Monday, February 7, 2022
How does a machine classify different species of animals just by looking at an image? Computer Vision is the branch of Machine learning that does the magic and deep learning helps in achieving it. In this session, I will cover an introduction to Computer Vision, Deep Neural Networks and show how to build a serverless image classification application using Microsoft Azure Functions and ML.Net framework. The implementation will be in C# language.
Cloud-native applications today are increasingly complex and therefore increasingly hard to understand. It’s critical to connect decisions around resource allocation and architecture to business metrics such as end-user latency, but very difficult to do in practice. Ultimately, understanding how your systems behave and why is a data analytics problem. Like most data analytics problems, the trick is in collecting and wrangling the right data sources. In this talk, you will learn how Pixie, an open-source observability platform for Kubernetes, can be used to painlessly turn low-level telemetry data into high-level signals about system health. The talk will also show these high-level signals can be used as input to infrastructure workloads such as CI/CD and load balancing in order to improve their performance.
Modern systems today are far more complex to monitor.
Microservices combined with containerized deployment results in highly dynamic systems with many moving parts across multiple layers.
These systems emit massive amounts of highly dimensional telemetry data from hardware and the operating system, through Docker and Kubernetes, all the way to application and its databases, web proxies and other frameworks.
Many have come to realize that the commonly prescribed Graphite+StatsD monitoring stack is no longer sufficient to cover their backs.
New requirements need to be considered when choosing a monitoring solution for the job, including scalability, query flexibility and metrics collection.
In this talk Horovits will look at the characteristics of modern systems and what to look for in a good monitoring system. He will also discuss the common open source tools, from the days of Graphite and StatsD to the currently dominant Prometheus.
This talk will put you on the right track for choosing the right monitoring solution for your needs.
All the unit tests in the world, the largest QA team still can’t stop bugs from slithering into production. With a distributed microservice architecture debugging becomes much harder. Especially across language & machine boundaries. APMs/Logs have limits.
Production bugs are the WORST bugs. They got through unit tests, integration tests, QA and staging… They are the spores of software engineering. Yet the only tools most of us use to attack that vermin is quaint little log files and APMs. We cross our fingers and put on the Sherlock Holmes hat hoping that maybe that bug has somehow made it into the log… When it isn’t there our only remedy is guesswork of more logging. That in turn bogs performance for everyone, makes the logs damn near unreadable and can literally cost millions in fees. But we have no choice other than crossing our fingers and going through CI/CD again and again until we find it.
There are better ways. With modern continuous observability tools we can follow a specific process as it goes through several different microservices and “step into” as if we were using a local debugger without interrupting the server flow. In this session I will demonstrate such an approach.
As infrastructure has moved to the cloud and as application architectures have adopted cloud native tools, the need for new observability patterns has risen. Cloud Native Observability enables us to gain better visibility in our applications throughout their lifecycle. 18 years after the birth of SRE, with the move to the cloud and the dominance of SaaS delivery models, we are now able to have total visibility in our applications and can now leverage this towards our end goal, Reliability. We will start the presentation by seeing how the change in application architectures and the adoption of microservices have made observability a lot different, as well as, how we can implement observability using cloud native (CNCF) tools. We will then connect the dots and leverage our observability architecture, to monitor and improve SLI/SLOs and user experience as a result. Finally, we will put observability and chaos engineering together, in order to improve fault tolerance and reliability of our applications.
Utilizing an all Apache stack for Rapid Data Lake Population and querying utilizing Apache Flink, Apache Pulsar and Apache NiFi. We can quickly stream data to and from any datalake, data lake house, lakehouse, database or any datamart regardless of cloud or size. FLiP allows for Java and Python developers to build scalable solutions that span messaging and streaming in cloud native fashion with full monitoring.
You can find talks demonstrating how some security tools work in isolation, but what about a closer to life scenario showing how to introduce security throughout development, deployment and runtime? This is the demo that will finally fill that gap! Attendees will be able to take back knowledge and get a head start in introducing security everywhere in their SDLC. We’ll see a hands on demonstration of how to use a variety of tools under the CNCF to dramatically enhance the security of any environment: - In-Toto will help us ensure the integrity of our software from development to deployment - Kyverno will allow us to define policies in our environment to guarantee compliance - We’ll use Notary to sign our dockerimages and finally - Falco we’ll notify us if any threats are identified in the runtime of our kubernetes cluste
Tuesday, February 8, 2022
It’s impossible to reason about modern web application without mentioning its front-end part – extensive, feature-rich, performant, sometimes with quite sophisticated structure and build process, but after all not requiring server-side code to construct it in the runtime, i.e. static. In the Azure cloud, we now have a special service for this kind of apps (including both classic SPAs and statically generated ones), empowering developers to focus on the business logic rather than the infrastructure that builds and hosts them.
In my technical session & demo, let's go through the full development flow: we scaffold a web front-end app, push it to the GitHub, set up Azure Static Web App service, enjoy the fully automatic build, and deploy to global high-availability hosting - all in a few minutes!
Event-driven, real-time development in the cloud is a major part of many organizations’ digital transformation initiatives and businesses realize that data is the currency of competitive advantage. Event-driven applications must consume, enrich, and deliver data securely in real-time, and efficiently at scale. Therefore, the size of data packets, speed and frequency of data transmission and update, and the “intelligence” of data handling, are critical to successfully running mission-critical, corporate applications and making time-sensitive business decisions.
The core expertise of many companies lies in the development of their business applications, not in developing streaming data technology. As organizations everywhere move to the cloud, the demand for the dynamic enrichment, management and security of real-time, inflight data is critical. The fundamental challenge of developing event-driven, real-time applications and systems for the cloud, is managing the complexity of the end-to-end journey from sources to recipients of the highly “perishable” data – fast, reliably, securely, often in large volume, and sometimes to many recipients (hundreds of thousands of applications, systems, and devices concurrently). This talk will highlight how an Intelligent Event Data Platform enables organizations to accelerate innovation and deliver game-changing, real-time applications to market faster, while significantly reducing the cost of software development and operations.
The Cloud Native Computing Foundation (CNCF) bought you such fan favorites like Kubernetes & Prometheus. In this talk Annie Talvasto will introduce you the most interesting and coolest upcoming CNCF tools and projects.
This compact and demo-filled talk will give you ideas and inspiration that you can 1) discover new technologies and tools to use in your future projects as well as 2) be the coolest kid in the block, by being up to date with the latest and greatest.
PRO TALK (CloudWorld): Debugging Kubernetes-based Microservices with Telepresence: Local-to-Remote "Hot Reload"
Many organizations adopt cloud native development practices with the goal of shipping features faster. The technologies and architectures may change when we move to the cloud, but the fact remains that we all still add the occasional bug to our code. The challenge here is that many of your existing local debugging tools and practices can't be used when everything is running in a container or deployed onto Kubernetes running in the cloud. This is where the open source Telepresence tool can help.
Join me to learn about:
- The challenges with scaling Kubernetes-based development i.e. you can only run so many microservices locally before minikube melts your laptop
- An exploration of how Telepresence can "intercept" or reroute traffic from a specified service in a remote K8s cluster to your local dev machine
- The benefits of getting a "hot reload" fast feedback loop between applications being developed locally and apps running in the remote environment
- A tour of Telepresence, from the sidecar proxy deployed into the remote K8s cluster to the CLI
- An overview of using "preview URLs" and header-based routing for the sharing, collaboration, and isolation of changes you are making on your local copy of an intercepted service
PRO TALK (CloudWorld): Modernizing Applications with Oracle Verrazzano Enterprise Container Platform
Oracle released Verrazzano as Container Management Platform software in 2021. It is Open Source Platform that accelerates application development productivity and innovation across different business applications regardless of your use of microservices or traditional monolith applications. The platform enables customers to modernize their existing applications landscapes and it provides a cloud-neutral approach to achieve the same observability and lifecycle benefits regardless of deploying on premise or on Cloud infrastructure with the ability to manage multi-cloud environments
PRO TALK (CloudWorld): The Most Dangerous Demo Ever (Or How to Perform Real Time Sentiment Analysis on Audience Messages)
It’s common knowledge that everything that could go wrong in a live demo will. Join us challenging Murphy’s law on multiple occasions as we build an application that will perform real-time sentiment analysis on the audience messages, from scratch. All you need to participate is your phone’s QR reader! Come and learn about streaming (vs batch), deploying ML models in real-time and automating MLOps in a data science project.
For a growing set of cloud-native use cases the centralized public cloud is not able to provide a high level of service because workloads are not run in proximity to end users. This situation is exacerbated as new communication technologies like 5G are introduced with a higher demand for high throughput and low latency as well as increased in-country data ownership requirements.
In this presentation I will introduce a distributed cloud built upon existing infrastructure in hundreds of data centers across the globe. This new computing paradigm converts local data centers’ existing capacity into modern PaaS offerings. It accomplishes this by enabling data centers, or any legacy infrastructure, that have private cloud or virtual data center offerings to add modern, cloud native PaaS services, such as managed Kubernetes, containers, and object storage.
The Koii Protocol tracks attention on the open internet to equitably reward valuable content, and the network of Koii Nodes provide faster, cheaper, and more rewarding ways to build cross-compatible, chain-agnostic decentralized apps.
In this session, we will discuss how developers, DBA's, and Architects deploy database proxies to better manage SQL connections for Microservice architecture, buy avoiding unnecessary latency. We review various proxies (open source and proprietary) in the market and discuss key features that accelerate SQL scale without code changes. A live demo will be included.
We will explore the benefits of a managed IoT Cloud platform, HiveMQ Cloud, which lightens the burden of deployment, connection, messaging and monitoring of your enterprise-grade IoT devices and messaging brokers.
PRO TALK (CloudWorld): You’ve Inherited a (Failing) API, Now What? Shifting Out of Triage Mode with Better Insights
When an API fails, users can't just call in and get help. It's extremely difficult. The whole idea of waiting for things to break in production and then dealing with the fallout of angry customers and lost revenue – accepting some level of failure - is Stone Age thinking.No one wants to lose revenue because of some API problem. No DevOps person wants to hear about a problem they can't fix because they don’t have all the information they need to figure it out. How many problems are you tracking right now that you heard about but can't reproduce? You’re hoping it’ll go away, but you’re really just resigned to some level of failure being acceptable.We can actually do much better. We live in an age of big data and commoditized storage, where we can responsibly gather the API data that makes it possible to know everything. In this session, we’ll discuss how to shift out of triage mode to get ahead of problems. API-first architecture means understanding what information to capture and track, but more importantly, how to quickly find and manage information on user actions and security threats. Even for those old, failing APIs.
DevOps has changed the way software is built, delivered, and operated in production. Features are pushed out faster than ever before, applications are more resilient, and improvements in the development pipeline have given engineers the power to own the complete delivery of their application.
Behind the improvements that we have seen from the advent of the DevOps movement are DevOps teams, cultural shifts, and tooling that was built to serve the engineers themselves. While the world has shifted left and a best-in-class standard has been established for software engineering, application security has remained stagnant.
Are you worried about granting too much access to resources on your Kubernetes cluster? With the extensible framework of Kubernetes, there is scarcely a day without a new tool popping up. In order to ensure the tools, users, and applications have appropriate security policies, a streamlined onboarding process is required.
The onboarding process not only streamlines how securely we can grant access but also enables self-service capabilities improving the user experience.
In this workshop, audiences will get a good understanding of common pitfalls and how to avoid them by leveraging the Role-Based architecture approach, pod security policies, admission controllers, policy enforcement through OPA, etc.
Wednesday, February 9, 2022
As of 2017, 90 percent of public clouds workloads ran on Linux. Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today’s most cutting-edge cloud-based applications and technology run on Linux, making it a critical area of modern technology to secure.
According to a recent Linux Threat Report, most threats arise from systems running end-of-life versions of Linux distributions. This includes 44 percent from CentOS versions 7.4 to 7.9. In addition, 200 different vulnerabilities were targeted in Linux environments in just six months. This means attacks on Linux are likely taking advantage of outdated software with un-patched vulnerabilities.
This session will reveal steps you can take to ensure the security across workloads and cloud presence powered by Linux and how to effectively respond to the possible threats.
Join Aaron as he walks through the data, speaks to the threat, and highlights the top three mitigation strategies for all enterprises.
Attendees will learn:
• How to utilize free Linux native tools including Iptables, seecomp, PaX, etc., for configuration assessment, vulnerability patching and activity monitoring.
• Simple steps you can take to secure containers effectively.
• Best practices in Appsec, including testing, scanning and Open Source (SCA).
So you want to be a cloud company? Making the jump to being a cloud-native rather than just a company who runs their product on the cloud requires deep changes throughout the organization. You'll need to change how your teams work together, how they think about the software development lifecycle, who you hire, how you approach reliability, and your relationship with your customers.
This talk goes through the prerequisites for becoming a cloud native company, addressing how to change not just what you do but how you do it, giving examples of other companies who have been through a similar transition. The speaker, Jordan Tigani, is a veteran who helped create one of GCP's first and most successful cloud products, and has helped SingleStore make the transition to a cloud-native company.
Access control in AWS is done via IAM policies. Policies and permissions in IAM can get really complex really fast, leaving a ton of room for mistakes and misconfigurations. To put this in perspective:- There are six types of IAM policies- Policies can have a combination of Deny and Allow statements- Each statement includes Actions, Resources, Principal, Conditions- Each statement can also have negations (exceptions) such as NotResource or StringNotEquals in Conditions- And many other details and tricksIt is best practice to configure least privileged policies. However, to get it right is often more challenging than it looks. As a result, most policies are written with wildcards (*) in Actions, or Resources, or both, with no meaningful Conditions.It is also very difficult to understand the net effective permissions of a policy that contains both Allow and Deny statements, with seemingly contradicting conditions and exceptions. AWS provides an IAM policy simulator that helps, but only helps to a limited extent. With the IAM policy simulator, you have to specify the service(s), action(s), and/or resource(s) and get a “yes/no” answer back telling you if a policy grants the permission to that known combination. It cannot answer the broader question of “given a policy, what resource permissions does it grant access to” in general.
During this session, we will guide the audience on the important role that DevSecOps has to effectively and efficiently drive and support cybersecurity compliance for enterprises. Specifically, we will explain how achieving a cybersecurity audit can help businesses focus their efforts on driving revenue and sales. We’re experts on the topic -- our team at Strike Graph takes customers from zero to 100 by helping their teams (like DevSecOps) to manage and automate important audits effectively and efficiently.
We will share tips and insights to help you maximize efficiency for compliance, such as:
What is DevSecOps really?
Why is security operations a revenue issue?
What is the lifecycle and distribution of security activities?
How to scope and operationalize security from a technology executive perspective.
What are security controls and how do I avoid “Security Theater”?
How to automate procedures and drive DevSecOps towards effective security.
How to take credit for your security practices that drive towards valuable certifications.
How to manage your auditor as opposed to being managed by your auditor.
Cloud deployments offer the potential for almost infinite resources and flexible scalability. But there are so many options! It can be overwhelming to know which services are best for your use case. Building distributed systems which take advantage of in-memory computing only adds to the complexity.
During this session we will introduce a new cloud service for Apache Ignite in-memory computing platform and the best practices we followed in implementing this service . We will look at the advantages and disadvantages containers vs. VMs, the value of standardized configurations, how to size system resources based on the workload, and how we configured security and networking.
The software we write does not always work as smoothly as we would like. In order to know if something went wrong, understand the root cause and fix the problem, we need to monitor our system and get alerts whenever issues pop up. There are many useful tools and practices for Kubernetes based applications. As we adopt serverless architecture can we continue to use the same practice? Unfortunately, the answer is no.
In this session, we will discuss:
- The differences between monitoring Kubernetes and serverless based applications
- Best practices for serverless monitoring
- Methods to efficiently troubleshoot serverless based applications
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session, Oleg Chunikhin, CTO of Kublr, describes best practices for “configuration as code” in a Kubernetes environment. He will demonstrate how a properly-constructed containerized app can be deployed to both Amazon and Azure, and how Kubernetes objects, such as persistent volumes, ingress rules and services, can be used to abstract from the infrastructure.
Why pay a lot of money for public and private cloud providers, when you already have your own, free, server farm? I will show you how you can utilize your organizational resources to run serverless functions for free, at scale, using open source serverless platforms (or your own platform), in a few easy steps. This is the next step in cloud/serverless evolution - see my article here: https://firstname.lastname@example.org/you-are-your-own-cloud-7c1cf7256ce2
By now, most of us have experienced the benefits of automated drift detection and reconciliation. Any application running in Kubernetes is benefiting from those. No matter what happens to our resources, Kubernetes will always try to converge the actual into the desired state without human intervention.
Why don't we have those features when working with infrastructure? Why don't we embrace Kubernetes API for everything, and not only for infra? If we do, we'll be able to manage all our resources in the same way and rip the same benefits, no matter whether those resources are applications, infrastructure, services, or anything else.
In this talk, we'll explore the effects of having (and not having) automated drift detection and reconciliation applied on infrastructure and explore Crossplane as one possible solution that enables us to leverage the Kubernetes control plane to manage everything, including infra.
Coined in 1994, “Zero-trust” has only recently come into focus as a powerful tool to combat the recent explosion of cybersecurity attacks. In short, the concept advocates a default posture to deny access under the assumption that nothing in the IT infrastructure can be fully secured. But how does Zero Trust relate to DevSecOps and how can developers work within a Zero Trust framework while still maintaining agility and flexibility? In this session, Anant Misra will guide developers through best practices for upholding Zero Trust principles throughout the application development lifecycle.
Attendees will learn:
1. What Zero Trust DevSecOps means, why it is important, and how it can be used to proactively combat cyberattacks
2. How to set up Zero Trust DevSecOps in their organization
3. How to create a holistic Zero Trust DevSecOps strategy that doesn’t slow down development or release timelines
Understanding what is happening with a solution that is built from multiple components can be challenging. While the solution space for monitoring and application log management is mature, there is a tendency for organizations to end up with multiple tools which overlap in this space to meet different team needs. They also work on aggregate then act, rather than consider things in a more granular way.
FluentD presents us with a means to simplify the monitoring landscape, address challenges of hyper-distribution occurring with microservice solutions, allowing different tools needing log data to help in their different way.
In this session, we’ll explore the challenges of modern log management. How its use can make hybrid and multi-cloud solutions easy to monitor.
PRO TALK (CloudWorld): How an AI Driven Approach Reduces Cloud Cost and Makes Your Kubernetes Infrastructure Autonomous
Measuring and controlling costs in cloud environments is often complex. But it does not need to be. In this session, we will discuss how an AI driven approach renders your cloud native applications on Kubernetes fully autonomous and rightsizes your cluster in sub-minute intervals the cloud compute resources. We will go over an experiment with the deployment of an application, and apply autonomous techniques that fiercely controls and optimizes the cluster.
We will discuss how to control and optimize in minutes the cost of your AWS EKS, Google GKE and Azure AKS applications. Instantly. You will learn about powerful -yet simple- strategies to rightsize your clusters: automated scaling up and scaling down to zero your nodes and pods, smart selection of VM shapes, and the automated use of spot instances.
He will cover points like the current landscape of cybersecurity, strategies for identifying and solving breaches and share examples of the largest vulnerabilities discovered this year.
One of the tough challenges in adopting containers and Kubernetes across all enterprise applications is the availability of shared data services native to Kubernetes. Developers often fraught with making a trade-off between choosing the flexibility that Kubernetes offers vs. enterprise rich data management that comes with traditional IT. This session presents novel architecture principles in delivering a Kubernetes native data store that addresses the needs of cloud native modern applications. The audience will learn about NetApp's shared file service solution that delivers enterprise grade data management to Kubernetes applications.