Operational data mining gives us a rich source of data for the third devops way - continual learning by experimentation. It also shows us just how damaging those 90 day password resets can be. This talk will look at what can go wrong, and the renewed fight to fix the problem at the root.
The Retail Enterprise - And the rise of the omni-present consumer Part 2Zensar Technologies Ltd.
Zensar - supporting
global Retailers
in their
transformation
journey
Shared Service: Support services delivered through a
team of experienced functional and technical
consultants. A single team of Oracle Retail experts led by
an experienced service manager helps support multiple
retailers. Through this model, the retailer is able to
reduce the total cost of operations by up to 30%.
Managed Service: Zensar takes on the responsibility for
a set of pre-defined support activities and
enhancements. The SLAs for response and resolution is
agreed upon and this type of engagement fits retailers
looking to engage in continuous improvement and long
term fixes.
Resource Augmentation: The management, allocation
and SLA responsibility of resources in this model is
completely dependent on the customer and the mode of
client operations.
Capacity Augmentation: Like with
the management, allocation and SLA
responsibility of resources in this model is completely
dependent on the customer and the mode of operations.
However this is suitable for larger engagements and
team capacity and skill planning for project ramp-up and
ramp-down based on customer requirement.
Andrey Utis - Sr. Manager, Software Engineering
Managing application secrets, such as database passwords or API keys, can be a tricky problem in any environment. It becomes even trickier when we have an end-to-end Continuous Delivery pipeline, deploying an application with no human intervention.
The question becomes: how do we maintain secrets in source control, along with the infrastructure and functional code, without exposing them to everyone? Additionally, CapitalOne, being a large financial institution, is subject to regulations like "segregation of duties", which prohibits developers from having admin access to production.
Using a combination of AWS KMS, IAM, and iptables, we were able to design a simple, cheap, and scalable solution that satisfies our security needs, as well as the regulatory requirements.
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...Akond Rahman
In organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to lack of adequate reviews. The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment. We analyzed a selected set of Internet artifacts and surveyed representatives of nine organizations that are using DevOps to systematically explore experiences in utilizing security practices. We observe that the majority of the software practitioners have expressed the potential of common DevOps activities, such as automated monitoring, to improve the security of a system. Furthermore, organizations that integrate DevOps and security utilize additional security activities, such as security requirements analysis and performing security configurations. Additionally, these teams also have established collaboration between the security team and the development and operations teams.
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit „Security-DevOps“ dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen. Durch frühe Rückkopplung sicherheitstechnischer Findings an die Entwicklung im Rahmen der Automatisierung haben Ihre Pentester die Möglichkeit, sich auf die kniffligeren Sicherheitschecks zu konzentrieren – trotz geforderter kurzer Releasezyklen.
The Retail Enterprise - And the rise of the omni-present consumer Part 2Zensar Technologies Ltd.
Zensar - supporting
global Retailers
in their
transformation
journey
Shared Service: Support services delivered through a
team of experienced functional and technical
consultants. A single team of Oracle Retail experts led by
an experienced service manager helps support multiple
retailers. Through this model, the retailer is able to
reduce the total cost of operations by up to 30%.
Managed Service: Zensar takes on the responsibility for
a set of pre-defined support activities and
enhancements. The SLAs for response and resolution is
agreed upon and this type of engagement fits retailers
looking to engage in continuous improvement and long
term fixes.
Resource Augmentation: The management, allocation
and SLA responsibility of resources in this model is
completely dependent on the customer and the mode of
client operations.
Capacity Augmentation: Like with
the management, allocation and SLA
responsibility of resources in this model is completely
dependent on the customer and the mode of operations.
However this is suitable for larger engagements and
team capacity and skill planning for project ramp-up and
ramp-down based on customer requirement.
Andrey Utis - Sr. Manager, Software Engineering
Managing application secrets, such as database passwords or API keys, can be a tricky problem in any environment. It becomes even trickier when we have an end-to-end Continuous Delivery pipeline, deploying an application with no human intervention.
The question becomes: how do we maintain secrets in source control, along with the infrastructure and functional code, without exposing them to everyone? Additionally, CapitalOne, being a large financial institution, is subject to regulations like "segregation of duties", which prohibits developers from having admin access to production.
Using a combination of AWS KMS, IAM, and iptables, we were able to design a simple, cheap, and scalable solution that satisfies our security needs, as well as the regulatory requirements.
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...Akond Rahman
In organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to lack of adequate reviews. The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment. We analyzed a selected set of Internet artifacts and surveyed representatives of nine organizations that are using DevOps to systematically explore experiences in utilizing security practices. We observe that the majority of the software practitioners have expressed the potential of common DevOps activities, such as automated monitoring, to improve the security of a system. Furthermore, organizations that integrate DevOps and security utilize additional security activities, such as security requirements analysis and performing security configurations. Additionally, these teams also have established collaboration between the security team and the development and operations teams.
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit „Security-DevOps“ dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen. Durch frühe Rückkopplung sicherheitstechnischer Findings an die Entwicklung im Rahmen der Automatisierung haben Ihre Pentester die Möglichkeit, sich auf die kniffligeren Sicherheitschecks zu konzentrieren – trotz geforderter kurzer Releasezyklen.
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...Sonatype
George Parris III, Capital One
In many companies, the cornerstone of their continuous integration and continuous deployment strategy is a few, well known pieces of automation software that are absolutely vital to the way companies are building software these days using agile methodologies. Many times though, someone with some infrastructure experience will just spin up a server and install the packages, building and iterating upon that same install for the following years that they're using it, which puts them in a shaky place every time they have to make changes to it.
On the Online Account Opening project at Capital One, we’ve strived to maintain our entire infrastructure as immutable as possible. In doing so, it was decided that we should apply that principle to our core CI/CD automation tools as well. By using Config As Code, Implementing a useful backup and testing strategy, and utilizing some AWS capabilities, we’re able to make that happen.
Security, Identity, and DevOps, oh my - PrintChris Sanchez
My talk from All Day DevOps 2016 introducing IdentityOps. IdentityOps is a set of strategies that integrates security, Identity and DevOps to solve common use cases for technical operations.
Key take aways of IdentityOps:
* Centralized policy for access management to resources
* Uniform application of policy and real-time enforcement
* Better operational efficiency
* Enable use cases: least privilege, nonrepudiation, segregation of duties, and audibility
DevOps in a Regulated and Embedded Environment (AgileDC)Arjun Comar
Embedded environments greatly restrict the tools available for a DevOps pipeline. A regulated environment changes the processes a development team can use to deliver software. The combination results in a highly restricted environment that forces the team back to first principles, finding what can actually work. In this talk, we'll consider the options, develop a set of helpful tools and discuss the challenges facing any team working on DevOps in unfavorable environments.
Together, we'll examine my experiences with a medical device company, where I built a DevOps pipeline for software controlling a heart pump. I would like to discuss the tools that worked as well as the principles that lead our team to success.
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck.
Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things.
While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers.
Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about:
• The evolving DevOps and software security assurance lifecycle in the age of open source
• The software security considerations CISOs, security, and development teams must address when using open source
• An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.
Automated Infrastructure Security: Monitoring using FOSSSonatype
Madhu Akula, Automation Ninja
We can see attacks happening in real time using a dashboard. By collecting logs from various sources we will monitor & analyse. Using data gleaned from the logs, we can apply defensive rules against the attackers. We will use AWS for managing and securing the infrastructure discussed in our talk.
For most network engineers who monitor the perimeter for malicious content, it is very important to respond to an imminent threat originating from outside the boundaries of their network. Having to crunch through all the logs that the various devices (firewalls, routers, security appliances etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. Even with the solutions already available in the market.
As I have experienced this myself, as part of the Internal DevOps and Incident Response Teams, in several cases, I would want to create a space for interested folks to design, build, customise and deploy their very own FOSS based centralised visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hotspots exist on a network.
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
A web application’s attack surface is the combination of URLs it will respond to as well as the
inputs to those URLs that can change the behavior of the application. Understanding an
application’s attack surface is critical to being able to provide sufficient security test coverage,
and by watching an application’s attack surface change over time security and development
teams can help target and optimize testing activities. This presentation looks at methods of
calculating web application attack surface and tracking the evolution of attack surface over
time. In addition, it looks at metrics and thresholds that can be used to craft policies for
integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD)
pipelines for teams integrating security into their DevOps practices.
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
Justin Collins, Brakeman Security
It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews.
This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.
Security and DevOps - Managing Security in a DevOps EnterpriseClaudia Ring
Looking at security and DevOps requires a view across two dimensions:
Securing the application; and
Securing the application delivery pipeline
Securing the application focuses on ensuring the application being developed and delivered, and the associated data, are secure. This means building and delivering them using secure engineering practices that ensure their security and integrity, as well as that of the business and end-users.
Securing the application delivery pipeline focuses on securing the delivery platform itself, so that the application development and delivery tools, the Infrastructure and environments, configurations, automation tools, repositories, and associated services and APIs are all secure.
Join us to hear an overview of these concepts, how they can be applied across the software delivery pipeline and IBM offerings that can help you on your journey to secure DevOps.
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit "Security-DevOps" dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen.
Operational Analytics at Credit Suisse from ThousandEyes ConnectThousandEyes
Darrell Westbury, Director of Operational Analytics at Credit Suisse, presents on how the global bank collects five types of IT operations data, analyzes it and uses it to derive insights.
InfoComm Charging Station Usage Study Secure Mag Swipe, Pin Code, QR CodeJoel Martin
INFOCOMM 2015 / 2016
Brightbox Secure Charging Station Usage Study.
InfoComm is the largest, most exciting event in the Western Hemisphere focused on the pro-AV industry, with nearly 1,000 exhibitors, thousands of products, and 40,000 attendees from 110+ countries. Brightbox has been the official charging station at both the 2015 Orlando and 2016 Las Vegas events.
Events Featured:
Secure Mag Swipe as key module
Secure Pin Code as key module
Email Collection
Impression Analytics
QR Code on-screen
Brightbox is an American B2B kiosk technology company and a world leader in the development, operation and sale of kiosks and a platform for securely recharging smartphones and mobile devices, delivering content and collecting data. Our mission is two-fold: to deliver convenient, highly secure mobile power to the public, and to deliver brand enhancement to organizations. We now have 1000 kiosks deployed in 10 countries. We sell and lease the most sophisticated and secure interactive recharging kiosk to experiential agencies and brands. Features include Camera Audience Measurement, Polling, SMS relay, Coupons, and the ability to amplify a social media campaign via our prized charging amenity. We offer many secure locker key options, including brandable Mag Swipe cards, Secure Pin Code, or RFID readers compatible with the leading badge and ticket registration companies in the industry. BRANDS Increase brand awareness Get credit for solving a huge need Engage customers with interactive messaging, surveys, phone & email acquisition.
For more information contact us
Martin@brightboxcharge.com
or visit http://www.brightboxcharge.com
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...Sonatype
George Parris III, Capital One
In many companies, the cornerstone of their continuous integration and continuous deployment strategy is a few, well known pieces of automation software that are absolutely vital to the way companies are building software these days using agile methodologies. Many times though, someone with some infrastructure experience will just spin up a server and install the packages, building and iterating upon that same install for the following years that they're using it, which puts them in a shaky place every time they have to make changes to it.
On the Online Account Opening project at Capital One, we’ve strived to maintain our entire infrastructure as immutable as possible. In doing so, it was decided that we should apply that principle to our core CI/CD automation tools as well. By using Config As Code, Implementing a useful backup and testing strategy, and utilizing some AWS capabilities, we’re able to make that happen.
Security, Identity, and DevOps, oh my - PrintChris Sanchez
My talk from All Day DevOps 2016 introducing IdentityOps. IdentityOps is a set of strategies that integrates security, Identity and DevOps to solve common use cases for technical operations.
Key take aways of IdentityOps:
* Centralized policy for access management to resources
* Uniform application of policy and real-time enforcement
* Better operational efficiency
* Enable use cases: least privilege, nonrepudiation, segregation of duties, and audibility
DevOps in a Regulated and Embedded Environment (AgileDC)Arjun Comar
Embedded environments greatly restrict the tools available for a DevOps pipeline. A regulated environment changes the processes a development team can use to deliver software. The combination results in a highly restricted environment that forces the team back to first principles, finding what can actually work. In this talk, we'll consider the options, develop a set of helpful tools and discuss the challenges facing any team working on DevOps in unfavorable environments.
Together, we'll examine my experiences with a medical device company, where I built a DevOps pipeline for software controlling a heart pump. I would like to discuss the tools that worked as well as the principles that lead our team to success.
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck.
Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things.
While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers.
Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about:
• The evolving DevOps and software security assurance lifecycle in the age of open source
• The software security considerations CISOs, security, and development teams must address when using open source
• An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.
Automated Infrastructure Security: Monitoring using FOSSSonatype
Madhu Akula, Automation Ninja
We can see attacks happening in real time using a dashboard. By collecting logs from various sources we will monitor & analyse. Using data gleaned from the logs, we can apply defensive rules against the attackers. We will use AWS for managing and securing the infrastructure discussed in our talk.
For most network engineers who monitor the perimeter for malicious content, it is very important to respond to an imminent threat originating from outside the boundaries of their network. Having to crunch through all the logs that the various devices (firewalls, routers, security appliances etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. Even with the solutions already available in the market.
As I have experienced this myself, as part of the Internal DevOps and Incident Response Teams, in several cases, I would want to create a space for interested folks to design, build, customise and deploy their very own FOSS based centralised visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hotspots exist on a network.
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
A web application’s attack surface is the combination of URLs it will respond to as well as the
inputs to those URLs that can change the behavior of the application. Understanding an
application’s attack surface is critical to being able to provide sufficient security test coverage,
and by watching an application’s attack surface change over time security and development
teams can help target and optimize testing activities. This presentation looks at methods of
calculating web application attack surface and tracking the evolution of attack surface over
time. In addition, it looks at metrics and thresholds that can be used to craft policies for
integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD)
pipelines for teams integrating security into their DevOps practices.
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
Justin Collins, Brakeman Security
It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews.
This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.
Security and DevOps - Managing Security in a DevOps EnterpriseClaudia Ring
Looking at security and DevOps requires a view across two dimensions:
Securing the application; and
Securing the application delivery pipeline
Securing the application focuses on ensuring the application being developed and delivered, and the associated data, are secure. This means building and delivering them using secure engineering practices that ensure their security and integrity, as well as that of the business and end-users.
Securing the application delivery pipeline focuses on securing the delivery platform itself, so that the application development and delivery tools, the Infrastructure and environments, configurations, automation tools, repositories, and associated services and APIs are all secure.
Join us to hear an overview of these concepts, how they can be applied across the software delivery pipeline and IBM offerings that can help you on your journey to secure DevOps.
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit "Security-DevOps" dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen.
Operational Analytics at Credit Suisse from ThousandEyes ConnectThousandEyes
Darrell Westbury, Director of Operational Analytics at Credit Suisse, presents on how the global bank collects five types of IT operations data, analyzes it and uses it to derive insights.
InfoComm Charging Station Usage Study Secure Mag Swipe, Pin Code, QR CodeJoel Martin
INFOCOMM 2015 / 2016
Brightbox Secure Charging Station Usage Study.
InfoComm is the largest, most exciting event in the Western Hemisphere focused on the pro-AV industry, with nearly 1,000 exhibitors, thousands of products, and 40,000 attendees from 110+ countries. Brightbox has been the official charging station at both the 2015 Orlando and 2016 Las Vegas events.
Events Featured:
Secure Mag Swipe as key module
Secure Pin Code as key module
Email Collection
Impression Analytics
QR Code on-screen
Brightbox is an American B2B kiosk technology company and a world leader in the development, operation and sale of kiosks and a platform for securely recharging smartphones and mobile devices, delivering content and collecting data. Our mission is two-fold: to deliver convenient, highly secure mobile power to the public, and to deliver brand enhancement to organizations. We now have 1000 kiosks deployed in 10 countries. We sell and lease the most sophisticated and secure interactive recharging kiosk to experiential agencies and brands. Features include Camera Audience Measurement, Polling, SMS relay, Coupons, and the ability to amplify a social media campaign via our prized charging amenity. We offer many secure locker key options, including brandable Mag Swipe cards, Secure Pin Code, or RFID readers compatible with the leading badge and ticket registration companies in the industry. BRANDS Increase brand awareness Get credit for solving a huge need Engage customers with interactive messaging, surveys, phone & email acquisition.
For more information contact us
Martin@brightboxcharge.com
or visit http://www.brightboxcharge.com
Data lineage is a regulatory and internal requirement with potential to deliver significant operational and business benefits, but financial institutions can find it difficult to implement and complex to maintain as systems and regulatory requirements themselves, change quickly. The importance of understanding where the true source of the data is coming from, where the data flows to and what has changed cannot be overstated. The webinar defines data lineage and discuss implementation through the eyes of those that have implemented and sustained successful lineage solutions with significant benefits.
Listen to the webinar to find out about:
- Data management for data lineage
- Winning buy-in for projects
- Best practice implementation
- Operational and business benefits
- Expert practitioner advice
Managing Large Scale Financial Time-Series Data with Graphs Objectivity
Slides from a recent webinar by Objectivity showing how the ThingSpan platform is ideal for graph analytics to uncover patterns and insights within large, complex data sets in order to make efficient decisions.
The supply chain of the future will accelerate due to assistance from autonomous technologies and processes. These are slides from our webinar Supply Chain and the Autonomous World webinar featuring special guests Jim Lawton, Chief Product and Marketing Officer, Rethink Robotics and Andy Souders, SVP Products and Strategy IoT/Big Data, Savi Technology, as they join Lora to discuss the impact of technologies such as robotics, self-driving vehicles, wearable devices, cognitive learning, 3-D printing and other evolutions on current and future supply chains.
The present and future of serverless observabilityYan Cui
As engineers, we’re empowered by advancements in cloud platforms to build ever more complex systems that can achieve amazing feats at a scale previously only possible for the elite few. The monitoring tools have evolved over the years to accommodate our growing needs with these increasingly complex systems, but the emergence of serverless technologies like AWS Lambda has shifted the landscape and broken some of the underlying assumptions that existing tools are built upon - eg. you can no longer access the underlying host to install monitoring agents/daemons, and it’s no longer feasible to use background threads to send monitoring data outside the critical path.
Furthermore, event-driven architectures has become easily accessible and widely adopted by those adopting serverless technologies, and this trend has added another layer of complexity with how we monitor and debug our systems as it involves tracing executions that flow through async invocations, and often fan’d-out and fan’d-in via various event processing patterns.
Join us in this talk as Yan Cui gives us an overview of the challenges with observing a serverless architecture (ephemerality, no access to host OS, no background thread for sending monitoring data, etc.), the tradeoffs to consider, and the state of the tooling for serverless observability.
Thavron: Service Costing for the Board Room to FinanceThavron Solutions
Presentation Slides from ITFMA conference in Chicago,April 2016.
What are the key factors you should consider in your ITFM/Service Costing models to allow you to produce reporting that satisfies both the board room and the finance experts?
How to Apply Machine Learning with R, H20, Apache Spark MLlib or PMML to Real...Kai Wähner
"Big Data" is currently a big hype. Large amounts of historical data are stored in Hadoop or other platforms. Business Intelligence tools and statistical computing are used to draw new knowledge and to find patterns from this data, for example for promotions, cross-selling or fraud detection. The key challenge is how these findings can be integrated from historical data into new transactions in real time to make customers happy, increase revenue or prevent fraud.
"Fast Data" via stream processing is the solution to embed patterns - which were obtained from analyzing historical data - into future transactions in real-time. This session uses several real world success stories to explain the concepts behind stream processing and its relation to Hadoop and other big data platforms. The session discusses how patterns and statistical models of R, Spark MLlib and other technologies can be integrated into real-time processing using open source frameworks (such as Apache Storm, Spark or Flink) or products (such as IBM InfoSphere Streams or TIBCO StreamBase). A live demo shows the complete development lifecycle combining analytics, machine learning and stream processing.
Delivering Services Powered by Operational Data - Connected ServicesOSIsoft, LLC
If you are an industrial OEM, supplier, service provider or performance analytic vendor, you'll find that real-time operational data can boost your service offerings and provide increased benefits to your customers.
Jorge describes how Snowplow is delivering value for Steetlife's users, how the realtime pipeline is going to change that and how we're all going to benefit form it.
AppDynamics and ME Bank: Use Cases for a Modern Digital Bank - AppSphere16AppDynamics
ME is an Australian bank with a difference - we're a branchless, digital bank that depends on our external and internal applications and services to achieve our purpose to help all Australians get ahead.
In this session Matt Forder, Infrastructure Service Manager, will show how ME use platforms like Pega Systems, Temenos T24, and Software AG WebMethods in a service-orientated, multi-sourced environment to deliver digital services for customers and staff, and how AppDynamics helps make sense of it all.
Key takeaways:
• How AppDynamics can be used in service-oriented environment with a mix of in-house developed and commercial off-the-shelf software.
• How AppDynamics can help measure and improve the experience of internal and field-based staff.
• How AppDynamics can increase service provider accountability in a multi-sourced environment.
For more information, go to: www.appdynamics.com
PCMA Events
Professional Convention Management Association (PCMA) is the definitive authority in education, business networking and community engagement for leaders in the global meetings, convention and business events industry. With more than 6,500 members and 50,000 customers PCMA drives innovation through risk taking, research and data driven decision making.
The following report is a usage sampling from six PCMA educational events. In addition we have worked with event partner / operators such as InCharged.com and ITMMobile.com
for deployment at these events.
Similar to What's My Security Policy Doing to My Help Desk w/ Chris Swan (20)
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
30+ Nexus Integrations to Accelerate DevOpsSonatype
No single tool can deliver on the promise of DevOps. Instead it’s a collection of tools, easily integrated, tightly managed, and effectively automated. Learn how Nexus integrates with more DevOps tools you use everyday.
Starting and Scaling DevOps In the EnterpriseSonatype
Gary Gruver, Gruver Consulting
In my role, I get to meet lots of different companies, and I realized quickly that DevOps means different things to different people. They all want to do “DevOps” because of all the benefits they are hearing about, but they are not sure exactly what DevOps is, where to start, or how to drive improvements over time. They are hearing a lot of different great ideas about DevOps, but they struggle to get every-one to agree on a common definition and what changes they should make. It is like five blind men describing an elephant. In large orga-nizations, this lack of alignment on DevOps improvements impedes progress and leads to a lack of focus.
This session is intended to help structure and align those improvements by providing a framework that large organizations and their executives can use to understand the DevOps principles in the context of their current development processes and to gain alignment across the organization for success-ful implem
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
Mandy Whaley, CISCO
Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and api consoles, and maybe just a few secret documents trapped in chat room somewhere… Keeping docs updated and in sync with code can be a challenge.
We’ve been working on a project at Cisco DevNet to help solve this problem for engineering teams across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that:
Has a developer friendly editing flow
Accepts many API spec formats (Swagger, RAML, etc)
Supports long form documentation in markdown
Is CI/CD pipeline friendly so that code and docs stay in sync
Flexible enough to be used by a wide scope of teams and technologies
We have many interesting lessons learned about tooling and how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure. This is most definitely a culture + tech + ops + dev story, we look forward to sharing with the DevOps Days community.
The Unrealized Role of Monitoring & Alerting w/ Jason HandSonatype
In today’s world, a company must be a “Learning Organization” in order to be successful and innovative. Learning from both failure and success, in order to implement small incremental improvements is critical. But until you implement and apply new information, you haven’t truly “learned” anything and you certainly haven’t improved.
According to the 2015 Monitoring Survey, most companies leverage metrics from monitoring and logging purely for performance analytics and trending. If high availability and reliability are important, they also leverage metrics to alert on fault and anomaly detection. Despite these “best practices”, the metrics are primarily only used as context to keep things “running” or return them back to “normal” if there’s a problem. Rarely is that data used as a method to identify areas of improvement once services have been restored. When an outage occurs to your system, you will absolutely repair and restore services as best you know how, but are you paying attention to the data from the recovery efforts? What were operators seeing during diagnosis and remediation? What were their actions? What was going on with everyone, including conversations? A step-by-step replay of exactly what took place during that outage.
This “old-view” perspective on the purpose of monitoring, logging, and alerting leaves the full value of metrics unrealized. It fails to address what’s important to the overall business objective and it lacks any hope of seeking out innovation or disruption of the status quo.
This talk will illustrate how to identify if your company is making the best use of metrics and ways to not only learn from failure, but to become a “Learning Company”.
DevOps and All the Continuouses w/ Helen BealSonatype
DevOps promises to make better software faster and more safely and many organizations begin by practicing Continuous Integration and moving on to Continuous Delivery and sometimes even extending as far as Continuous Deployment - but this is only the tip of the iceberg.
DevOps demands a fundamental shift in the way we work and requires all participants in an organization to live its principles. It’s much more than a tool chain.
When you are delivering software in an Agile manner in fortnightly sprints, are you still funding in an annual manner? Are you adhering to The Third Way? I.e. are you practicing Continuous Experimentation? Continuous Learning? How are you doing Continuous Testing? Are you including security in that? Have you have Continuous Improvement in your organization for years? When does Continuous Everything turn into Continuous Apathy?
A Small Association's Journey to DevOps w/ Edward RuizSonatype
Small and medium-size businesses are under the same pressure to innovate-at-speed as large corporations. They face these challenges with shoestring IT budgets and limited staff who are stretched thin and forced to wear multiple hats. These limits are particularly acute in the world of nonprofit associations. But with the right vision and culture, even small teams can successfully implement a DevOps philosophy and bust the barriers to high-speed IT innovation.
In this presentation, I will recount our small membership association’s transformative journey to DevOps and share the lessons we learned along the way. I will offer first-hand experiences and practical ideas on how to cultivate a collaborative team culture to realize faster deployment cycles while improving build quality and delighting customers with great software.
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsSonatype
Lee Calcote, Solar Winds
Running a few containers? No problem. Running hundreds or thousands? Enter the container orchestrator. Let’s take a look at the characteristics of the four most popular container orchestrators and what makes them alike, yet unique.
Swarm
Nomad
Kubernetes
Mesos+Marathon
We’ll take a structured looked at these container orchestrators, contrasting them across these categories:
Genesis & Purpose
Support & Momentum
Host & Service Discovery
Scheduling
Modularity & Extensibility
Updates & Maintenance
Health Monitoring
Networking & Load-Balancing
High Availability & Scale
Akash Mahajan, Appsecco
Ansible offers a flexible approach to building a SecOps pipeline. System hardening can become just another software project. Using it we can do secure application deployment, configuration management and continuous monitoring. Security can be codified & attack surfaces reduced by using Ansible.
Who is this talk for?
This talks and demo is relevant and useful for any practitioner of DevSecOps.
It introduces the concepts of declarative security
Showcases one of the tools (Ansible) to embrace DevSecOps in a friction free no expense required manner
Implements security architecture principles using a structured language (YAML) as part of the framework (playbooks) which is ‘Infrastructure As Code’
Gives a clear roadmap on how to find the best practices for security hardening
Covers how continuous monitoring can be applied for security
Technical Requirements
While 30 minutes short for letting attendees do hands-on, the following will be required
- A modern Linux distribution with Python and Ansible installed
- Basic idea of running commands on the Linux command line
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
Erlend Oftedal, Blank
Immutable infrastructure and serverless architectures have very interesting security properties. This talk will give an introduction to immutable infrastructure and serverless architecture and try to highlight some of the properties of such architectures. Next we will look at the positive effects this can have on the security of our systems, but also highlight some of the negative aspects and potential problems.
At the conclusion of this sessions, we hope to have shed some light on the positive and negative security effects of such architectures.
Getting out of the Job Jungle with JenkinsSonatype
Damien Corabouef, Multipharma, Clear2Pay
Implementing a CI/CD solution based on Jenkins has become very easy. Dealing with multiple feature, staging and release branches? Not so much. Having to handle that for multiple teams and multiple projects becomes a real challenge. This presentation shows a solution to scale to several thousands of jobs, used by dozens of different development and test teams, 24 hours a day, 7 days a week, on a worldwide schedule.
I will talk about the challenges that we’ve met, and how we’ve put in place a scalable and on-demand solution, secure and simple to use.
This is a real-life, real-scale story of making CI/CD a day-to-day reality by allowing development and test teams to consider automation as a simple and customisable service.
Nathen Harvey, Chef
Automation at scale is the foundation of every successful high velocity organization.
Automation requires dynamic infrastructure that is managed as code. Modern infrastructure code means bringing the lessons from software development to your infrastructure. Automation is managed in version control systems, tests drive code development, code moves through a continuous pipeline from the workstation to the production environment. What will this look like in five years? We will see a continued improvement in the way teams work together toward common goals, build more operable applications, and embrace complexity while improving ease-of-use.
Continuous Everyone: Engaging People Across the Continuous PipelineSonatype
Jayne Groll, DevOps Institute
Culture is undoubtedly one of the most critical aspects of any DevOps initiative. While much emphasis is placed on the automation of the deployment pipeline, there is also a need for a “Continuous People Pipeline”. Continuous People Pipelines help individuals and teams recognize their contribution to the value stream, provide realistic approaches and milestones for ongoing communication and collaboration and can be the basis for shared accountabilities and meaningful metrics. Most importantly, people pipelines help increase trust, flow, feedback and connection across IT silos.
This session will provide insight on the value, creation and support of Continuous People Pipelines. It will help attendees understand some of the human dynamics of change that must be considered – cultural debt, adoption models, acceptance curves, collaboration, immersion and conflict management. At the end of this session, leaders will take away some innovative strategic and tactical ideas for overcoming silo constraints and creating a collaborative culture that excites, engages and unifies people towards common business goals.
Michiel Rook, make.io
It's a situation many of us are familiar with: a large legacy, monolithic application, limited or no tests, slow & manual release process, low velocity, no confidence... A lot of refactoring is required, but management keeps pushing for new features.
How to proceed? Using examples and lessons learned from a real-world case, I'll show you how to replace a legacy application with a modern service-oriented architecture and build a continuous integration and deployment pipeline to deliver value from the first sprint. On the way, we’ll take a look at the process, automated testing, monitoring, master/trunk based development and various (possibly controversial!) tips and best practices.
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...Sonatype
Daniël van Gils, Cloud 66
So you’ve already containerized the shit out of your code, broken down monoliths, microserviced the hell out of your app and have run some awesome workloads in your local, dev and test environments. It’s all looking good, but now what?
Running Docker commands is one thing, but maintaining containers in production is a whole other ballgame. So during this talk I’ll show you the REAL wild world of Docker in production. With the added benefit of talking to and observing how over 900 of our customers have been using Docker in production, I’ll be presenting some of these data points and sharing our observations on how to get it right.
My aim? I want to turn the conversation on its head and dispel some of the ‘silver bullet’ assumptions flying around by taking an inside-out approach to building with Docker. The idea is to provide you with a framework for how to get your code into containers, streamline the Docker build flow and avoid common pitfalls when moving from dev to live environments.
Because remember, Docker will NOT, and I repeat, will not solve your bad dev and ops behaviours. So don’t end up with a ‘hot mess’ (more on that later), and attend my talk to get container smart
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.