparison-with-spring-cloud
ARCHITECTING LARGE ENTERPRISE JAVA PROJECTS - vJUGMarkus Eisele
Slides for my vJUG session:
http://www.meetup.com/virtualJUG/events/221218531/
In the past I've been building component oriented applications with what I had at hand. Mostly driven by the features available in the Java EE standard to be "portable" and easy to use. Looking back this has been a perfect fit for many customers and applications. With an increasing demand for highly integrated applications which use already available services and processes from all over the place (departmental, central or even cloud services) this approach starts to feel more and more outdated. And this feel does not come from a technology perspective but from all the requirements around it. Having this in mind this post is the starting point of a series of how-to's and short tutorials which aim to showcase some more diverse ways of building (Java EE) applications that fit better into today's requirements and landscapes.
Java EE microservices architecture - evolving the monolithMarkus Eisele
With the ascent of DevOps, microservices, containers, and cloud-based development platforms, the gap between state-of-the-art solutions and the technology that enterprises typically support has greatly increased. But some enterprises are now looking to bridge that gap by building microservices-based architectures on top of Java EE.
In this webcast, Red Hat Developer Advocate Markus Eisele explores the possibilities for enterprises that want to move ahead with this architecture. However, the issue is complex: Java EE wasn't built with the distributed application approach in mind, but rather as one monolithic server runtime or cluster hosting many different applications. If you're part of an enterprise development team investigating the use of microservices with Java EE, this webcast will guide you to answers for getting started.
The goal of MicroProfile is to optimise Java EE for a micro-service architecture. It is based on some of the Java EE specifications and standardise a few technologies from the micro-services space.
However, some of the MicroProfile implementations are completely different 'servers', like the KumuluzEE server. So how can you migrate easily from your favorite Java EE server to a MicroProfile implementation?
This session shows you an overview of what MicroProfile.IO is and how it relates to Java EE. It then demonstrates with a few examples how you can adjust your Java EE application to incorporate some of the MicroProfile.IO specifications and how you can transform your Java EE application to a MicroProfile.IO one using Thorntail, Payara Micro, and KumuluzEE.
10 yrs ago, SOA promised a lot of the same things Microservices promise use today. So where did we go wrong? What makes microservices different? In this talk, we discussed from an architectural view how we went sideways with SOA, why we must embrace things like Domain Driven Design and scaled-out architectures, and how microservices can be built with enterprises in mind. We also cover a step-by-step, in-depth tutorial that covers these concepts.
Highlights the services in Azure that provide microservices, including App Service, Logic Apps, Functions, Azure SQL Database, Service Bus, containers, Traffic Manager, etc.
The 6 Rules for Modernizing Your Legacy Java Monolith with MicroservicesLightbend
We change a monolithic system only when we have no other choice. Traditional enterprise systems are tightly-coupled; all-in-one, all-or-nothing, difficult to scale, difficult to understand and difficult to maintain.
Rather than swiftly capture opportunity, we ponder if it’s really worth it—is it worth upsetting the delicate balance of the house of cards we call our enterprise system? Often the opportunity quickly disappears, captured by a faster company. Some people have started calling this “Getting Ubered”.
So what can you do about it? Talking about Microservices is one thing, but how can your organization start taking action to address this issue?
In this webinar by battle-hardened Enterprise Advocate, Kevin Webber, we walk through the 6 key concepts to understand as a guide for taking action:
1. Domain Driven Design (DDD)
2. Asynchronous messaging
3. API management
4. Dependency management
5. CQRS & event sourcing
6. Transactions & ordering
Reactive Platform has what you need to breath new life into your legacy system with a new Microservices-based approach.
Fundamental and Practice.
Explain about microservices characters and pattern. And also how to be good build microservices. And also additional the scale cube and CAP theory.
Reactive Streams 1.0.0 is now live, and so are our implementations in Akka Streams 1.0 and Slick 3.0.
Reactive Streams is an engineering collaboration between heavy hitters in the area of streaming data on the JVM. With the Reactive Streams Special Interest Group, we set out to standardize a common ground for achieving statically-typed, high-performance, low latency, asynchronous streams of data with built-in non-blocking back pressure—with the goal of creating a vibrant ecosystem of interoperating implementations, and with a vision of one day making it into a future version of Java.
Akka (recent winner of “Most Innovative Open Source Tech in 2015”) is a toolkit for building message-driven applications. With Akka Streams 1.0, Akka has incorporated a graphical DSL for composing data streams, an execution model that decouples the stream’s staged computation—it’s “blueprint”—from its execution (allowing for actor-based, single-threaded and fully distributed and clustered execution), type safe stream composition, an implementation of the Reactive Streaming specification that enables back-pressure, and more than 20 predefined stream “processing stages” that provide common streaming transformations that developers can tap into (for splitting streams, transforming streams, merging streams, and more).
Slick is a relational database query and access library for Scala that enables loose-coupling, minimal configuration requirements and abstraction of the complexities of connecting with relational databases. With Slick 3.0, Slick now supports the Reactive Streams API for providing asynchronous stream processing with non-blocking back-pressure. Slick 3.0 also allows elegant mapping across multiple data types, static verification and type inference for embedded SQL statements, compile-time error discovery, and JDBC support for interoperability with all existing drivers.
With the rise of micro-services, REST communication is more popular than ever. But the communication between the different parts must also be performed in a secure way.
First, we need to know if the user or system is allowed to call the JAX-RS endpoint. For this authentication part, self-contained tokens are the best option to not overload any of our services in the system. JWT which contains the authentication but also can contain the authorization info is ideal for this use-case.
And secondly, we need guarantees that the message isn't altered, that we can have message integrity. For that part, we can use signatures as specified in the HTTP signature draft specification.
Hello All,
Let's meet and discuss what are the new announcements from Build 2016 and how we can best leverage them in our business!
Here are some of the topics we will cover this time:
- Azure Functions
- Service Fabric
- Azure Storage
- Document DB
- Azure Container Services
- Power BI Embedded
- ASP.NET Core
- Virtual Machine Scale Sets
I will be happy to share my experience from the conference, especially the session I visited and also the conversations I had with various Microsoft representatives.
Azure is developing faster than ever and Microsoft is driving the platform in very interesting direction that require us to know and work with more and more new technologies!
Come and join us to learn more about Azure!
I am arranging the venue but my plan for the meetup is to be on April 25-th or April 27-th from 19:30. I will keep you updated on that!
Thank you!
Kanio
MVC 6 - the new unified Web programming modelAlex Thissen
Presentation for Dutch Microsoft TechDays 2015:
With ASP.NET 5 comes MVC 6 with a programming model that unifies Web Pages, MVC and Web API. Each of these has been rebuilt to reflect Microsoft's vision of lean and composable web applications. In this session you will see the changes that have been made to the programming model. We will cover topics such as the new POCO controllers, View Components, dependency injection and much more. Plus, you are going to see the significant changes to the ASP.NET runtime on which MVC 6 is built.
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Lucas Jellema
Microservices are independent, encapsulated entities that produce meaningful results and business functionality in tentative collaboration. Events and pub/sub are great for allowing such decoupled interaction. Using Apache Kafka as robust, distributed, real-time, high volume event bus, this session demonstrates how microservices implemented in Java, Node, Python and SQL collaborate unknowingly. The microservices respond to social (media) events - courtesy of IFTTT - and publish results to multiple channels. The event bus operates across cloud services and on premises platforms: both the bus and the microservices can run anywhere.
Microservices with Apache Camel, DDD, and KubernetesChristian Posta
Building microservices requires more than just infrastructure, but infrastructure does have a role. In this talk we look at microservices from an enterprise perspective and talk about DDD, Docker, Kubernetes and how established open-source projects in the integration space fits a microservices architecture
"It’s open source. It’s highly opinionated.
Build greenfield microservices and decompose your Java EE monolith like a boss."
Lightbend (formerly Typesafe) has come up with their own framework, Lagom, for architecting microservices based systems. With Lagom, Lightbend wants to take up the competition with the Spring Cloud stack.
Lagom is built upon Akka and Play and focuses on reactive and message-driven APIs, distributed persistence with Event Sourcing and CQRS and high developer productivity. On the 10th of March a first MVP version has been released with a Java API, the Scala API is being worked on.
This workshop acts as an introduction to Lagom during which we will have a look at developing and deploying Lagom microservices.
As a warm-up, you could check out the newest blogpost on the JWorks Tech Blog: https://ordina-jworks.github.io/microservices/2016/04/22/Lagom-First-Impressions-and-Initial-Comparison-to-Spring-Cloud.html.
Github repo with presentation: https://github.com/yannickdeturck/lagom-shop
Blogpost Lagom: First Impressions and Initial Comparison to Spring Cloud: https://ordina-jworks.github.io/microservices/2016/04/22/Lagom-First-Impressions-and-Initial-Comparison-to-Spring-Cloud.html
Podcast Lightbend Podcast Ep. 09: Andreas Evers test drives Lagom in comparison with Spring Cloud: https://www.lightbend.com/blog/lightbend-podcast-ep-09-andreas-evers-test-drives-lagom-in-comparison-with-spring-cloud
ARCHITECTING LARGE ENTERPRISE JAVA PROJECTS - vJUGMarkus Eisele
Slides for my vJUG session:
http://www.meetup.com/virtualJUG/events/221218531/
In the past I've been building component oriented applications with what I had at hand. Mostly driven by the features available in the Java EE standard to be "portable" and easy to use. Looking back this has been a perfect fit for many customers and applications. With an increasing demand for highly integrated applications which use already available services and processes from all over the place (departmental, central or even cloud services) this approach starts to feel more and more outdated. And this feel does not come from a technology perspective but from all the requirements around it. Having this in mind this post is the starting point of a series of how-to's and short tutorials which aim to showcase some more diverse ways of building (Java EE) applications that fit better into today's requirements and landscapes.
Java EE microservices architecture - evolving the monolithMarkus Eisele
With the ascent of DevOps, microservices, containers, and cloud-based development platforms, the gap between state-of-the-art solutions and the technology that enterprises typically support has greatly increased. But some enterprises are now looking to bridge that gap by building microservices-based architectures on top of Java EE.
In this webcast, Red Hat Developer Advocate Markus Eisele explores the possibilities for enterprises that want to move ahead with this architecture. However, the issue is complex: Java EE wasn't built with the distributed application approach in mind, but rather as one monolithic server runtime or cluster hosting many different applications. If you're part of an enterprise development team investigating the use of microservices with Java EE, this webcast will guide you to answers for getting started.
Nine Neins - where Java EE will never take youMarkus Eisele
Virtual JUG Session: http://www.meetup.com/virtualJUG/events/232052100/
With Microservices taking the software industry by storm, classical Enterprises are forced to re-think what they’ve been doing for almost a decade. It’s not the first time, that technology shocked the well-oiled machine to it’s core. We’ve seen software design paradigms changing over time and also project management methodologies evolving. Old hands might see this as another wave that will gently find it’s way to the shore of daily business. But this time it looks like the influence is bigger than anything we’ve seen before. And the interesting part is, that microservices aren’t new from the core. Talking about compartmentalization and introducing modules belongs to the core skills of architects. Our industry also learned about how to couple services and build them around organizational capabilities.
The really new part in microservices based architectures is the way how truly independent services are distributed and connected back together. Building an individual service is easy with all technologies. Building a system out of many is the real challenge because it introduces us to the problem space of distributed systems. And the difference to classical, centralized infrastructures couldn’t be bigger. There are very little concepts from the old world which still fit into a modern architecture.
And there are more differences between Java EE and distributed and reactive systems. For example, APIs are inherently synchronous, so most Java EE app servers have to scale by adding thread pools as so many things are blocking on I/O (remote JDBC calls, JTA calls, JNDI look ups, even JMS has a lot of synchronous parts). As we know adding thread pools doesn't get you too far in terms of scalability.
This talk is going to explore the nine most important differences between classical middleware and distributed, reactive microservices architectures and explains in which cases the distributed approach takes you, where Java EE never would.
Wild Flies and a Camel Java EE Integration StoriesMarkus Eisele
Apache Camel is one of the most complete integration frameworks out there. With more than 150 components and a large community it clearly has it's fans. Deploying the lightweight core is easy. Getting into modules and even more components makes this challenging. There are different approaches to ride that Camel. How to get the most out of it with Java EE and WildFly is exactly the topic of this session. It will introduce you to both Java EE 7 and Apache Camel in a very brief way and follows up with the different integration and deployment scenarios along with introducing the tools which help you the most on the way to your integration solution.
We're all aware of cloud computing and the operational ability to
easily create, configure and manage instances in an IaaS environment.
But many of us are not Unix system admins and just want to focus
on developing and deploying our Java applications. RedHat OpenShift
(which is of course open source) is a developer-friendly PaaS that offers
auto-scalability and reliability as native features. So if you are
tired of configuring and administering servers, come see how OpenShift
PaaS can make you a happier and more productive Java EE software
engineer. Learn about the base platform, how to use existing
developer frameworks (cartridges) and how to integrate them into
your development life cycle. And learn about the exciting Docker and Kubernetes
plans for OpenShift v3.
Architecting for failure - Why are distributed systems hard?Markus Eisele
Devnexus 2017
As we architect our systems for greater demands, scale, uptime, and performance, the hardest thing to control becomes the environment in which we deploy and the subtle but crucial interactions between complicated systems. And microservices obviously are the way to go forward with those complicated systems. But what makes it so hard to build them? And why should you embrace failure instead of doing what we can do best: Preventing failure. This talk introduces you to the problem domain of a distributed system which consists of a couple of microservices. It shows how to build, deploy and orchestrate the chaos and introduces you to a couple of patterns to prevent and compensate failure.
How to avoid top 10 security risks in Java EE applications and how to avoid themMasoud Kalali
If you want to learn what are the top ten security risks that a software engineer requires to pay attention to and you want to know how to address them in your Java EE software, this session is for you. The Open Web Application Security Project (OWASP) publishes the top 10 security risks and concerns of software development periodically and the new list is published in 2013.
Developers can use Java EE provided features and functionalities to address or mitigate these risks. This presentation covers how to spot these risks in the code, how to avoid them, what are the best practices around each one of them. During the session, when application server or configuration is involved GlassFish is discussed as one of the Java EE 7 App server.
Real-Time Integration Between MongoDB and SQL DatabasesEugene Dvorkin
Many companies have huge investment in Data Warehouse and BI tools and want to leverage those investments to process data collected by applications in MongoDB. For example, a company may need to blend clickstream data collected by distributed MongoDB data storage with personal data from Oracle into the Data Warehouse system or Analytics platform to provide timely marketing reports. Most of the time the job requires converting a MongoDB JSON document structure into a traditional relational model. Traditional ETL (Extract Transform Load) process still needed to be developed for loading and conversion of unstructured data into traditional analytical tools or Hadoop. In this talk we discuss how to develop a real-time, scalable, fault-tolerant ETL process to integrate MongoDB with traditional RDBMS storage using the open-sourced Twitter Storm project. We will be capturing data streamed by MongoDB oplog or capped collections, transforming it into tables, rows and columns and loading it into a SQL database. We will discuss mongoDB oplog and Storm architecture. The principles discussed in the talk can be used for many other applications - like advanced analytics, continuous computations and so on. We will be using Java as our language of choice but you can use the same software stack with any language.
Real-World RESTful Service Development Problems and SolutionsMasoud Kalali
This session covers some of the best practices and lessons learned and takes a deep dive into designing RESTful services.
It discusses a variety of topics, from validation and exception handling to tracing, caching, security, rate limiting, and other RESTful services topics.
The presentation is suitable for anyone from novices to advanced programmers.
Real world RESTful service development problems and solutionsMasoud Kalali
This session is a deep dive as well as an interactive discussion on design principles, considerations, lessons learned from mistakes that can be taken into account when developing RESTful services. It will cover a variety of topics from Designing of RESTful resources, Versioning,Exception Handling, Caching, Validation, Security, Rate limiting, HATEOAS, Testing and Documentation. This talk will walk through and compare the different REST API provided by companies like Twitter, Paypal, Google, Stripe and more we can learn the good, the bad and ugly. So join me in this talk to build high quality applications that can be highly scalable, available and reliable. Summary: Learn all you ever wanted to learn about RESTful services development challenges in large scale applications Outline: This session is a deep dive as well as an interactive discussion on design principles, considerations, lessons learned from mistakes that can be taken into account when developing RESTful services. It will cover a variety of topics from Designing of RESTful resources, Versioning, Exception Handling, Caching, Validation, Security, Rate limiting, HATEOAS, Testing and Documentation. This talk will walk through and compare the different REST API provided by companies like Twitter, Paypal, Google, Stripe and more we can learn the good, the bad and ugly. So join me in this talk to build high quality applications that can be highly scalable, available and reliable.
Architecting Large Enterprise Java ProjectsMarkus Eisele
In the past I've been building component oriented applications with what I had at hand. Mostly driven by the features available in the Java EE standard to be "portable" and easy to use. Looking back this has been a perfect fit for many customers and applications. With an increasing demand for highly integrated applications which use already available services and processes from all over the place (departmental, central or even cloud services) this approach starts to feel more and more outdated. And this feel does not come from a technology perspective but from all the requirements around it. Having this in mind this post is the starting point of a series of how-to's and short tutorials which aim to showcase some more diverse ways of building (Java EE) applications that fit better into today's requirements and landscapes.
Architecting Large Enterprise Java ProjectsMarkus Eisele
In the past I've been building component oriented applications with what I had at hand. Mostly driven by the features available in the Java EE standard to be "portable" and easy to use. Looking back this has been a perfect fit for many customers and applications. With an increasing demand for highly integrated applications which use already available services and processes from all over the place (departmental, central or even cloud services) this approach starts to feel more and more outdated. And this feel does not come from a technology perspective but from all the requirements around it. Having this in mind this post is the starting point of a series of how-to's and short tutorials which aim to showcase some more diverse ways of building (Enterprise Java) applications that fit better into today's requirements and landscapes.
Discuss four pillars of azure architecture - Security, Performance & scalability, Availability & recoverability and Efficiency & Operation. Things you need to consider before architecting in the cloud. This presentation also provides a framework for architectural decisions
Enterprise Node - Securing Your EnvironmentKurtis Kemple
Just like any other language, Node is susceptible to vulnerabilities, dependency issues, and other problems that can bring down or prevent you from releasing new versions of your application.
Learn how to safe-guard your environment with things like private registries and vulnerability testing during your CI build in this one-hour lightning talk.
=================================
TOPICS COVERED:
Why is Securing Your Environment Important
• Protects Your Company from Potential Threats
• Improves Confidence in Code and Systems
• Helps You Meet Legal and Organization Restrictions
Securing Your Runtime
• N|Solid - Enterprise Runtime
• Containerization
• Monitoring
Securing Your Dependencies
• Whitelisting Modules
• NSP
Securing Your Applications
• HTTPS ALL THE THINGS
• Encrypt Sensitive Data
=================================
A case study on deploying Oracle WebCenter as a cloud app on Oracle Exalogic engineered systems. Some of the challenges, compromises required, and benefits gained running these applications on shared hardware.
With IoT being the buzz and all operating systems being integrated with central network and intruder in that can create major devastations than an IT system. For example, if someone can intrude into an electric utility network and operate on "SCADA" and entire network going down can be a bizarre or just assume the control system configured for addressing backup mechanism being turn down can result in blackouts.
Preventing Such havocs is what security framework should look into.
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
DevSum - Top Azure security fails and how to avoid themKarl Ots
As presented at the DevSum19 conference in Stockholm, Sweden.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
Everything you need to know about creating, managing and debugging Java applications on IBM Bluemix. This presentation covers the features the IBM WebSphere Application Server Liberty Buildpack provides to make Java development on the cloud easier. It also covers the Eclipse tooling support including remote debugging, incremental update, etc.
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
Security considerations for data isolation
• Achieving granular level of access control
• Dealing with the top web security threats
• Empowering your application with Auditing / analytics capability
Cloud, SaaS, Multi-tenant, Multi-tenancy, Application Platform, SaaS Framework, Multi-tenant framework, .NET,Cloud Application Development Framework,SaaS Application Development Framework,Application Development Framework, SaaS Tenant
As organizations shift control of their infrastructure and data to the cloud, it is critical that they rethink their application security efforts. This can be accomplished by ensuring applications are designed to take advantage of built-in cloud security controls and configured properly in deployment.
Attend this webcast to gain insight into the security nuances of the cloud platform and risk mitigation techniques. Topics include:
• Common cloud threats and vulnerabilities
• Exposing data with insufficient Authorization and Authentication
• The danger of relying on untrusted components
• Distributed Denial of Service (DDoS) and other application attacks
• Securing APIs and other defensive measures
Sustainable Software Architecture - Open Tour DACH '22Markus Eisele
Rolling into summer in Europe, still recovering from the last two years another global thread pops back into people's minds. Extreme heat waves followed by severe weather phenomena remind all of us that climate change is a reality. As a father of two wonderful children that hopefully live beyond 2090, I was wondering what impact software architecture has on global warming and climate change and how I can build better and more sustainable solutions. This presentation and demo will provide you with tools, best practices and metrics (executives love numbers and dashboards) to prove the investment in Containers, OpenShift and a DevOps approach has a tangible return.
As presented at https://www.redhat.com/en/events/open-tour-geneva-2022
Quarkus is the new and shiny Kubernetes native framework that promises to solve everything you ever wanted. But what is the truth out there? How do some real-world scenarios look like and what is it really used for?
What happens when unicorns drink coffeeMarkus Eisele
Your ultimate guide to modern applications. What happened to our lovely three-tier systems and why is enterprise software development becoming increasingly complicated? Walk away with new inspirations on what to focus on in the next months and how to stay happy in all this madness.
Keynote: jlove Conference 2020
Stateful on Stateless - The Future of Applications in the CloudMarkus Eisele
Most developers building applications on top of Kubernetes are still mainly relying on stateless protocols and design. The problem is that focusing exclusively on a stateless design ignores the hardest part in distributed systems: managing state—your data.
The challenge is not designing and implementing the services themselves, but managing the space in between the services: data consistency guarantees, reliable communication, data replication and failover, component failure detection and recovery, sharding, routing, consensus algorithms and so on.
Kubernetes and Akka work well together since each being responsible for a different layer and function in the application stack. Kubernetes allows for coarse-grained container-level management of resilience and scalability. Akka allows for fine-grained entity-level management of resilience and scalability. This talk demonstrates how the two play together to deliver the future of stateful applications in the cloud.
Java in the age of containers - JUG Frankfurt/MMarkus Eisele
31.07.2019 Java in the Age of Containers and Serverless
https://sites.google.com/site/jugffm/home/31-07-2019-java-in-the-age-of-containers-and-serverless
Java in the Age of Containers and ServerlessMarkus Eisele
Java in 2019 was predicted to be business as usual by many. We have seen new Java releases coming out as planned, AdoptOpenJDK became the main trustful source of binaries and Oracle fighting for the trademark again by preventing the use of javax as namespace.
Everything looks like it would be a silent year for Java. But one thing seems also obvious. Java's popularity is not gaining any more traction. New language features keep it up to date but people are getting more selective when it comes to implementation choices. Especially in the age of containers and cloud infrastructures. How will Java continue to fit in? What are the advantages and what needs to be done?
As given 6/20/19 https://skillsmatter.com/meetups/12248-keynote-by-markus-eisele-on-java-in-the-age-of-containers-and-serverless#overview
Migrating from Java EE to cloud-native Reactive systemsMarkus Eisele
A lot of businesses that never before considered themselves as “technology companies” are now faced with digital modernization imperatives that force them to rethink their application and infrastructure architecture. On the path to becoming a digital, on-demand provider, development speed is the ultimate competitive advantage.
https://info.lightbend.com/webinar-java-ee-to-cloud-modernization-register.html
The world is moving from a model where data sits at rest, waiting for people to make requests of it, to where data is constantly moving and streams of data flow to and from devices with or without human interaction. Decisions need to be made based on these streams of data in real-time, models need to be updated, and intelligence needs to be gathered. In this context, our old-fashioned approach of CRUD REST APIs serving CRUD database calls just doesn't cut it. It's time we moved to a stream-centric view of the world.
https://jonthebeach.com/speakers/71/Markus+Eisele
Cloud wars - A LavaOne discussion in seven slidesMarkus Eisele
We had a great session titled "Cloud Wars" proposed and lead by Melissa McKay (@melissajmckay). I've introduced the pizza cloud model and some other thoughts around clouds that I found the time to put into some very few slides.
We talked about a lot more which did not make it into this. But it's a start :)
The world is moving from a model where data sits at rest, waiting for people to make requests of it, to where data is constantly moving, streams of data flow to and from devices with or without human interaction. Decisions need to be made based on these streams of data in real time, models need to be updated, intelligence needs to be learned. And our old-fashioned approach of CRUD REST APIs serving CRUD database calls just doesn't cut it, it's trying to fit a square peg into a round hole. It's time we moved to a stream-centric view of the world.
This talk will look at how Reactive Streams is shaping the future of Jakarta EE. I'll talk about some Reactive Streams based specifications that we're currently working on in the JDK, MicroProfile and Jakarta EE communities, as well as some potential big ideas to transform the way developers write their applications, such as event sourcing and CQRS, that Jakarta EE will likely adopt in future. We'll take a look at a hypothetical future Jakarta EE, at what a typical service will look like when streaming is embraced, and get a glimpse of how Jakarta EE can lead the world in standards for Reactive systems.
Reactive Integrations - Caveats and bumps in the road explained Markus Eisele
Understand the different approaches to integrate fast data and streams based frameworks into your legacy applications and learn about the advantages, disadvantages, caveats, and bumps in the road.
Stay productive while slicing up the monolithMarkus Eisele
Microservices-based architectures are in vogue. Over the last couple of years, we have learned how thought leaders implement them, and it seems like every other week we hear about how containers and platform-as-a-service offerings make them ultimately happen.
Tech Talent Night Copenhagen 11/22/17
https://greenticket.dk/techtalentnightcph
Stay productive while slicing up the monolith Markus Eisele
DevNexus 2017
Microservices-based architectures are en-vogue. The last couple of
years we have learned how the thought-leaders implement them, and
every other week we have heard about how containers and
Platform-as-a-Service offerings make them ultimately happen.
The problem is that the developers are almost forgotten and left alone
with provisioning and continuous delivery systems, containers and
resource schedulers, and frameworks and patterns to help slice
existing monoliths. How can we get back in control and efficiently
develop them without having to provision complete production-like
environments locally, by hand?
All the new buzzwords, frameworks, and hyped tools have made us forget
ourselves—Java developers–and what it means to be productive and have
fun building systems. The problem that we set out to solve is: how can
we run real-world Microservices-based systems on our local development
machines, managing provisioning, and orchestration of potentially
hundreds of services directly from a single command line tool, without
sacrificing productivity enablers like hot code reloading and instant
turnaround time?
During this talk, you’ll experience first-hand how much fun it can be
to develop large-scale Microservices-based systems. You will learn a
lot about what it takes to fail fast and recover and truly understand
the power of a fully integrated Microservices development environment.
CQRS and Event Sourcing for Java DevelopersMarkus Eisele
As presented at CJUG. Recording will be up here: http://www.meetup.com/ChicagoJUG/events/231837105/
As soon as an application becomes even moderately complex, CQRS and an Event Sourced architecture start making a lot of sense. The talk is focused on: - the challenges and tactics of separating the write model from the query model in a complex domain - how commands naturally lead to events and to an event based system, and - how events get projected into useful, eventually consistent views. Event Sourcing is one of those things that you really need to push through at the beginning (much like TDD) and that - once understood and internalized, will change the way you architect a system. This talk introduces you to the basic concepts and problem spaces to solve.
10 Golden Social Media Rules for Developer Relations ManagerMarkus Eisele
Social media is great. Being in contact with people from all over the world and being able to help your community from everywhere is nothing short but amazing. Yet, there are a few things to keep in mind to use these tools to their full extend without failing. This session introduces you to some very basic communication skills and walks you through the 10 golden rules in social media.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
5. Markus Eisele aka @myfear5
HOLISTIC SECURITY
To build a secure Java EE application, a holistic
approach to application security is required and security
must be applied at all layers and services.
Network
Host
Application
Platform Services (JVM, Application Server)
Operating System
Infrastructure
Software
Application
Landscape
Enterprise-
Services
Business
IT-Security-Architecture
6. Secure applications rely on secure networks
Markus Eisele aka @myfear6
SECURE NETWORKS
Things to look out for:
• Router
• Firewall
• Switch
• Protocols
• Ports
• Firmware
• Standard passwords
7. Repeat for all of them: including database, message broker, httpd-server
and all the others.
Markus Eisele aka @myfear7
SECURE HOSTS / OPERATING SYSTEMS
Things to look out for:
• Shared Volumes
• Running Services
• Accounts (user and service)
• Auditing and Logging
• Files and directories
• Patches and updates
8. All pre-installed runtimes, like the JVM/JDK, Application server, etc.
Markus Eisele aka @myfear8
PLATFORM SERVICES
Things to look out for:
• Policy Files
• File Access Rights
• Default Passwords
• Admin Console
9. Security relies on the following components
WHAT IS APPLICATION SECURITY?
Availability
Integrity
Confidentiality
Auditing
Authorization
Authentication
Markus Eisele aka @myfear9
10. A thread is a potential event that may affect your system. An attack
exploits a vulnerability in your system.
Markus Eisele aka @myfear10
THREATS, VULNERABILITIES, AND
ATTACKS
How do you decide if an application is secure?
Application +
Infrastructure
exposes Vulnerability exploits Attack
11. Markus Eisele aka @myfear11
NO SECURITY WITHOUT THREATS
It is not possible to design and build a secure Web application until you
know your threats.
Thread modelling in the design phase:
• To be
protected
• CC,
Address,
etc.
Data Goal of an
attackThreat
• Potential
damage
• $ or
image
Rate
13. Some basic categories mapped down from the security components
Markus Eisele aka @myfear13
APPLICATION VULNERABILITY
CATEGORIES
• Input Validation
• Authentication
• Authorization
• Configuration Management
• Sensitive Data
• Session Management
• Data Encryption
• Parameter Manipulation
• Exception Handling
• Auditing and Logging
• Timestamping
• Role Based Access Control
• Execution Sandboxing
• Process Separation
14. Best Practices for designing secure applications.
Markus Eisele aka @myfear14
CORE SECURITY PRINCIPLES
• Compartmentalize
• Use least privilege
• Apply defense in depth
• Do not trust user input
• Check at the gate
• Fail securely
• Secure the weakest link
• Create secure defaults
• Reduce your attack surface
THINGS TO KEEP IN MIND FOR YOUR
SYSTEM DESIGN
15. AND HOW MUCH OF THAT CAN
YOU DO WITH JAVA EE?
15
16. Basic, Form, Digest, Client, Mutual
Markus Eisele aka @myfear16
AUTHENTICATION
The means by which communicating entities, such as client and server,
prove to each other that they are acting on behalf of specific identities that
are authorized for access. This ensures that users are who they say they
are.
• Configuration via deployment descriptor
• Application roles mapping into server groups
• Most servers provide standard login modules (DB, LDAP, Client-Cert, Filesystem)
• Additional resources (Keystores, LDAP, DB)
• Custom Authentication Logic via:
• JASPIC
• JAAS
• Server Specific Features (Realms)
17. The missing pieces
Markus Eisele aka @myfear17
AUTHENTICATION
Well known and broadly used and still missing in Java EE
• Two Factor Auth Support (Custom Token, Hardware Token, Soft-Token)
• Social Login (Facebook, Twitter, GitHub)
• User Registration / Self Service
• Easy Customizing for custom login pages
• OAuth support
• Policies (Password / Revocation)
18. Option: Custom implementation (e.g. OAuth w/ programmatic security)
Markus Eisele aka @myfear18
AUTHENTICATION
https://oneminutedistraction.wordpress.com/2014/04/29/using-oauth-for-your-javaee-login/
Browser Java EE Server OAuth
Login Button
Redirect Login Page
Submit Credentials
Redirect Callback URL
Redirect Callback
Get access_token
Get User Data
19. DISADVANTAGESADVANTAGES
Custom Implementation
Markus Eisele aka @myfear19
AUTHENTICATION
• Minimal – Meet Needs
• Fast Implementation
• Tied to one provider
• Hard to extend
• Hard to test
• Potential implementation mistakes
expose vulnerabilities
• JAAS/JASPIC hard to understand
• Easy to be accidentally tied to a
specific server
• Not “microservices-ready”
20. Option: Identity Broker – e.g. Keycloak
Markus Eisele aka @myfear20
AUTHENTICATION
http://keycloak.jboss.org/docs
21. DISADVANTAGESADVANTAGES
Identity Broker
Markus Eisele aka @myfear21
AUTHENTICATION
• Flexible
• Configurable and extendable
• Runtime Changes
• Many Identity Providers
• Additional Features
(Government/Policies)
• Ready for microservices
(downstream propagation)
• Separate System - Complexity
• Takes User/Roles management
out of the Java EE Server
22. Or Access Control
Markus Eisele aka @myfear22
AUTHORIZATION
The means by which interactions with resources are limited to collections
of users or programs for the purpose of enforcing integrity, confidentiality,
or availability constraints. This ensures that users have permission to
perform operations or access data.
• Configuration via deployment descriptor or Annotations (@RolesAllowed)
• Custom Authorization Logic via:
• Programmatic Security +
• CDI / Aspects +
• Caching
• JACC
23. The missing pieces
Markus Eisele aka @myfear23
AUTHORIZATION
Well known and broadly used and still missing in Java EE
• Fine Grained Access Control (technical or business)
• Data Protection Model through different specifications (e.g. data access per
user/tenant)
• Coherent AccessException Model
24. Option: Custom Implementation
Markus Eisele aka @myfear24
AUTHORIZATION
Use a mixture of standard authorization mechanisms (Principal) and add a
custom user object which get‘s enriched with Permissions.
• Authentication via form-based or other method
• Creating an application User per Principal
• Resolving custom rights per user (Datastore, In-Memory DB)
• Implementing Around Invoke Aspects (@AllowedTo(Permission.WRITE)
http://kenai.com/projects/javaee-patterns/sources/hg/show/javaee-security
25. DISADVANTAGESADVANTAGES
Custom Implementation
Markus Eisele aka @myfear25
AUTHORIZATION
• Native to the Java EE programmer
• Simple, Customizable at
development time
• Assignable per application
• Potential implementation mistakes
expose vulnerabilities
• Common Code tied into all
modules
• Complex permission matrices need
to be extensively cached
• Cache invalidation
• No runtime changes to permissions
26. Option: JACC (Java Authorization Contract for Containers)
Markus Eisele aka @myfear26
AUTHORIZATION
It “defines a contract between a Java EE application server and an
authorization policy provider" and which "defines java.security.Permission
classes that satisfy the Java EE authorization model”
Implement:
• A factory that provides an object that collects permissions
• A state machine that controls the life-cyle of this permission collector
• Linking permissions of multiple modules and utilities
• Collecting and managing permissions
• Processing permissions after collecting
• An "authorization module" using permissions for authorization decisions
http://arjan-tijms.omnifaces.org/2015/03/java-ee-authorization-jacc-revisited.html
27. DISADVANTAGESADVANTAGES
JACC (Java Authorization Contract for Containers)
Markus Eisele aka @myfear27
AUTHORIZATION
• Integrated with the Java EE
container
• Part of the standard
• As secure as it can get
• C.O.M.P.L.E.X.I.T.Y
• Amount of classes
• APIs
• Verbose
• Not truly portable
• Application Server Wide
28. Logging which security relevant changes happen.
Markus Eisele aka @myfear28
AUDITING
An audit trail (also called audit log) is a security-relevant chronological
record, set of records, and/or destination and source of records that
provide documentary evidence of the sequence of activities that have
affected at any time a specific operation, procedure, or event.
• There‘s nothing here in Java EE
Options:
• Custom Implementations
• Logger Implementations
• Data centered approaches (JPA / Database)
• Server specific implementations
29. Option: Custom Implementation
Markus Eisele aka @myfear29
AUDITING
A transactional application often requires to audit the persistent entities.
Sometimes you have to be able to track down changes and build up a
history of changes. Or you’re requirement to have a long term rollback or
need to archive in accordance with legal audit requirements.
• Aspects in the widest sense (EJB, CDI)
• @AroundInvoke captures relevant events on the service layer
• Events should be persisted asynchronously
• Ideally includes user information, date time and event type
http://blog.eisele.net/2011/01/five-ways-to-know-how-your-data-looked.html
30. DISADVANTAGESADVANTAGES
Custom Implementation
Markus Eisele aka @myfear30
AUDITING
• Suitable for business activity
auditing
• Simple to implement with a small
set of activities.
• Maybe used to also track
performance of service calls
• No rollback or data centered
auditing
• Doesn’t include security relevant
audits (aspects don’t work in login-
modules or realms
• May be “forgotten”
• Performance critical
• No UI to generate an audit trail
31. Option: Logger Implementation (e.g. Log4j)
Markus Eisele aka @myfear31
AUDITING
Some logging frameworks were specifically designed to support audit
features. One among them is Log4j. Others with more respect to legal audit
requirements also do exist.
• Use Log4j‘s audit logging features
• Populate ThreadContext Map with basic data like: user-id, remote-IP
address, application-name, application-version, etc.
• Create a StructuredDataMessage for every event
• EventLogger.logEvent(msg)
• Select an appropriate provider (Syslog, JMS, JDBC, Flume, etc.)
• Combine with aspects and automatically constructed DataMessages for broad
coverage on services.
32. DISADVANTAGESADVANTAGES
Logger Implementation
Markus Eisele aka @myfear32
AUDITING
• Native for Java EE developers
• Easy to use as “logging”
• Will work in security relevant
classes
• Guaranteed delivery ?
• Performance overhead with
growing events
33. Option: JPA Centered Approaches (Hibernate ORM Envers)
Markus Eisele aka @myfear33
AUDITING
The Envers module aims to enable easy auditing/versioning of persistent
classes. All that you have to do is annotate your persistent class or some of
its properties, that you want to audit, with @Audited.
Just add @Audited to your entities
• auditing of all mappings defined by the JPA specification
• auditing of some Hibernate mappings, which extend JPA, like custom types and
collections/maps of "simple" types (Strings, Integers, etc.) (see here for one
exception)
• logging data for each revision using a "revision entity"
• querying historical data
http://hibernate.org/orm/envers/
34. DISADVANTAGESADVANTAGES
Option: JPA Centered Approaches (Hibernate ORM Envers)
Markus Eisele aka @myfear34
AUDITING
• Historical Data
• Revisions
• Fully integrated into JPA
• Only Data Centered Auditing
35. or data privacy
Markus Eisele aka @myfear35
CONFIDENTIALITY
Confidentiality is the process of maintaining data privacy wherein we
secure the communications channel, to make sure the data is not accessed
in its original form by a third party by eavesdropping.
Java EE doesn‘t bring a hell lot to the table here.
Options:
• SSL Termination on the Application Server
• SSL Termination on a box before (httpd, router, appliance)
36. Terminating SSL on the App-Server
Markus Eisele aka @myfear36
CONFIDENTIALITY
<transport-guarantee>CONFIDENTIAL | INTEGRAL</transport-guarantee>
A value of INTEGRAL means that the application requires the data sent between the
client and server to be sent in such a way that it can't be changed in transit.
A value of CONFIDENTIAL means that the application requires the data to be
transmitted in a fashion that prevents other entities from observing the contents of
the transmission.
37. DISADVANTAGESADVANTAGES
Terminating SSL on the App-Server
Markus Eisele aka @myfear37
CONFIDENTIALITY
• Access to the SSL connection
information (ssl-session-id)
• Performance
• Configuration complexity
• Testing locally
38. Terminating SSL on a box
Markus Eisele aka @myfear38
CONFIDENTIALITY
Httpd server (Apache)
• Mostly in place anyway for load-balancing (therefore needs to inspect the data
anway)
• OpenSSL as a way to terminate SSL/TLS connections
Firewall / Router (including or not LB features)
• See above.
• Mostly hardware accelerated SSL termination.
• High performance.
39. DISADVANTAGESADVANTAGES
Terminating SSL on a box
Markus Eisele aka @myfear39
CONFIDENTIALITY
• If SSL session information are
required, they have to be passed
downstream
• Considered “best practice” for
failover, clustering and load-
balancing
• Additional infrastructure
40. Mostly Data Integrity
Markus Eisele aka @myfear40
INTEGRITY
Data integrity is the process of verifying if data is transmitted without
corruption or modification, thus making sure that the data received at the
receiver end is in fact the same message sent by the sender.
In Java EE mostly two big areas:
Implemented for data access/exchange with JPA and JTA.
41. Mostly Data Integrity
Markus Eisele aka @myfear41
INTEGRITY
Data integrity is the process of verifying if data is transmitted without
corruption or modification, thus making sure that the data received at the
receiver end is in fact the same message sent by the sender.
In Java EE mostly data integrity
• Implemented for data access/exchange with JPA and JTA.
Options:
• Enforce integrity on the database
• Store and compare hashes of entities
42. Clustering, Scaling et al
Markus Eisele aka @myfear42
AVAILABILITY
Availability is commonly referred to as the most underspecified non-
functional requirement for applications. Fact is: Applications only earn
money, while they are running.
There‘s nothing in Java EE.
• Clustering, Scaling and other features aren‘t specified.
• Completely vendor specific and server dependent.