SlideShare a Scribd company logo

Securing Pivotal Cloud Foundry by Regularly Rebuilding

Download as PPTX, PDF
VMware Tanzu
VMware Tanzu

SpringOne Platform 2018 Securing Pivotal Cloud Foundry by Regularly Rebuilding - Lance Rochelle, Matt Saner

Software
1 of 11
Security Through Repaving Lance Rochelle – Product Owner (Pivotal Cloud Foundry) August 2018 Public Information © 2018 Wells Fargo Bank, N.A. All rights reserved.
22 Introductions Lance Rochelle
33 History of Patching: A Comedy or a Tragedy ~1999 •“Hey, let’s see how long we can keep these servers up and use uptime as a benchmark for stability.” - Super 1337 SysAdmin ~2002 •“We should probably patch. Once a year seems like a pretty good idea, that way we know the server can survive a reboot” – Some CIO, probably ~2004 •“You know, this patching thing isn’t so bad. I bet we could do it twice a year.” – The Business, begrudgingly ~2007 •“About once a quarter there is a new Operating System kernel we should patch to the new kernel a few months after they come out, let’s do once a quarter” – OS Engineers, anxious to engineer ~2012 •“Security would like us to patch ONCE A MONTH?! Who does that, whyyyyyyyy…“ – Everyone and their brother ~2018 •“You know what would be cool, what if we could blow away the entire environment every day and rebuild it from scratch?” – A super smart person
44 What are the Primary Threats and Concerns? Advanced Persistent Threats.APT The state of the environment changing over time Configuration Drift Exploitable “things” that you don’t want in your environmentVulnerabilities Unpatched, out of date, and unmaintained software Technical Debt
55 What is “Repaving”? Principles… 1) Patch early, patch often 2) Gold Images 3) Deploy via Automation 4) Aim for “Cattle” not “Pets” 5) Redeploy Often - Even when you don’t think you have to or need to
66 Automate Platform Patching – BOSH with PCF BOSH is an open source project that unifies release engineering, deployment, and lifecycle management of small and large-scale cloud software. BOSH can provision and deploy software over hundreds of virtual appliances and can also perform monitoring, failure recovery, and software updates with zero-to-minimal downtime. While BOSH was developed to deploy Cloud Foundry PaaS, it can also be used to deploy almost any other software. BOSH is particularly well-suited for large distributed systems. In addition, BOSH supports multiple Infrastructure as a Service (IaaS) providers (VMware vSphere, Google Cloud Platform, Amazon Web Services EC2, Public Azure and some versions of OpenStack)
77 Application Deployment Process https://docs.cloudfoundry.org/concepts/images/app_push_flow_diagram_diego.png
88 Security Threats are Increasing at a Rapid Rate CVE = Common Vulnerabilities and Exposures. The total number of vulnerabilities identified in the wild: • 2015 = 6480 • 2016 = 6447 • 2017 = 14714 • 2018 ≈ 19500+ (estimate from Jan to Aug) The only way to keep up with threats is to automate all updates. https://www.cvedetails.com/browse-by-date.php 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 jan feb mar apr may jun jul aug sep oct nov dec jan feb mar apr may jun jul By Month and CVSS Score Jan 2017 to Jul 2018 0-2.9 3-6.9 7-10+ Total 0 5000 10000 15000 20000 25000 CVE reported
99 Stemcell Scanning is Still Important! PivNet Scanning Agent IaaS (AWS/GCP/vSphere/Azure/OpenStack) Continuous Integration Pipeline Artifact Repository Representative Cluster 1 2 3 5 7
1010 Platform Repaving with BOSH and PCF Pivotal Cloud Foundry – Elastic Runtime Phase 3 Applications Reside on the Diego Cells Application 2 Instance 3 Application 1 Instance 1 Application 2 Instance 1 Application 1 Instance 2 Application 2 Instance 3 Application 1 Instance 3 Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Phase 1 Consul NATS ConsulConsul NATS Diego BBSDiego BBSDiego BBS UAA UAA Cloud Controller Cloud Ctl WorkerCloud Ctl Worker Clock Global Cloud Ctl Worker Diego Brain Diego BrainDiego Brain TCP Router TCP Router TCP Router Doppler ServerDoppler Server Doppler Server Doppler Server Doppler Server Doppler Server Logregator Logregator Logregator Logregator Logregator Logregator Logregator LogregatorLogregator Cloud ControllerCloud Controller Phase 2 Virtual RouterVirtual RouterVirtual Router Virtual Router Virtual Router Virtual Router  Key Point: All servers are immutable Phase 1 All Virtual Appliances are recreated with a new image based on a concurrency value. Phase 2 Traffic is drained automatically from the virtual appliances then the virtual appliance is recreated with a new image and assigned the role of the virtual router. Phase 3 Applications Instances are migrated from a currently running Diego Cell to another Diego Cell.
1111 Thank you! Q&A

Recommended

Microservices in Your Datacenter
Microservices in Your DatacenterMicroservices in Your Datacenter
Microservices in Your DatacenterAmbassador Labs
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021Freddy Rolland
 
Cisco UCS loves Kubernetes, Docker and OpenStack Kolla
Cisco UCS loves Kubernetes, Docker and OpenStack KollaCisco UCS loves Kubernetes, Docker and OpenStack Kolla
Cisco UCS loves Kubernetes, Docker and OpenStack KollaVikram G Hosakote
 
Puppet at the centre of everything
Puppet at the centre of everythingPuppet at the centre of everything
Puppet at the centre of everythingServer Density
 
2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기
2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기
2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기OpenStack Korea Community
 
Rakuten openstack
Rakuten openstackRakuten openstack
Rakuten openstackRakuten Group, Inc.
 
Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017
Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017
Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017Vincent Kok
 

Recommended

Microservices in Your Datacenter
Microservices in Your DatacenterMicroservices in Your Datacenter
Microservices in Your DatacenterAmbassador Labs
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021Freddy Rolland
 
Cisco UCS loves Kubernetes, Docker and OpenStack Kolla
Cisco UCS loves Kubernetes, Docker and OpenStack KollaCisco UCS loves Kubernetes, Docker and OpenStack Kolla
Cisco UCS loves Kubernetes, Docker and OpenStack KollaVikram G Hosakote
 
Puppet at the centre of everything
Puppet at the centre of everythingPuppet at the centre of everything
Puppet at the centre of everythingServer Density
 
2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기
2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기
2018년 3월 정기 세미나 - March 2018 Ops Meetup 후기OpenStack Korea Community
 
Rakuten openstack
Rakuten openstackRakuten openstack
Rakuten openstackRakuten Group, Inc.
 
Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017
Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017
Microservices: 5 Things I Wish I'd Known - Code Motion Milan 2017Vincent Kok
 
Configuring OpenStack to Use the Xen Project Hypervisor
Configuring OpenStack to Use the Xen Project HypervisorConfiguring OpenStack to Use the Xen Project Hypervisor
Configuring OpenStack to Use the Xen Project HypervisorThe Linux Foundation
 
Building Windows - how the bits flow from check-in to the fast-ring
Building Windows - how the bits flow from check-in to the fast-ringBuilding Windows - how the bits flow from check-in to the fast-ring
Building Windows - how the bits flow from check-in to the fast-ringMicrosoft Tech Community
 
Hug #9 who's keeping your secrets
Hug #9 who's keeping your secretsHug #9 who's keeping your secrets
Hug #9 who's keeping your secretsCameron More
 
NexusでAnsibleやってみた
NexusでAnsibleやってみたNexusでAnsibleやってみた
NexusでAnsibleやってみたTakehiro Yokoishi
 
Cloud Surfing: Kubernetes on Mesos
Cloud Surfing: Kubernetes on MesosCloud Surfing: Kubernetes on Mesos
Cloud Surfing: Kubernetes on MesosKubeAcademy
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
 
SharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft AzureSharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft AzureDavide Benvegnù
 
Xen and OpenStack
Xen and OpenStackXen and OpenStack
Xen and OpenStackStefano Stabellini
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible SecurityMajor Hayden
 
OpenStack!
OpenStack!OpenStack!
OpenStack!철민 홍
 
Network Monitoring with Icinga
Network Monitoring with IcingaNetwork Monitoring with Icinga
Network Monitoring with Icingalearjk
 
Have You Seen My Malware?
Have You Seen My Malware?Have You Seen My Malware?
Have You Seen My Malware?midnite_runr
 
Custom Rules & Broken Tools
Custom Rules & Broken ToolsCustom Rules & Broken Tools
Custom Rules & Broken ToolsNotSoSecure Global Services
 
SMART Cloud - K8s in produzione - best practices
SMART Cloud - K8s in produzione - best practices SMART Cloud - K8s in produzione - best practices
SMART Cloud - K8s in produzione - best practices SerenaSensini1
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesSysdig
 
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8s
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8sk8sjp#9 KubeCon - Service Mesh, ML/DL on k8s
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8sJUNICHI YOSHISE
 
CMPS 494 Presentation [Cloud Computing]
CMPS 494 Presentation [Cloud Computing]CMPS 494 Presentation [Cloud Computing]
CMPS 494 Presentation [Cloud Computing]Travis McAdams
 
Building A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and EtcdBuilding A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and EtcdRoss Kukulinski
 
What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityWhat Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityDocker, Inc.
 
Docker 進階實務班
Docker 進階實務班Docker 進階實務班
Docker 進階實務班Philip Zheng
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
Flexible compute
Flexible computeFlexible compute
Flexible computePeter Clapham
 

More Related Content

What's hot

Configuring OpenStack to Use the Xen Project Hypervisor
Configuring OpenStack to Use the Xen Project HypervisorConfiguring OpenStack to Use the Xen Project Hypervisor
Configuring OpenStack to Use the Xen Project HypervisorThe Linux Foundation
 
Building Windows - how the bits flow from check-in to the fast-ring
Building Windows - how the bits flow from check-in to the fast-ringBuilding Windows - how the bits flow from check-in to the fast-ring
Building Windows - how the bits flow from check-in to the fast-ringMicrosoft Tech Community
 
Hug #9 who's keeping your secrets
Hug #9 who's keeping your secretsHug #9 who's keeping your secrets
Hug #9 who's keeping your secretsCameron More
 
NexusでAnsibleやってみた
NexusでAnsibleやってみたNexusでAnsibleやってみた
NexusでAnsibleやってみたTakehiro Yokoishi
 
Cloud Surfing: Kubernetes on Mesos
Cloud Surfing: Kubernetes on MesosCloud Surfing: Kubernetes on Mesos
Cloud Surfing: Kubernetes on MesosKubeAcademy
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
 
SharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft AzureSharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft AzureDavide Benvegnù
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible SecurityMajor Hayden
 
Network Monitoring with Icinga
Network Monitoring with IcingaNetwork Monitoring with Icinga
Network Monitoring with Icingalearjk
 
Have You Seen My Malware?
Have You Seen My Malware?Have You Seen My Malware?
Have You Seen My Malware?midnite_runr
 
SMART Cloud - K8s in produzione - best practices
SMART Cloud - K8s in produzione - best practices SMART Cloud - K8s in produzione - best practices
SMART Cloud - K8s in produzione - best practices SerenaSensini1
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesSysdig
 
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8s
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8sk8sjp#9 KubeCon - Service Mesh, ML/DL on k8s
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8sJUNICHI YOSHISE
 
CMPS 494 Presentation [Cloud Computing]
CMPS 494 Presentation [Cloud Computing]CMPS 494 Presentation [Cloud Computing]
CMPS 494 Presentation [Cloud Computing]Travis McAdams
 
Building A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and EtcdBuilding A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and EtcdRoss Kukulinski
 
What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityWhat Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityDocker, Inc.
 
Docker 進階實務班
Docker 進階實務班Docker 進階實務班
Docker 進階實務班Philip Zheng
 

What's hot (20)

Configuring OpenStack to Use the Xen Project Hypervisor
Configuring OpenStack to Use the Xen Project HypervisorConfiguring OpenStack to Use the Xen Project Hypervisor
Configuring OpenStack to Use the Xen Project Hypervisor
 
Building Windows - how the bits flow from check-in to the fast-ring
Building Windows - how the bits flow from check-in to the fast-ringBuilding Windows - how the bits flow from check-in to the fast-ring
Building Windows - how the bits flow from check-in to the fast-ring
 
Hug #9 who's keeping your secrets
Hug #9 who's keeping your secretsHug #9 who's keeping your secrets
Hug #9 who's keeping your secrets
 
NexusでAnsibleやってみた
NexusでAnsibleやってみたNexusでAnsibleやってみた
NexusでAnsibleやってみた
 
Cloud Surfing: Kubernetes on Mesos
Cloud Surfing: Kubernetes on MesosCloud Surfing: Kubernetes on Mesos
Cloud Surfing: Kubernetes on Mesos
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-Ansible
 
SharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft AzureSharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft Azure
 
Xen and OpenStack
Xen and OpenStackXen and OpenStack
Xen and OpenStack
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible Security
 
OpenStack!
OpenStack!OpenStack!
OpenStack!
 
Network Monitoring with Icinga
Network Monitoring with IcingaNetwork Monitoring with Icinga
Network Monitoring with Icinga
 
Have You Seen My Malware?
Have You Seen My Malware?Have You Seen My Malware?
Have You Seen My Malware?
 
Custom Rules & Broken Tools
Custom Rules & Broken ToolsCustom Rules & Broken Tools
Custom Rules & Broken Tools
 
SMART Cloud - K8s in produzione - best practices
SMART Cloud - K8s in produzione - best practices SMART Cloud - K8s in produzione - best practices
SMART Cloud - K8s in produzione - best practices
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in Kubernetes
 
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8s
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8sk8sjp#9 KubeCon - Service Mesh, ML/DL on k8s
k8sjp#9 KubeCon - Service Mesh, ML/DL on k8s
 
CMPS 494 Presentation [Cloud Computing]
CMPS 494 Presentation [Cloud Computing]CMPS 494 Presentation [Cloud Computing]
CMPS 494 Presentation [Cloud Computing]
 
Building A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and EtcdBuilding A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and Etcd
 
What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityWhat Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
 
Docker 進階實務班
Docker 進階實務班Docker 進階實務班
Docker 進階實務班
 

Similar to Securing Pivotal Cloud Foundry by Regularly Rebuilding

Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitMarco Ferrigno
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps ParadigmNaLUG
 
Evolution of unix environments and the road to faster deployments
Evolution of unix environments and the road to faster deploymentsEvolution of unix environments and the road to faster deployments
Evolution of unix environments and the road to faster deploymentsRakuten Group, Inc.
 
What HPC can learn from DevOps?
What HPC can learn from DevOps?What HPC can learn from DevOps?
What HPC can learn from DevOps?Walid Shaari
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkJames Wickett
 
Successful Patterns for running platforms
Successful Patterns for running platformsSuccessful Patterns for running platforms
Successful Patterns for running platformsPaul Czarkowski
 
AIST Super Green Cloud: lessons learned from the operation and the performanc...
AIST Super Green Cloud: lessons learned from the operation and the performanc...AIST Super Green Cloud: lessons learned from the operation and the performanc...
AIST Super Green Cloud: lessons learned from the operation and the performanc...Ryousei Takano
 
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructuredevopsdaysaustin
 
OpenStack Preso: DevOps on Hybrid Infrastructure
OpenStack Preso: DevOps on Hybrid InfrastructureOpenStack Preso: DevOps on Hybrid Infrastructure
OpenStack Preso: DevOps on Hybrid Infrastructurerhirschfeld
 
Containerizing couchbase with microservice architecture on mesosphere.pptx
Containerizing couchbase with microservice architecture on mesosphere.pptxContainerizing couchbase with microservice architecture on mesosphere.pptx
Containerizing couchbase with microservice architecture on mesosphere.pptxRavi Yadav
 
Continuous Deployment to the Cloud - Topher Bullock
Continuous Deployment to the Cloud - Topher BullockContinuous Deployment to the Cloud - Topher Bullock
Continuous Deployment to the Cloud - Topher BullockVMware Tanzu
 
DevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to HabitatDevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to HabitatJessica DeVita
 
At the Crossroads of HPC and Cloud Computing with Openstack
At the Crossroads of HPC and Cloud Computing with OpenstackAt the Crossroads of HPC and Cloud Computing with Openstack
At the Crossroads of HPC and Cloud Computing with OpenstackRyan Aydelott
 
Don't Fumble the Data! Integrate Database Automation into your DevOps Toolchain
Don't Fumble the Data! Integrate Database Automation into your DevOps ToolchainDon't Fumble the Data! Integrate Database Automation into your DevOps Toolchain
Don't Fumble the Data! Integrate Database Automation into your DevOps ToolchainDevOps.com
 
Lessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to MicroservicesLessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to MicroservicesVMware Tanzu
 
Rancher Rodeo 13 mai 2022
Rancher Rodeo 13 mai 2022Rancher Rodeo 13 mai 2022
Rancher Rodeo 13 mai 2022SUSE
 
Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Vinay Kumar
 

Similar to Securing Pivotal Cloud Foundry by Regularly Rebuilding (20)

Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps Paradigm
 
Evolution of unix environments and the road to faster deployments
Evolution of unix environments and the road to faster deploymentsEvolution of unix environments and the road to faster deployments
Evolution of unix environments and the road to faster deployments
 
What HPC can learn from DevOps?
What HPC can learn from DevOps?What HPC can learn from DevOps?
What HPC can learn from DevOps?
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
 
Successful Patterns for running platforms
Successful Patterns for running platformsSuccessful Patterns for running platforms
Successful Patterns for running platforms
 
AIST Super Green Cloud: lessons learned from the operation and the performanc...
AIST Super Green Cloud: lessons learned from the operation and the performanc...AIST Super Green Cloud: lessons learned from the operation and the performanc...
AIST Super Green Cloud: lessons learned from the operation and the performanc...
 
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
 
OpenStack Preso: DevOps on Hybrid Infrastructure
OpenStack Preso: DevOps on Hybrid InfrastructureOpenStack Preso: DevOps on Hybrid Infrastructure
OpenStack Preso: DevOps on Hybrid Infrastructure
 
Containerizing couchbase with microservice architecture on mesosphere.pptx
Containerizing couchbase with microservice architecture on mesosphere.pptxContainerizing couchbase with microservice architecture on mesosphere.pptx
Containerizing couchbase with microservice architecture on mesosphere.pptx
 
Continuous Deployment to the Cloud - Topher Bullock
Continuous Deployment to the Cloud - Topher BullockContinuous Deployment to the Cloud - Topher Bullock
Continuous Deployment to the Cloud - Topher Bullock
 
DevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to HabitatDevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to Habitat
 
At the Crossroads of HPC and Cloud Computing with Openstack
At the Crossroads of HPC and Cloud Computing with OpenstackAt the Crossroads of HPC and Cloud Computing with Openstack
At the Crossroads of HPC and Cloud Computing with Openstack
 
Don't Fumble the Data! Integrate Database Automation into your DevOps Toolchain
Don't Fumble the Data! Integrate Database Automation into your DevOps ToolchainDon't Fumble the Data! Integrate Database Automation into your DevOps Toolchain
Don't Fumble the Data! Integrate Database Automation into your DevOps Toolchain
 
Lessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to MicroservicesLessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to Microservices
 
Rancher Rodeo 13 mai 2022
Rancher Rodeo 13 mai 2022Rancher Rodeo 13 mai 2022
Rancher Rodeo 13 mai 2022
 
What DevOps Isn't
What DevOps Isn'tWhat DevOps Isn't
What DevOps Isn't
 
Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17
 

More from VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

More from VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Recently uploaded

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 

Recently uploaded (20)

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 

Securing Pivotal Cloud Foundry by Regularly Rebuilding

  • 1. Security Through Repaving Lance Rochelle – Product Owner (Pivotal Cloud Foundry) August 2018 Public Information © 2018 Wells Fargo Bank, N.A. All rights reserved.
  • 3. 33 History of Patching: A Comedy or a Tragedy ~1999 •“Hey, let’s see how long we can keep these servers up and use uptime as a benchmark for stability.” - Super 1337 SysAdmin ~2002 •“We should probably patch. Once a year seems like a pretty good idea, that way we know the server can survive a reboot” – Some CIO, probably ~2004 •“You know, this patching thing isn’t so bad. I bet we could do it twice a year.” – The Business, begrudgingly ~2007 •“About once a quarter there is a new Operating System kernel we should patch to the new kernel a few months after they come out, let’s do once a quarter” – OS Engineers, anxious to engineer ~2012 •“Security would like us to patch ONCE A MONTH?! Who does that, whyyyyyyyy…“ – Everyone and their brother ~2018 •“You know what would be cool, what if we could blow away the entire environment every day and rebuild it from scratch?” – A super smart person
  • 4. 44 What are the Primary Threats and Concerns? Advanced Persistent Threats.APT The state of the environment changing over time Configuration Drift Exploitable “things” that you don’t want in your environmentVulnerabilities Unpatched, out of date, and unmaintained software Technical Debt
  • 5. 55 What is “Repaving”? Principles… 1) Patch early, patch often 2) Gold Images 3) Deploy via Automation 4) Aim for “Cattle” not “Pets” 5) Redeploy Often - Even when you don’t think you have to or need to
  • 6. 66 Automate Platform Patching – BOSH with PCF BOSH is an open source project that unifies release engineering, deployment, and lifecycle management of small and large-scale cloud software. BOSH can provision and deploy software over hundreds of virtual appliances and can also perform monitoring, failure recovery, and software updates with zero-to-minimal downtime. While BOSH was developed to deploy Cloud Foundry PaaS, it can also be used to deploy almost any other software. BOSH is particularly well-suited for large distributed systems. In addition, BOSH supports multiple Infrastructure as a Service (IaaS) providers (VMware vSphere, Google Cloud Platform, Amazon Web Services EC2, Public Azure and some versions of OpenStack)
  • 8. 88 Security Threats are Increasing at a Rapid Rate CVE = Common Vulnerabilities and Exposures. The total number of vulnerabilities identified in the wild: • 2015 = 6480 • 2016 = 6447 • 2017 = 14714 • 2018 ≈ 19500+ (estimate from Jan to Aug) The only way to keep up with threats is to automate all updates. https://www.cvedetails.com/browse-by-date.php 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 jan feb mar apr may jun jul aug sep oct nov dec jan feb mar apr may jun jul By Month and CVSS Score Jan 2017 to Jul 2018 0-2.9 3-6.9 7-10+ Total 0 5000 10000 15000 20000 25000 CVE reported
  • 9. 99 Stemcell Scanning is Still Important! PivNet Scanning Agent IaaS (AWS/GCP/vSphere/Azure/OpenStack) Continuous Integration Pipeline Artifact Repository Representative Cluster 1 2 3 5 7
  • 10. 1010 Platform Repaving with BOSH and PCF Pivotal Cloud Foundry – Elastic Runtime Phase 3 Applications Reside on the Diego Cells Application 2 Instance 3 Application 1 Instance 1 Application 2 Instance 1 Application 1 Instance 2 Application 2 Instance 3 Application 1 Instance 3 Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Diego Cell Phase 1 Consul NATS ConsulConsul NATS Diego BBSDiego BBSDiego BBS UAA UAA Cloud Controller Cloud Ctl WorkerCloud Ctl Worker Clock Global Cloud Ctl Worker Diego Brain Diego BrainDiego Brain TCP Router TCP Router TCP Router Doppler ServerDoppler Server Doppler Server Doppler Server Doppler Server Doppler Server Logregator Logregator Logregator Logregator Logregator Logregator Logregator LogregatorLogregator Cloud ControllerCloud Controller Phase 2 Virtual RouterVirtual RouterVirtual Router Virtual Router Virtual Router Virtual Router  Key Point: All servers are immutable Phase 1 All Virtual Appliances are recreated with a new image based on a concurrency value. Phase 2 Traffic is drained automatically from the virtual appliances then the virtual appliance is recreated with a new image and assigned the role of the virtual router. Phase 3 Applications Instances are migrated from a currently running Diego Cell to another Diego Cell.