The document describes an event called Expert Days 2019 focused on developing secure applications quickly using SUSE CaaS Platform and SUSE Manager. It includes an agenda with topics on IT transformation for innovation, terminology around SUSE CaaS Platform and SUSE Manager, and a live demo of a jTracker microservices application running on containers. Partners BS Company and SUSE will provide real experiences using these open source tools to reduce development time while maintaining enterprise security standards.
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Sviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE Manager
1. Expert Days 2019
Sviluppare velocemente applicazioni sicure con
SUSE CaaS Platform e SUSE Manager
SUSE:
Dario Leidi, Silvio Moioli - Milano
Michele Bologna, Flavio Castelli - Roma
BS COMPANY:
Massimo Montecchi, Roberto Giovanardi
Esperienze reali e casi concreti in cui l’impiego di SUSE CaaS Platform e SUSE Manager,
insieme ad altri strumenti Open Source di CI/CD, hanno permesso di realizzare l’obiettivo di
ridurre il “time to market” nello sviluppo applicativo, mantenendo tuttavia gli standard di
sicurezza richiesti in ambito Enterprise.
2. 2
Agenda
1. Where are we going?
IT transformation for innovation
2. Terminology
around SUSE CaaSP and SUSE Manager
3. Introduction
around SUSE CaaSP and SUSE Manager
4. SecDevOps pipeline: our point of view
5. Live Demo
jTracker: a tracker microservices application on container
6. Q&A
3. 3
● High technology and integrated IT solutions with skilled and certified people
● Focused in the area of catering (collective and commercial) and retail
● Software development and IT and DevOps enterprise services
● Partnerships with the most important certified specializations:
○ SUSE of which we are Solution Partners for SLE4SAP, HA, SLES, SUMA, Enterprise
Storage, CaaS Platform, Cloud Application Platform and OpenStack Cloud;
○ SAP of which we are Build Partner for Hana, B1, Sybase, Cloud and Mobile.
● Others partnership: Microsoft for Azure, IBM for DB2, WebSphere and Blockchain Platform,
Oracle for DB and JEE, Cloudera for Hadoop; VMware for vSphere ESXi; Talend for Open
Studio for Data Integration...
5. 5
Prepare for the Future Now
Transform your IT
infrastructure and application
delivery approach to support
cloud-native applications,
DevOps and CI/CD from the
edge to the core to the cloud
6. 6
Re-define Service Delivery with SUSE
• Faster access to IT resources
• Develop & deliver
new services faster
• Increase
responsiveness
• Improve quality
7. 7
Physical Infrastructure: Multi-platform Servers, Switches, Storage
Container Management
SUSE CaaS Platform
Storage
SUSE Enterprise
Storage
Networking
SDN and NFV
Compute
Virtual Machine
& Container
Multimodal Operating System
SUSE Linux Enterprise Server
Platform as a Service
SUSE Cloud Application Platform
Private Cloud / IaaS
SUSE OpenStack Cloud
Software-defined Infrastructure
SUSE Manager
Infrastructure
& Lifecycle
Management
Application Delivery
SUSE Global
Services
Consulting
Services
Select Services
Premium Support
Services
Services
Business-critical
Applications
Machine
Learning
Business
Analytics
High Performance
Computing
Traditional IT
& Applications
Internet of
Things
Open, Secure, Proven
Public Cloud
SUSE Cloud
Service Provider
Program
SUSE: Underpinning Digital Transformation
10. 10
What is Cloud Native?
"Cloud native technologies empower organizations to build and run scalable
applications in modern, dynamic environments such as public, private, and
hybrid clouds. Containers, service meshes, microservices, immutable
infrastructure, and declarative APIs exemplify the approach.
These techniques enable loosely coupled systems that are resilient,
manageable, and observable. Coupled with robust automation, they allow
engineers to make high-impact changes frequently and predictably with
minimal toil."
1
Definition proposed by the Cloud Native Computing Foundation
12. 12
What is a Microservice?
Variant of SOA architectural style that structures an application as a
collection of loosely coupled services
Services should be fine-grained and use lightweight protocols
Designed to sufficiently decompose the application in order to
facilitate agile application development and deployment
15. 15
Username
Date
$ Amount
Approved Yes/No
Payment v1.6
Real Name
Payment types on file
Purchase History
Supported Payments:
Visa
American Express
Payment v1.7
Real Name
Payment types on file
Purchase History
Supported Payments:
Visa
American Express
Apple Pay
Google Pay
16. 16
Microservices Enable Scale
Z axis – data partitioning
Scale by splitting similar things
Y axis – functional decomposition
Scale by splitting different things
X axis – horizontal decomposition
Scale by cloning
17. 17
Benefits of Microservices
Improves application modularity
Application easier to understand, develop and test
Support parallel development enabling small autonomous teams to
develop, deploy and scale their services independence
Help enable CI/CD & Continuous refactoring
Produce and ship a better quality product, faster
18. 18
Virtualization Review
Define Virtual Machine
• Allocate ram, proc, disk..
Load an OS
• Consume ram, disk and proc
• 2 gig ++ Ram just for OS and space
Customize
• Add bins/libs, App and Data
Stored in a disk image (.vmdk .qcow2)
with additional config info
19. 19
Virtualization Review
Each VM is completely isolated
• Multiple flavors of Linux and Windows
running on same host
Each VM consumes resources
• Host has multiple copies of Guest OS in
Memory
• Wastes resources
Slow to boot (mins..)
20. 20
Containers
Leverage the Host’s Kernel
Very small
• Just contains anything needed that is not in
the host’s kernel
Minimum resources consumed
when launched
Very fast to Launch
Defined by a yaml file
• Always same experience
27. 27
What is SUSE CaaS Platform?
Speed application delivery to improve business agility
SUSE CaaS Platform is an enterprise class
container management solution that
enables IT and DevOps professionals to more
easily deploy, manage, and scale
container-based applications and services.
28. 28
Kubernetes for Container Orchestration
Helps you deploy and run large numbers of containers at scale in a production
ready environment
Deploy
Manage
Scale
Clustered
Allows users to manage applications, not machines
• Complete container orchestration solution
• Open source
• Production grade
• Industry-leading container technology
• Designed by Google, now part of Cloud
Native Computing Foundation
29. 29
Kubernetes Deployment is Not Easy
Kubernetes is great for container orchestration but is
notoriously hard to
• Set up/install
• Configure
• Update
• Manage
• Secure
SUSE CaaS Platform takes this pain away
What used to take hours for skilled engineers can be
done in minutes by junior administrators
30. 30
Helm
Package management for Kubernetes
What is Helm? • Tool to manage Kubernetes application
• Streamlines installation and management
• It’s like ‘zypper’ for Kubernetes
• Helm has two parts: a client (helm) and a server (tiller).
• Tiller runs inside of Kubernetes cluster, and manages
releases (installations) of charts*
• During SUSE CaaS Platform set up the server can be
installed on the Kubernetes cluster and then Helm can be
used to deploy containerized applications.
Why Helm? • Ability to deploy applications from SUSE maintained Helm
charts or from 3rd party sources
• Official tool to deploy containerized products such as SUSE
Cloud Application Platform
• Easy to integrate with SUSE CaaS Platform
* “Helm Chart” is the Kubernetes equivalent of an RPM file
32. 32
Container & Cloud VM Compliance
32
• Validate compliance (patch levels etc.) for systems and containers (CVE Audit)
• OpenSCAP audits now also via Salt
Click here to see
and resolve!
34. 34
Over 30% of all images on the most famous
container Hub contain high priority security
vulnerabilities
Source: https://banyanops.com/blog/analyzing-docker-hub/
36. 36
SUSE CaaSP 4.0 Main Features
OS SLES 15 SP1
Kubernetes 1.14
Default Container Engine Cri-o
Default Network Plugin Cilium (network policies)
Cluster Operations “caaspctl” wrapper
UI CLI/API first (scripting), GUI secondary
K8s Install/Update upstream Kubeadm
Container Delivery containers via SUSE registry
Overhead No admin node needed
Deliverable RPMs, container images (and re-use SLES
install ISOs and virtual images)
37. 37
Cilium CNI plugin CNI in SUSE CaaSP v4
Basato su BPF (Linux kernel)
Protocolli (L7, non solo L3/4)
Identità dei servizi (K8s label)
Zero trust
No degrado prestazionale