Tuesday, September 14, 2021
Kubernetes is great, but complex — and the learning curve is steep. Some might even call it frustrating. After all, application developers should be making great applications, not struggling with the complexities of Kubernetes. And operations teams shouldn't be biting their nails over developers having direct Kubernetes cluster write access.
Lagoon solves this (and more). It reduces the initial Kubernetes knowledge required from developers by providing easy to use application templates that involve just a couple lines of code. It does this with fully automated deployment on every branch commit or pull request. This removes the need for developers to have write access to the Kubernetes cluster and makes your operation teams happier.
Lagoon is fully configurable and flexible, and supports your developers in learning (and loving!) Kubernetes.
The Space Shuttle was the most advanced machine ever designed. It was a triumph and a marvel of the modern world.
And on January 1986, the shuttle Challenger disintegrated seconds after launch. This session will discuss how and why the disaster occurred and what lessons modern DevOps and Site Reliability Engineers should learn from it.
The Challenger disaster was not only a failure of the technology, but a failure of the engineering and management culture in NASA. While engineers were aware of problems in the technology stack, there was not enough awareness of the risks they actually posed to the spacecraft. Management had shifted the focus from “prove that it’s safe to launch” to “prove that it’s unsafe to stop the launch”.
This session will present the risk analysis (or lack thereof) of the Shuttle program and draw parallels to modern software development. In the end, launching a shuttle is an extremely complex deployment to the cloud… and above it.
Modern environments such as Kubernetes and serverless, have made it easy to manage and scale microservices but observability into these environments is still a challenge for DevOps. In this session, we will describe how to use user request flows to build intuition about your architecture and build resilient applications. We will also dive into correlating metrics, events, & logs using distributed tracing, and creating alerts for anomalies detected in your environments.
Observability is critical for any application. Polyglot microservices-based applications, hosted on ephemeral environments such as containers and serverless technologies, make it increasingly important to have the right tools, frameworks, and processes to understand application behavior, performance, and health. Done correctly, Observability helps reduce Mean Time To Resolution (MTTR) when troubleshooting complex problems, and can help improve customer satisfaction. Whatever your role - developer, cloud operator, or business person - you need to be able to visualize, inspect, and comprehend telemetry data. AWS offers a variety of services and options to help you gain comprehensive Observability of your applications, whatever the environment. In this session, we will show how you can implement Observability for your .NET applications with logs, metrics, and traces, unlocking your ability to build better systems and increase operational efficiency. You will learn AWS best practices for implementing Observability with services including CloudWatch, X-Ray, Amazon Manager Service for Prometheus (AMP), Amazon Managed Service for Grafana (AMG), and AWS Distro for OpenTelemetry.
Why are enterprise organizations making a move from on-premise solutions to completely cloud-native? What does that mean for improving, scaling, and securing their CI/CD pipelines? And what exactly is continuous packaging, anyway?
Join Cloudsmith’s Dan McKinney in this session as he answers all of these questions, helping attendees understand the true difference between cloud-hosted and cloud-native, how to get started with migrating to a cloud-native solution, and the true benefits of being entirely within the cloud.
The Journey of achieving No-Ops (No-Operations) always begins with 2 key objectives
• Extreme automation
• No “dedicated” infrastructure teams, ever!
In this era of tech-evolution, even though we are already in the middle of Industry 4.0 revolution, there is no unified / singular framework to adopt No-Ops. Everyone has a different take of what No-Ops to them means. While for some the idea of evolving their systems to minimal operations is exciting, for a few – its more of a way to refine management of teams & channelize their efforts into something towards development. Whatever it may be, loosing operations specialists is still a long distant dream. Maybe we are so dependent on Managed-Ops, that plugging it off “majorly” is a nightmare to even think of.
The continuous growth of the CD tooling with a plethora of extensions made available to the DevOps ecosystem, even though we have significantly achieved & reaped quantifiable benefits from this implementation – scaling this across the organizational divisions is becoming a visible challenge.
Introducing more evolutionary controls such as templating provisioning & orchestration, immunizing integrations & connectors, adding extended & deep monitoring systems etc., Uncertainty & Unreliability still is a common problem across transformation scoring charts.
Revolutionary processes like Chaos Engineering, Auto-Enabled SRE, AIOps are creating aspirational backlogs for BU’s who are still struggling to manage their existing implementation
Operations (Ops) amalgamated with development transformational ways of using microservices, containerization etc. applications are becoming indeed complex to manage as well.
Current Ops management is already beyond the scope of manual management & it will eventually become worse in the years to come because of the growing complexity of applications.
It’s time to introduce a friend, DevOps & CD automation needed since a good long time. Welcome No-Ops!
Few key highlights of the talk would be:
1. In DevOps Ecosystem
a. With Speed & Agility comes Responsibility
b. The Human limitations aspect of evolution
2. DevOps + AIOps – How will the match be?
3. AIOps – Few Key Enablers
a. Market Analysis – what the future beholds
b. How to integrate with your current tools
a. The Entire Framework
b. How DevOps is to be extended, properly with AIOps
c. How it enables SRE Teams
d. Interesting Use Cases
5. The Road Ahead
Persistent storage is one of the most difficult challenges to solve for Kubernetes workloads especially when integrating with continuous deployment solutions. The session will provide the audience with an overview of how to address persistent storage for stateful workload the Kubernetes way and how to operationalize with a common CD practice like GitOps
Your company’s “digital transformation” will be driven by new application designs and methods, new technology stacks, and new processes. To master it, and delivering next generation services through it, massively complex sets of signals and data need to be leveraged, processed, and acted on. Developers need integrated data and insights through that noise, while being able to leverage their tools of choice. All of this must be managed, even in spite of massive rates of change and innovation. The challenge is determining who or what is going to do that work, where the work gets done, and how the business benefits from it. This session focuses on methods to overcome the complexity of digital transformation in the cloud and drive operational maturity despite constant change across applications, digital services, and products.
Application performance metrics are a top priority for Developers and Engineering teams, as they have to ensure their applications are running properly at all times, handling high fluctuations in demand and scale. All while keeping in mind the rising and changing cloud costs that come with the territory.
In this session, Ezequiel will go over the internals of profiling in production and explain how this practice provides teams with deeper visibility into their workloads at scale, enabling them to optimize performance. He'll then go over a real-life use-case of how profiling our own workloads, managing millions of events per second, improved our CPU utilization, and reduced it from 80% to 15%.
After the rush to take advantage of cloud native application development and tools like Kubernetes, DevOps teams now have a lot more to think about. In many cases, DevOps adopted early continuous integration/continuous deployment (CI/CD) pipeline tools such as Jenkins, and are now attempting to apply them in cloud native scenarios where they aren’t the appropriate fit they once were. Cloud native pulls the developer down to infrastructure-related operations, and the current CD tools cannot help bring back the application-level context that developers once had before moving to a microservices architecture – hence, adding more complexity to the development workflow and observability of applications post-deployment. DevOps teams also face new challenges in application policy management, especially so in closely regulated industries, as they adapt their processes to establish trust and security in cloud native environments. At the same time, DevOps needs to reevaluate approaches to automation and strategies for eliminating human error, as cloud and Kubernetes deployments have ushered in a return of very manual and tedious efforts.
This session digs into details around three cloud native 2.0 strategies that DevOps teams ought to consider sooner than later to stay on top of a fast-changing ecosystem: 1) how to build CI/CD pipelines with greater interoperability and composability, 2) how and why to harness application policy management, and 3) how to balance automation and audits
Event-driven, real-time development in the cloud is a major part of many organizations’ digital transformation initiatives and businesses realize that data is the currency of competitive advantage. Event-driven applications must consume, enrich, and deliver data securely in real-time, and efficiently at scale. Therefore, the size of data packets, speed and frequency of data transmission and update, and the “intelligence” of data handling, are critical to successfully running mission-critical, corporate applications and making time-sensitive business decisions.
The core expertise of many companies lies in the development of their business applications, not in developing streaming data technology. As organizations everywhere move to the cloud, the demand for the dynamic enrichment, management and security of real-time, inflight data is critical. The fundamental challenge of developing event-driven, real-time applications and systems for the cloud, is managing the complexity of the end-to-end journey from sources to recipients of the highly “perishable” data – fast, reliably, securely, often in large volume, and sometimes to many recipients (hundreds of thousands of applications, systems, and devices concurrently). This talk will highlight how an Intelligent Event Data Platform enables organizations to accelerate innovation and deliver game-changing, real-time applications to market faster, while significantly reducing the cost of software development and operations.
This session will include information about how popular open source has become and how it is driving innovation for enterprises in today's market. Open source allows enterprises to get value to market faster, and ensure the survival of many businesses. But open source software (OSS) has recently been an attack vector and focus for cybercrime syndicates. How can you protect yourself? What are you up against? We will also cover how the Struts2 vulnerability, a common java OSS component, led to the attack and breach of several financial institutions. In this workshop, we will set up the Struts2 application and walk through not only how to exploit it, but also how to protect yourself from this attack.
The CNCF project OpenTelemetry is increasingly becoming the standard for getting reliable and consistent application and machine data to your monitoring and observability tools. Many organizations are realizing the power of decoupling their metric, log, traces and span data collection from their monitoring stack. Giving them more freedom, and capabilities, to improve the observability of their application. Allowing organizations to be more consistent and have more confidence in supporting their applications. In this session learn about.
1.) What is OpenTelemetry
2.) What is the architecture of the OpenTelemetry Collector (OTel)
3.) How do you build a strategy around OpenTelemetry
4.) How do you get started with OTel
Standardizing on OpenTelemetry makes your application more observable, and helps your organization implement better observability and monitoring practices.
In this session you will get to know how to deploy the Open Source Vault(which cannot be clustered) on top of NFS Backend(Vault doesn't support NFS natively) using Consul and couple of utility tools like Vault Initializer and Vault Load Balancer.
Wednesday, September 15, 2021
There are many, many resources for DevOps engineers: learning paths, guides and tutorials for using tools such as Terraform, Packer and Ansible to save time in provisioning and configuring reliable, predictable systems. This session looks at the other side of the equation: creating the plugins, modules and providers that abstract away upstream APIs for use by DevOps tools.
Director of Developer Evangelism Pat Patterson will explain how Citrix implemented DevOps tooling for its App Delivery & Security products, and how the company is working with its community to create tooling for its Virtual Apps & Desktops Service. Pat will explain the different approaches to creating tooling, trade-offs between them, and the lessons that Citrix has learned along the way. This session will NOT be death-by-PowerPoint! Come prepared for semi-colons, curly braces and monospaced text!
Understanding what is happening with a solution that is built from multiple components can be challenging. While the solution space for monitoring and application log management is mature, there is a tendency for organizations to end up with multiple tools which overlap in this space to meet different team needs. They also work on aggregate then act, rather than consider things in a more granular way.
FluentD presents us with a means to simplify the monitoring landscape, address challenges of hyper-distribution occurring with microservice solutions, allowing different tools needing log data to help in their different way.
In this session, we’ll explore the challenges of modern log management. How its use can make hybrid and multi-cloud solutions easy to monitor.
OPEN TALK: Synthetic Monitoring and Single Page Apps: How to Increase Control, Visibility, and PerformanceJoin on Hopin
For web developers or SREs leveraging Single Page Applications, client-side rendering can create challenges of control, visibility, and understanding user experience. Modern synthetic monitoring promises deeper understanding and visibility into user experience in pre-production, and after deployment. Join Developer and Technology Advocates Tetiana Kelly and Scott Mason, as they discuss how they leveraged synthetic monitoring to identify performance improvement opportunities for Splunk’s global SPA, The Quest for Observability. From measuring user experiences across geographies, to compression and image optimization opportunities, this talk provides best practices and lessons learned to help engineers deploy better SPAs.
In the course of your day as an SRE, or DevOps, or SysAdmin, your knowledge and expertise are in high demand. You can’t do every task every person in your org needs from you without the help of comprehensive automation.
Automation can be tricky. Some systems aren’t built with automation in mind, but assume that a human being will be there to keep an eye on things and fix errors on the fly, and we can’t be everywhere when there’s too much to do.
Plus, you want to provide access to automation for the right folks and keep a record of when the tools were used.
In this workshop, we’ll cover some things to keep in mind when you’re building out your automation library, characteristics of good automation, and give you a look at PagerDuty Rundeck, a platform that will help you share your expertise with other folks in your organization.
Build automation that works for you and gives you your time back!
Most organizations considering open source and open core cloud technologies understand they need to rigorously evaluate the software’s licensing terms and gauge the long-term health of its community and ecosystem. What still happens less frequently – but is just as crucial to these risk assessments – is developing a thorough understanding of the business models governing the commercial organizations attached to each solution being considered. You must discern the underlying motivations of the vendors or technology providers you depend on to deliver or support open source data-layer software (as well as those vendors with strong influence over its development and maintenance). By acutely understanding these incentives, you can identify if, where, and how they may map to possible risks to your enterprise’s adoption and ongoing open source implementation. Don’t limit the assessment to licenses and community health -- although both are still very key variables.
This session will discuss specifics on what you need to look for and consider when vetting open source technologies in the cloud as offered by:
-- Businesses using OSS as the foundation of their own intellectual property
-- Businesses that maintain total control offer the OSS they offer
-- Major cloud providers
The rate of innovation in the cloud software industry is accelerating at an unprecedented pace. There are many benefits to all of this exciting innovation, like pushing the bar on things that used to require specialized hardware that can now be done exclusively in software. It truly is an exciting time to be a software engineer working in cloud.
However there is a critical factor to consider with all of this change and innovation, and that is getting technology to a production-ready state in a rapidly changing innovation landscape. It takes time to make a product stable, scalable and secure. By the time that happens, it seems that the industry has moved on to greener pastures, and the production-ready technology appears old and stale. Could we be innovating ourselves out of production environments?
This talk will share practical steps on how to maintain production-ready quality when chasing after the next ‘shiny new thing’ in cloud innovation.
Distributed systems, microservices, containers/schedulers, continuous delivery … we’ve been through one paradigm shift after another when it comes to architecture, but when it comes to observability we’re still using crufty old logging and metrics and dashboards that haven't been innovative since the LAMP stack era. And guess what? These tools completely fall apart past a certain level of complexity. Let’s dig into some of the deep technical reasons why this is happening and talk about some newer approaches to debugging complex systems when every single request into a system must be identifiable and aggregatable (e.g. honeycomb, distributed tracing). Why are events better than metrics? What is cardinality and why does it matter? And what is the difference between monitoring and observability, anyhow? Come find out.
OPEN TALK: Cybersecurity at a Global Scale: Addressing Next Generation Supply Chain Issues in Open Source EcosystemsJoin on Hopin
The landscape of cybersecurity is rapidly changing. Traditional, or “Legacy Attacks” used to target code downstream in open source code running in production, but the next generation of attacks is in manufacturing upstream Typo-squatting campaigns, Malicious Code Injection directly at source and Tool Tampering in development stream, all of which pose risks from the biggest corporations to the smallest hobbyist project as we all rely on the same open source ecosystems to do our work. The reality of the modern development landscape is that in a world of continuous integration and delivery, we have to start thinking about continuous security in open source security. This talk will describe the security taxonomy that offers the ability to detect, report and resolve vulnerability and malware attacks before they make their way into our applications, and to provide actionable recommendations when new vulnerabilities in distributions are surfaced in open source repositories.