Les Rodeos SUSE NeuVector sur la sécurité des conteneurs sont des sessions en ligne gratuites et approfondies, conçues pour les praticiens de tous niveaux.
Les sujets clés qui seront couverts :
- Les défis actuels de la sécurité des conteneurs
- Les capacités de NeuVector
- Le déploiement d'un cluster Kubernetes et NeuVector
- Un aperçu de l'interface utilisateur de NeuVector et de ce à quoi elle ressemble lors du déploiement initial
- Le déploiement d'un exemple d'application sur un cluster
- Ce à quoi il faut s'attendre lorsque votre cluster K8s reçoit une nouvelle application.
- Le comportement de l'application
- Le changement de mode : comment/quand/pourquoi ?
- En bonus : s'amuser avec des scénarios d'attaque
Container security involves securing the host, container content, orchestration, and applications. The document discusses how container isolation evolved over time through namespaces, cgroups, capabilities, and other Linux kernel features. It also covers securing container images, orchestrators, and applications themselves. Emerging technologies like LinuxKit, Katacontainers, and MirageOS aim to provide more lightweight and secure container environments.
Slides du meetup devops aix-marseille d'ocotbre 2023Frederic Leger
Pour ce mois d'octobre, nous vous avons préparé un programme que nous espérons incroyable :
- La sécurité Kube à tous les étages par Hervé Fontbonne, consultant Cloud et DevOps (Les Filles & Les Garçons de la Tech)
- Des superpouvoirs dans kube par Matthis Holleville, Principal Cloud Engineer (Agicap) et mainteneur du projet k8sgpt.ai
Ces présentations seront suivies d'un rapide jeu et du traditionnel apéro !
Merci encore une fois à FGTech de nous accueillir pour cet événement
Une plongée dans le dernières fonctionnalités de SUSE NeuVector 5.0 :
- Détection des attaques WAF (Web Application Firewall)
- Protection automatisée des conteneurs (Zero Drift)
- Analyses des vulnérabilités SLE
- Intégration avec SUSE Rancher 2.6.5
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
1) The document discusses using VXLAN, BGP and EVPN to implement a layer 3 network for a cloud deployment using Ceph and CloudStack. This allows scaling beyond the limits of layer 2 networks and VLANs.
2) Key infrastructure components discussed include Dell S5232F-ON switches running Cumulus Linux, SuperMicro hypervisors and Ceph storage servers using NVMe SSDs.
3) The deployment provides high performance private and public cloud infrastructure with scalable networking and over 650TB of reliable Ceph storage per rack.
This document discusses F5 Distributed Cloud Services, which provides networking, security, and application delivery services across cloud, on-premises, and edge environments from a centralized SaaS console. It addresses challenges like complexity in coordinating technologies, automation, security across attack surfaces, and limited observability. The platform offers a unified view with centralized management, advanced security, full-stack observability, and automation. Use cases include hybrid/multi-cloud networking, web app and API protection, and running apps globally in cloud and edge. It is delivered via F5's global private network and provides value to DevOps, SecOps, and NetOps teams.
Cluster-as-code. The Many Ways towards KubernetesQAware GmbH
iSAQB Software Architecture Gathering – Digital 2022, November 2022, Mario-Leander Reimer (@LeanderReimer, Principal Software Architect bei QAware).
== Dokument bitte herunterladen, falls unscharf! Please download slides if blurred! ==
Kubernetes is the de-facto standard when it comes to container orchestration. But why is there is no established, standard and uniform way to spin-up and manage a single or even a whole farm of Kubernetes clusters yet? Instead, a whole bunch of different and mostly incompatible ways towards Kubernetes exist today. Each with its own pros and cons in regards to ease of use, flexibility and many other requirements. In this session we will have a closer look at the different available options to create, manage and operate Kubernetes clusters at scale.
Container security involves securing the host, container content, orchestration, and applications. The document discusses how container isolation evolved over time through namespaces, cgroups, capabilities, and other Linux kernel features. It also covers securing container images, orchestrators, and applications themselves. Emerging technologies like LinuxKit, Katacontainers, and MirageOS aim to provide more lightweight and secure container environments.
Slides du meetup devops aix-marseille d'ocotbre 2023Frederic Leger
Pour ce mois d'octobre, nous vous avons préparé un programme que nous espérons incroyable :
- La sécurité Kube à tous les étages par Hervé Fontbonne, consultant Cloud et DevOps (Les Filles & Les Garçons de la Tech)
- Des superpouvoirs dans kube par Matthis Holleville, Principal Cloud Engineer (Agicap) et mainteneur du projet k8sgpt.ai
Ces présentations seront suivies d'un rapide jeu et du traditionnel apéro !
Merci encore une fois à FGTech de nous accueillir pour cet événement
Une plongée dans le dernières fonctionnalités de SUSE NeuVector 5.0 :
- Détection des attaques WAF (Web Application Firewall)
- Protection automatisée des conteneurs (Zero Drift)
- Analyses des vulnérabilités SLE
- Intégration avec SUSE Rancher 2.6.5
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
1) The document discusses using VXLAN, BGP and EVPN to implement a layer 3 network for a cloud deployment using Ceph and CloudStack. This allows scaling beyond the limits of layer 2 networks and VLANs.
2) Key infrastructure components discussed include Dell S5232F-ON switches running Cumulus Linux, SuperMicro hypervisors and Ceph storage servers using NVMe SSDs.
3) The deployment provides high performance private and public cloud infrastructure with scalable networking and over 650TB of reliable Ceph storage per rack.
This document discusses F5 Distributed Cloud Services, which provides networking, security, and application delivery services across cloud, on-premises, and edge environments from a centralized SaaS console. It addresses challenges like complexity in coordinating technologies, automation, security across attack surfaces, and limited observability. The platform offers a unified view with centralized management, advanced security, full-stack observability, and automation. Use cases include hybrid/multi-cloud networking, web app and API protection, and running apps globally in cloud and edge. It is delivered via F5's global private network and provides value to DevOps, SecOps, and NetOps teams.
Cluster-as-code. The Many Ways towards KubernetesQAware GmbH
iSAQB Software Architecture Gathering – Digital 2022, November 2022, Mario-Leander Reimer (@LeanderReimer, Principal Software Architect bei QAware).
== Dokument bitte herunterladen, falls unscharf! Please download slides if blurred! ==
Kubernetes is the de-facto standard when it comes to container orchestration. But why is there is no established, standard and uniform way to spin-up and manage a single or even a whole farm of Kubernetes clusters yet? Instead, a whole bunch of different and mostly incompatible ways towards Kubernetes exist today. Each with its own pros and cons in regards to ease of use, flexibility and many other requirements. In this session we will have a closer look at the different available options to create, manage and operate Kubernetes clusters at scale.
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackShapeBlue
Backroll is not only a production-grade KVM backup solution. It is also being integrated inside Apache Cloudstack using the Backup and restore framework. Pierre and Quentin will show how it works, the feature list, and how the integration has been made.
Quentin is in charge of DIMSI custom developments on Apache Cloudstack deployment : customer portal, backup solution. On a daily basis, he helps our customers and our developers to use and embrace Devops methodology, by building CI/CD pipelines (GitLab, Azure Devops), dockerizing apps and automate things as much as possible... When not DevOps'ing, Quentin loves to binge watch series and movies, play with his cat "Boogie" and is a crazy fan of street food.
Grégoire is a software architect who spends most of his time designing infrastructure applications and CRM systems, on-premise or multi-cloud based. He’s been using Apache Cloudstack for many years, and likes to keep knowledge and data outside black-boxes Father of 4 children, you can meet him in Southern Brittany, sailing Hobbie Cat or supporting Lorient football club at Moustoir stadium.
Pierre is in charge of Backroll integration inside Cloudstack. Pierre has a proven track record of successful c# and Java projects. When not playing with his keyboard, Pierre is surfing, WingFoiling or bodyboarding on Brittany coast.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Kubernetes networking allows pods to communicate with each other and services to load balance traffic to pods. The document discusses Kubernetes networking concepts including the network model, pod networking using CNI plugins like Flannel, and different service types such as ClusterIP, NodePort, and Ingress. It provides examples of exposing a Kubernetes service using hostNetwork, hostPort, and NodePort and how network policies are implemented using iptables.
This document provides an overview of a 150-video, 25-hour Palo Alto Networks NGFW advanced training course covering PAN-OS versions 8.0 and 8.1. The course contains 20 modules that cover topics such as networking, security policies, objects, User-ID, authentication, URL filtering, application control, certificates, threat prevention, WildFire, high availability, advanced networking, and VPN. It is designed to prepare students for the PCNSA and PCNSE certification exams but does not cover Panorama, cloud platforms, IPv6, or dynamic routing protocols.
The document discusses routed networks in OpenStack Neutron. It describes how routed networks implement layer 3 connectivity while allowing scalability by associating subnets to network segments. Key points include new Neutron APIs for segments and ports in routed networks, integration with the Nova scheduler, and options for implementing distributed virtual routing with features like floating IPs, multiple availability zones, and BGP routing.
Persistent Storage with Containers with Kubernetes & OpenShiftRed Hat Events
Manually configuring mounts for containers to various network storage platforms and services is tedious and time consuming. OpenShift and Kubernetes provides a rich library of volume plugins that allow authors of containerized applications (Pods) to declaratively specify what the storage requirements for the containers are so that OpenShift can dynamically provision and allocate the storage assets for the specified containers. As the author of the Kubernetes Persistent Volume specification, I will provide an overview of how Persistent Volume plugins work in OpenShift, demo block storage and file storage volume plugins and close with the Red Hat storage roadmap.
Presented at LinuxCon/ContainerCon by Mark Turansky, Principal Software Engineer, Red Hat
Mark Turansky is a Principal Software Engineer at Red Hat and a full-time contributor to the Kubernetes Project. Mark is the author of the Kubernetes Persistent Volume specification and a member of the Red Hat OpenShift Engineering team.
Cilium - Network security for microservicesThomas Graf
The document discusses how BPF and XDP are revolutionizing network security and performance for microservices. BPF allows profiling, tracing, and running programs at the network driver level. It also enables highly performant networking functions like DDoS mitigation using XDP. Cilium uses BPF to provide layer 3-7 network security for microservices with policies based on endpoints, identities, and HTTP protocols. It integrates with Kubernetes to define network policies and secure microservice communication and APIs using eBPF programs for filtering and proxying.
In this presentation, we will cover authenticating guest users with ClearPass with Time Source authentication source and MAC- caching. Check out the webinar recording where this presentation was used:
http://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Guest-with-Mac/td-p/283101
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
Pradeep Kumar Surisetty from Red Hat presented a comparison of native and threaded I/O performance in QEMU disk I/O. He outlined KVM I/O architecture, storage transport options in KVM including virtio-blk configurations, and benchmark tools used. Performance testing was done with various disk types, file systems, images and configurations. Native generally outperformed threads for random I/O workloads, while threads sometimes showed better performance for sequential reads, especially with multiple VMs.
VXLAN Integration with CloudStack was presented at the Advanced Zone CCCEU13 conference in Amsterdam on November 21, 2013. The presentation discussed integrating VXLAN to overcome the VLAN ID limitation in CloudStack and allow for more scalable network isolation. VXLAN was demonstrated working with CloudStack to provide isolated networks and inter-tier connectivity within VPCs while maintaining network isolation. Basic functions like VM connectivity, migration, and network availability were tested under VXLAN and found to work as expected. Feedback was welcomed on the VXLAN integration in CloudStack.
How to Avoid the Top 5 NGINX Configuration MistakesNGINX, Inc.
When helping NGINX users, we see the same configuration mistakes over and over again. Occasionally, these configurations are even written by fellow NGINX engineers!
Some misconfigurations are worse than others. Minor mistakes might just hurt NGINX performance a bit, but others can introduce serious security vulnerabilities. Not only can those mistakes result in data loss, they have the potential to snowball into countless other negative side effects: data breaches, loss of reputation, and ex‑customers.
In this webinar, we explore five of the most prevalent NGINX misconfigurations. Learn how to detect them and – most importantly – how to avoid and correct them.
Kubernetes has two simple but powerful network concepts: every Pod is connected to the same network, and Services let you talk to a Pod by name. Bryan will take you through how these concepts are implemented - Pod Networks via the Container Network Interface (CNI), Service Discovery via kube-dns and Service virtual IPs, then on to how Services are exposed to the rest of the world.
This document summarizes a presentation on the ISO 26262 approval of automotive software components. The presentation discusses ISO 26262 objectives for software, key characteristics of reusable software components, and the integration of qualified software components. It notes that ISO 26262 qualification of software components is possible if components have certain characteristics like modularity and provide documentation like a compliance matrix to guide integrators.
La solution idéale pour sécuriser les infrastructures de conteneurs modernes
- Zero Trust
- Kubernetes Native
- 100% open source
- S'intègre à SUSE Rancher
Agenda :
- Présentation & architecture
- Installation
- Premiers pas
This document provides an installation guide for HPE Data Protector 9.07. It describes how to install the Data Protector Cell Manager, clients, and various integration options. The guide covers installations on Windows, UNIX, Linux and other platforms. It also provides instructions for cluster-aware installations and maintaining the Data Protector installation.
This document discusses Linux huge pages, including:
- What huge pages are and how they can reduce memory management overhead by allocating larger blocks of memory
- How to configure huge pages on Linux, including installing required packages, mounting the huge page filesystem, and setting kernel parameters
- When huge pages should be configured, such as for data-intensive or latency-sensitive applications like databases, but that testing is required due to disadvantages like reduced swappability
1) The document discusses CloudStack networking, including physical networking, storage networking, and guest networking. It describes how different hypervisors map CloudStack network labels to hypervisor interfaces.
2) Storage networks can use a separate physical network for primary storage traffic to isolate it from management and secondary storage traffic.
3) Multiple guest networks allow for isolated and shared guest networks, which have different advantages - isolated networks provide security and isolation while shared networks have higher performance.
Everything you want to know about IngressJanakiram MSV
An Ingress in Kubernetes is a collection of rules that allow inbound connections to reach services. Attend this webinar to learn when to use Ingress controllers. It will cover the types of ingress controllers along with relevant use cases. We will walk
you through a demo of configuring Ingress for a web application.
This document provides release notes for ClearPass 6.4.0, including information about:
1) New features such as enhancements to the Policy Manager, CLI, Guest, Insight, Native Dissolvable Agent, Onboard, and OnGuard.
2) Issues resolved in this release across various ClearPass components.
3) Known issues identified in previous releases of ClearPass that still exist.
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackShapeBlue
Backroll is not only a production-grade KVM backup solution. It is also being integrated inside Apache Cloudstack using the Backup and restore framework. Pierre and Quentin will show how it works, the feature list, and how the integration has been made.
Quentin is in charge of DIMSI custom developments on Apache Cloudstack deployment : customer portal, backup solution. On a daily basis, he helps our customers and our developers to use and embrace Devops methodology, by building CI/CD pipelines (GitLab, Azure Devops), dockerizing apps and automate things as much as possible... When not DevOps'ing, Quentin loves to binge watch series and movies, play with his cat "Boogie" and is a crazy fan of street food.
Grégoire is a software architect who spends most of his time designing infrastructure applications and CRM systems, on-premise or multi-cloud based. He’s been using Apache Cloudstack for many years, and likes to keep knowledge and data outside black-boxes Father of 4 children, you can meet him in Southern Brittany, sailing Hobbie Cat or supporting Lorient football club at Moustoir stadium.
Pierre is in charge of Backroll integration inside Cloudstack. Pierre has a proven track record of successful c# and Java projects. When not playing with his keyboard, Pierre is surfing, WingFoiling or bodyboarding on Brittany coast.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Kubernetes networking allows pods to communicate with each other and services to load balance traffic to pods. The document discusses Kubernetes networking concepts including the network model, pod networking using CNI plugins like Flannel, and different service types such as ClusterIP, NodePort, and Ingress. It provides examples of exposing a Kubernetes service using hostNetwork, hostPort, and NodePort and how network policies are implemented using iptables.
This document provides an overview of a 150-video, 25-hour Palo Alto Networks NGFW advanced training course covering PAN-OS versions 8.0 and 8.1. The course contains 20 modules that cover topics such as networking, security policies, objects, User-ID, authentication, URL filtering, application control, certificates, threat prevention, WildFire, high availability, advanced networking, and VPN. It is designed to prepare students for the PCNSA and PCNSE certification exams but does not cover Panorama, cloud platforms, IPv6, or dynamic routing protocols.
The document discusses routed networks in OpenStack Neutron. It describes how routed networks implement layer 3 connectivity while allowing scalability by associating subnets to network segments. Key points include new Neutron APIs for segments and ports in routed networks, integration with the Nova scheduler, and options for implementing distributed virtual routing with features like floating IPs, multiple availability zones, and BGP routing.
Persistent Storage with Containers with Kubernetes & OpenShiftRed Hat Events
Manually configuring mounts for containers to various network storage platforms and services is tedious and time consuming. OpenShift and Kubernetes provides a rich library of volume plugins that allow authors of containerized applications (Pods) to declaratively specify what the storage requirements for the containers are so that OpenShift can dynamically provision and allocate the storage assets for the specified containers. As the author of the Kubernetes Persistent Volume specification, I will provide an overview of how Persistent Volume plugins work in OpenShift, demo block storage and file storage volume plugins and close with the Red Hat storage roadmap.
Presented at LinuxCon/ContainerCon by Mark Turansky, Principal Software Engineer, Red Hat
Mark Turansky is a Principal Software Engineer at Red Hat and a full-time contributor to the Kubernetes Project. Mark is the author of the Kubernetes Persistent Volume specification and a member of the Red Hat OpenShift Engineering team.
Cilium - Network security for microservicesThomas Graf
The document discusses how BPF and XDP are revolutionizing network security and performance for microservices. BPF allows profiling, tracing, and running programs at the network driver level. It also enables highly performant networking functions like DDoS mitigation using XDP. Cilium uses BPF to provide layer 3-7 network security for microservices with policies based on endpoints, identities, and HTTP protocols. It integrates with Kubernetes to define network policies and secure microservice communication and APIs using eBPF programs for filtering and proxying.
In this presentation, we will cover authenticating guest users with ClearPass with Time Source authentication source and MAC- caching. Check out the webinar recording where this presentation was used:
http://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Guest-with-Mac/td-p/283101
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
Pradeep Kumar Surisetty from Red Hat presented a comparison of native and threaded I/O performance in QEMU disk I/O. He outlined KVM I/O architecture, storage transport options in KVM including virtio-blk configurations, and benchmark tools used. Performance testing was done with various disk types, file systems, images and configurations. Native generally outperformed threads for random I/O workloads, while threads sometimes showed better performance for sequential reads, especially with multiple VMs.
VXLAN Integration with CloudStack was presented at the Advanced Zone CCCEU13 conference in Amsterdam on November 21, 2013. The presentation discussed integrating VXLAN to overcome the VLAN ID limitation in CloudStack and allow for more scalable network isolation. VXLAN was demonstrated working with CloudStack to provide isolated networks and inter-tier connectivity within VPCs while maintaining network isolation. Basic functions like VM connectivity, migration, and network availability were tested under VXLAN and found to work as expected. Feedback was welcomed on the VXLAN integration in CloudStack.
How to Avoid the Top 5 NGINX Configuration MistakesNGINX, Inc.
When helping NGINX users, we see the same configuration mistakes over and over again. Occasionally, these configurations are even written by fellow NGINX engineers!
Some misconfigurations are worse than others. Minor mistakes might just hurt NGINX performance a bit, but others can introduce serious security vulnerabilities. Not only can those mistakes result in data loss, they have the potential to snowball into countless other negative side effects: data breaches, loss of reputation, and ex‑customers.
In this webinar, we explore five of the most prevalent NGINX misconfigurations. Learn how to detect them and – most importantly – how to avoid and correct them.
Kubernetes has two simple but powerful network concepts: every Pod is connected to the same network, and Services let you talk to a Pod by name. Bryan will take you through how these concepts are implemented - Pod Networks via the Container Network Interface (CNI), Service Discovery via kube-dns and Service virtual IPs, then on to how Services are exposed to the rest of the world.
This document summarizes a presentation on the ISO 26262 approval of automotive software components. The presentation discusses ISO 26262 objectives for software, key characteristics of reusable software components, and the integration of qualified software components. It notes that ISO 26262 qualification of software components is possible if components have certain characteristics like modularity and provide documentation like a compliance matrix to guide integrators.
La solution idéale pour sécuriser les infrastructures de conteneurs modernes
- Zero Trust
- Kubernetes Native
- 100% open source
- S'intègre à SUSE Rancher
Agenda :
- Présentation & architecture
- Installation
- Premiers pas
This document provides an installation guide for HPE Data Protector 9.07. It describes how to install the Data Protector Cell Manager, clients, and various integration options. The guide covers installations on Windows, UNIX, Linux and other platforms. It also provides instructions for cluster-aware installations and maintaining the Data Protector installation.
This document discusses Linux huge pages, including:
- What huge pages are and how they can reduce memory management overhead by allocating larger blocks of memory
- How to configure huge pages on Linux, including installing required packages, mounting the huge page filesystem, and setting kernel parameters
- When huge pages should be configured, such as for data-intensive or latency-sensitive applications like databases, but that testing is required due to disadvantages like reduced swappability
1) The document discusses CloudStack networking, including physical networking, storage networking, and guest networking. It describes how different hypervisors map CloudStack network labels to hypervisor interfaces.
2) Storage networks can use a separate physical network for primary storage traffic to isolate it from management and secondary storage traffic.
3) Multiple guest networks allow for isolated and shared guest networks, which have different advantages - isolated networks provide security and isolation while shared networks have higher performance.
Everything you want to know about IngressJanakiram MSV
An Ingress in Kubernetes is a collection of rules that allow inbound connections to reach services. Attend this webinar to learn when to use Ingress controllers. It will cover the types of ingress controllers along with relevant use cases. We will walk
you through a demo of configuring Ingress for a web application.
This document provides release notes for ClearPass 6.4.0, including information about:
1) New features such as enhancements to the Policy Manager, CLI, Guest, Insight, Native Dissolvable Agent, Onboard, and OnGuard.
2) Issues resolved in this release across various ClearPass components.
3) Known issues identified in previous releases of ClearPass that still exist.
Azure IaaS : concevoir en architecture sécurisée en tirant bénéfice des nouve...Microsoft Technet France
Panorama des fonctionnalités disponibles et des nouveautés dans Azure IaaS comme les groupes de sécurité réseau, la centralisation des événements de sécurité ou le nouveau service de protection Azure Key Vault en partenariat avec Thalès.
Azure IaaS : concevoir en architecture sécurisée en tirant bénéfice des nouve...Microsoft Décideurs IT
Panorama des fonctionnalités disponibles et des nouveautés dans Azure IaaS comme les groupes de sécurité réseau, la centralisation des événements de sécurité ou le nouveau service de protection Azure Key Vault en partenariat avec Thalès.
La Duck Conf - Continuous Security : Secure a DevOps World!OCTO Technology
La sécurité peut-elle être vue autrement qu’un milestone de fin de projet ?Nous vous parlerons d'intégration continue et des moyens existants pour ajouter dès aujourd'hui la problématique de sécurité dans votre pipeline.
Tour de France Azure PaaS 4/7 Sécuriser la solutionAlex Danvy
La sécurité revêt de multiple aspects. Nous passerons en revue les différents domaines où elle tient un rôle important. Des contrôles d'accès jusqu'à l'exécution de code en passant par l'analyse des sources et le chiffrement, entre autres, nous verrons les outils et méthodes qui peuvent nous aider à améliorer la sécurisation des solutions.
GAB 2017 PARIS - La santé de votre environnement Azure par Manon Pernin et Ma...AZUG FR
Après des chemins sinueux, les différents services Azure s’harmonisent enfin leurs stratégies de monitoring. Focus sur Azure Monitor et ses fonctionnalités, ainsi que les modalités d'intégration entre un service, Azure Monitor, et des briques analytiques en aval: Application Insights, ou Log Analytics
La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...Marius Zaharia
Après des chemins sinueux, les différents services Azure s’harmonisent enfin leurs stratégies de monitoring. Focus sur Azure Monitor et ses fonctionnalités, ainsi que les modalités d'intégration entre un service, Azure Monitor, et des briques analytiques en aval: Application Insights, ou Log Analytics.
Au programme :
- Aperçu de Docker et Kubernetes
- Déploiement de Rancher
- Machine Provisioning
- Installation du serveur de Rancher
- Présentation de l'interface graphique
- Installation du cluster Kubernetes
- Management du cluster Kubernetes
- Déploiement applicatif
Harvester est une solution d’hyperconvergence
Les nœuds baremetal forment des clusters
Des machines virtuelles sont produites et stockées
Compute et Stockage partagent leurs ressources et s’étendent
Open-source, programmable, résilient, scalable et avec une interface agréable…
Au programme :
Architecture
Pratique & Cas d’utilisation
Rancher et Kubernetes sont le moteur de la majorité des applications modernes en production. Mais la chaine d'automatisation permettant de livrer du code l'esprit léger commence bien plus en amont grace à un outillage Open Source.
Au programme :
- Commit Code : Avec Gitlab et les outils de collaboration
- Build Image : Toujours plus de fiabilité avec les images SLE Base Container Image
- Store in Registry : Archivage et scan de vulnérabilité avec Harbor
- Test & Go : Livraison en continue avec le mode GitOps et Rancher Fleet
CentOS Linux 8 a atteint le stade de "fin de vie" (EOL) le 31 décembre dernier. Depuis le 1er janvier 2022, CentOS Stream est donc devenu uniquement une branche de développement de Red Hat.
Quelles sont les conséquences pratiques de ce changement annoncé quelques mois auparavant ?
Quelles différences entre Red Hat / CentOS et SUSE / openSUSE ?
Quelles solutions s’offrent à vous pour préserver la stabilité de votre infrastructure Linux ?
This document provides an agenda for a Rancher Rodeo presentation on March 18th, 2022. It will cover installing and demoing Rancher Server, deploying a Kubernetes cluster, and deploying sample applications. Presenters are listed along with their contact details. The objectives and prerequisites for the presentation are also outlined. A schedule of future Rancher Rodeo events is provided.
Au programme :
- Exemple d'architecture chez un client
- Infrastructure as Code et cycle de vie
- Prise en main : log et monitoring
- Day 2 : backup avec Longhorn, mises à jour, gestion de la scalabilité
Replay du webinar sur https://www.youtube.com/watch?v=zDPlFbTKoAs
This document discusses SUSE and Rancher integration and continuous integration. It provides an overview of SUSE's portfolio, defines continuous integration, and describes the components involved. It then demonstrates a code assembly pipeline where code is committed, built into a container image, pushed to a registry, deployed to a Kubernetes cluster, and tested. The pipeline is triggered by code commits and managed by GitLab.
Présentation de notre webinar du 27 janvier 2022.
Replay disponible sur https://more.suse.com/FY22Q1_FM_EM-SO-FR_SR_CLDNT_WEB_Harvester_Launch_Meetup_FR_RegistrationPage.html
• L'importance du Edge Computing dans les innovations à venir
• De la cafetière au satellite, une solution pour plusieurs Edge ?
• Les challenge de la sécurité et de la maintenance pour le Edge
• Démonstration des solutions SUSE Rancher avec k3s
• Success Stories dans l'industrie
This document discusses how QA testing is done for HA and SAP on SUSE Linux Enterprise products. It describes how openQA automation has reduced manual testing time significantly while still being indispensable. OpenQA is then introduced, including its architecture and capabilities. Finally, details are provided on the HA and SAP test extensions created for openQA, covering the types of tests implemented.
Expert Day 2019 - Automated SAP HANA deployments et TerraformSUSE
This document discusses using Terraform to automate the deployment of SAP HANA SR clusters in public and private clouds. The goals of the project are to facilitate repeatable environment deployments, test SUSE cloud images, unify deployment code, and support multiple clouds with a single codebase. Terraform is used to create infrastructure like VMs and networks, while Salt is used for configuration management and provisioning tasks like installing SAP HANA and configuring high availability. The project provides examples deploying a 2-node SAP HANA cluster on AWS.
This document discusses SUSE's container and cloud application platforms:
- SUSE CaaS Platform and SUSE Cloud Application Platform enable containerized application delivery using containers and Kubernetes.
- CaaS Platform 4 introduces new features including Kubernetes 1.14, Cilium networking, and Skuba installation.
- Cloud Application Platform provides a containerized developer experience on Kubernetes that is optimized for cloud native applications.
- Both platforms offer enterprise-grade Linux containers and open source software for transforming application delivery with containers and microservices.
This document provides an overview of the new features and updates in SUSE OpenStack Cloud 9, including support for multi-attached storage, Ironic improvements, and functionality from previous versions. It also discusses upcoming plans for SUSE OpenStack Cloud 10, such as containerized OpenStack deployment using Kubernetes and Airship, scalability improvements, and SDN integration.
SUSE Manager 4.0 introduces new features that increase heterogeneity, performance, and control. Key additions include support for Ubuntu, improved content lifecycle management, Kiwi image building, virtual machine management, Grafana/Prometheus-based monitoring, Salt batching for performance, and an alternate download endpoint for reliability.
The SUSE Public Beta Program provides early access to pre-release SUSE products such as SUSE Linux Enterprise, SUSE OpenStack Cloud, SUSE Enterprise Storage, and SUSE Manager. Participation benefits all parties by improving quality, documentation, and allowing testing in various environments. Current beta products include SLE 12 SP5, Containerized SUSE OpenStack Cloud, and SUSE CaaS Platform 4.0. Upcoming betas are SLE 15 SP2 and new versions of SUSE OpenStack Cloud, SUSE Enterprise Storage, and SUSE Manager around mid-2020.
This document contains the agenda for the SUSE Expert Day 2019 event. The agenda includes:
- A breakfast and welcome from 09:00-09:45
- An introduction and overview of the agenda from 09:50-10:00
- Presentations on the SUSE beta program, new SUSE Manager features, OpenStack strategies, Ceph architectures, SAP automation with Terraform, CAASP and CAP, SLES release processes, and OpenQA testing methods throughout the day
- Networking over lunch from 12:15-13:30
This document outlines the roadmap and features for SUSE Linux Enterprise 15. Key points include:
- SLE 15 will have a 13 year lifecycle with service packs and long term service pack support.
- It follows a "tick-tock" release approach with odd versions focusing on bugfixes and even versions including new features and kernel updates.
- SLE 15 uses a modular approach where components are delivered as modules, allowing flexible configuration of products.
- New features in SLE 15 include improved search capabilities, a unified installer, transactional updates, updated scripting languages and applications, Btrfs improvements, and quarterly updates starting with SP1.
Software-defined Datacenter Maintenance - No More Sleepless Nights and Long W...SUSE
how SUSE Manager can help you to make maintenance easier. Meaning not sitting behind your monitor in the weekend of in the middle of the night. What would be easier if you get a mail telling you when something failed. The complete maintenance should be automated. Video on https://youtu.be/_-cGTAlvN3Q
Case study : New SAP S/4HANA on SUSE Implementation Business Benefits AchievedSUSE
With SAP S/4HANA on SUSE Linux Enterprise Server, AM General was able to successfully achieve many business benefits including enhanced data processes and procedures, reduce their overall data legacy footprint, and optimize maintenance of their SAP landscape with a low risk approach moving forward. Protera FlexBridge provided an automated assessment, project plan generation, and migration platform to help AM General successfully migrate to SAP S/4HANA on SUSE.