Barcelona Summit Notes: OpenStack Security on Track

da Agency

Barcelona Summit Notes: OpenStack Security on Track

The post Barcelona Summit Notes: OpenStack Security on Track appeared first on Mirantis | The Pure Play OpenStack Company.
This is a brief overview of the Security track at OpenStack Summit Barcelona. Spend just five minutes and keep up with the state of security developments.

Holistic Security for OpenStack Clouds
The security track started on Wednesday with ‘Holistic Security for OpenStack Clouds’ by Major Hayden, principal architect at Rackspace, where he said that ‘Securing OpenStack can feel like taking a trip to the Upside Down’.
He suggested that to cope with the challenge of securing complex systems, you need to follow the holistic approach. Don’t just secure the outer perimeter with an expensive firewall with ‘laser beams’, but also provide small security improvements at multiple layers, both inside and outside the perimeter.

In particular, Major recommended separating the control plane, hypervisors, and tenants’ infrastructure by setting up the trust boundaries for traffic traveling between these three, for example by enabling SELinux and AppArmor on hypervisors.
The advice given by Major regarding control plane security includes:

Monitoring messaging and database performance to look for anomalies or unauthorized access
Using unique credentials for RabbitMQ and for each database
Limiting communication between OpenStack services using, for example, iptables
Giving each service a different keystone account with different credentials
Monitoring for high bandwidth usage and high connection counts

You can find more OpenStack security recommendations in Mirantis Security Best Practices.
Advanced Threat Protection and Kubernetes
Intel, along with Midokura and Forcepoint, presented the use case of bringing advanced threat protection to Kubernetes. The solution uses the OpenStack Kuryr project to redirect traffic from Neutron-managed networks to security Pods for inspection using Neutron&8217;s service-chaining.
ACL is not Security
During the security part of the talk, Forcepoint pointed out that ‘ACL is not security’ and L4-L7 inspection is needed to catch the targeted attacks, for example, because targeted attacks proliferate across the networks by infecting one machine or network after another, gaining privileges and acting as an internal entity allowed by ACLs and bypassing firewalls.

The demo showed the shellshock attack on the vulnerable Web server run as a k8s Pod being blocked by the preconfigured containerized NGFW by Forcepoint. To send the packets from the Neutron network to the NGFW virtual service, the Intel Open Security Controller calls the Neutron API to redirect packets through Kuryr to the k8s security container. Intel Open Security Controller now has basic Kubernetes support highlighted in the demo by Manish Dave, Platform Architect from Intel, in addition to OpenStack support, which was presented in Tokyo a year ago.

Watch on YouTube: https://www.youtube.com/watch?v=5b8jYYS389g
Container Security and CIA
If the previous talk was about security on containers, the next one was about security of the container itself, presented by Scott McCarty, Senior Strategist from Red Hat, who looked into container security from the perspective of CIA (confidentiality, integrity, and availability).
He started this talk with a vivid example from his life of how his house had been robbed and what measures he took to protect his valuables in the future, trying to explain how much security is enough when managing risks.
The one risk with containers is that despite the fact that they leverage OS processes isolation, they still share the same kernel, which can be exploited to elevate privileges. Isolation is still one of the main concerns when creating secure infrastructure. Another container content that needs verification and validation before going to production.
Scott showed how you can run, for example, a read-only container with enabled SELinux that limits access to the container’s data so that it&8217;s available only for the process of running the container.

Watch on YouTube: https://www.youtube.com/watch?v=wKT191Ak9fA
Incident Response and Anomaly Detection
Grant Murphy, Security Architect from IBM, showed a good demo in his talk “Incident Response and Anomaly Detection Using Osquery”, during which he ran a malware sample that was a simple remote shell. That demo backdoor adds a reference to crontab to download itself to be persistent, establishes a connection to a remote server, and removes its executable from disk. In the demo, Grant showed how to trace all these activities with the help of simple SQL-style requests by osquery. Next, he showed how to configure osquery for OpenStack and query information from running OpenStack services. Osquery, in fact, has many features for monitoring, auditing, and intrusion detection with support for Yara rules, and is used by Facebook, Airbnb, Git, and Heroku.

Watch on YouTube: https://www.youtube.com/watch?v=5b8jYYS389g
Cloud Forensics vs. OpenStack
Incident response in the cloud was also in the focus of the  “Cloud Forensics vs. OpenStack” panel where experts Kim Hindart, CSO of City Network, Anders Carlsson, forensic expert from BTH, and the author of this article discussed the issues related to digital forensics in the cloud. One thing we discussed is comprehensive logging enablement as a way to mitigate a repudiation attack and find the traces of the attacker when an incident happens. For example, it is recommended to log both successful and unsuccessful login attempts. While the second ones may indicate a brute-force attack, the first ones can point to elevation of privileges that result from compromised credentials.
Another highlighted issue was exfiltrating digital evidence in a multi-tenant environment. For example, accessing Compute node logs that represent digital evidence may lead to confidentiality violations if the node includes additional tenants who are not related to the incident.
The OpenStack forensic tool (FROST) was the first and only attempt to create a forensic data acquisition solution. Introduced in 2013, it unfortunately has not gained support.
At the end of the panel, experts gave recommendations on how to prepare your organization for the inevitable security attack, with the consensus being that the best way to handle an incident is to prevent or block the attack at the very beginning, thus, simplifying the investigation process and minimizing losses.

Watch on YouTube: https://www.youtube.com/watch?v=cqZV3k0pUiw
Compliance: The EU General Data Protection Regulation (GDPR) is coming
Kim Hindart from City Network informed the audience that the EU General Data Protection Regulation (GDPR) is coming. Companies based outside the EU that provide services to EU citizens have until the 25th of May 2018 to make their cloud compliant. Otherwise, companies will be penalized with a fine of up to 20,000,000 EUR, or up to 4% of the total worldwide annual turnover.

Watch on YouTube: https://www.youtube.com/watch?v=c-7QQ5Eg__Y
The topic of HIPAA and PCI DSS compliance in OpenStack was also addressed by Blue Box Cloud DevOps. Watch on YouTube: https://www.youtube.com/watch?v=XHFM_1G-Hog
The state of OpenStack security
Robert Clark from IBM, the current PTL of the OpenStack Security project, reported the state of their work, as usual. He started with the Keystone, Barbican (secrets manager), and Castellan (key management interface to enable multiple key managers) projects.

The Threat Analysis process and Syntribos (the fuzzy testing framework for finding vulnerabilities in the API) were the main focus of the presentation, however. For example, Rob introduced the results of the threat analysis process for the Barbican project and ran the demo through SQL injection tests using Syntribos. At the end, he brought up  the idea of a security incubator aimed at assisting small projects in security not necessarily related to OpenStack but primarily applied to or consumed by OpenStack projects.

Watch on YouTube: https://www.youtube.com/watch?v=GvunSafycX8
Secure Image Management Infrastructure
Symantec presented secure image management infrastructure designed to solve the problem of using and updating images that may contain vulnerabilities. At Symantec (as well as at Mirantis), vulnerability scanning is considered an essential part of the image validation process for securing customers&8217; clouds.
The speakers, Brad Pokorny, Timothy Symanczyk, and Richard Gooch, showed the magic of real-time image recovery done by the Dominator image supervisor in response to unsolicited image modification, which in the demo was deletion of files. Dominator initially calculates the hashes of all the files in the image and keeps the golden image in the machine database. Then, if file modification is detected, Dominator immediately recovers modified/deleted files based on the golden image the VM is supposed to have. This helps to mitigate image tampering attacks and keep the integrity of data, configuration files, and applications delivered within the image. For example, it could protect VMs against attacks by cryptolockers – ransomware that encrypts files to demand a ransom for their recovery, such as Linux.Encoder.1, which attacked Linux Web servers through a vulnerability in the Magento CMS platform.

Watch on YouTube: https://www.youtube.com/watch?v=vuL7in9CxHY
So that&8217;s it for this year. What&8217;s your most important security concern? Let us know in the comments!
The post Barcelona Summit Notes: OpenStack Security on Track appeared first on Mirantis | The Pure Play OpenStack Company.
Quelle: Mirantis

da Agency

DockerCon Returns to Europe in 2017

DockerCon is making its return to Europe next year! DockerCon Europe will be held in the beautiful city of Copenhagen, Denmark at Bella Center Cope
nhagen from October 16 – October 18, 2017. We plan on opening the week on Monday, October 16 with paid trainings and workshops, then General Session will kick off the conference the morning of Tuesday October 17 and the conference will continue through Wednesday October 18.
Three reasons why we are excited about DockerCon Europe in Copenhagen
 

On behalf of the entire Docker team, it’s safe to say that we cannot wait to reunite with the Docker Community in Europe under one roof again! Local Docker Meetup chapters take place every week to fuel the community enthusiasm, but there is something special about coming together for DockerCon and collaborating, learning and networking as a big group.

Recently remodeled in 2014/2015, the Bella Center Copenhagen is an ultra-modern event space featuring Scandinavian design throughout including open space with lots of indoor greenery. Bella Center Copenhagen is also one of the most sustainable venues in the world. They practice waste sorting in 16 categories, have an 850 kW wind turbine on-site for energy, as well as a living roof that is home to one million bees!

Another fun fact: Did you know that over one million people visit the mermaid statue in Copenhagen, inspired by Hans Christian Andersen’s The Little Mermaid fairytale? With all of the aquatic references throughout the city, we can’t wait to see what Moby scenes Docker illustrator Laurel will come up with!

Stay tuned in the upcoming months for both DockerCon US (April 17-20, 2017 in Austin, Texas) and DockerCon EU news including ticket sales and call for papers. In the meantime, catch up on all past DockerCon action and be sure to save the dates!
 

The post DockerCon Returns to Europe in 2017 appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Exciting news from CheConf

Eclipse Che is a developer workspace server and cloud IDE. With Che, you can define a workspace with the project code files and all of their dependencies necessary to edit, build, run, and debug them. You can share your workspaces with other team members. And Che drives Codenvy, cloud workspaces for development teams, with access control and other features.
 
Today in the keynote at CheConf 2016, Tyler Jewell made several #Docker related announcements.

Che runs on your machine as a Docker container, and generates other containers for workspaces making it a fully Dockerized IDE.
Docker now powers the Che CLI, including most Che utilities like IP lookup, curl, compiling Che, versioning, launching.
Che has added support for Docker Compose files in workspaces, making it really easy to write and debug Compose-based applications, right in Che.
Che agents, such as SSH or language servers for intellisense, are deployed as containers.
Chedir is a command line utility for converting source repos into Dockerized workspaces.
Che is now available in the Docker Store.
Codenvy is packaged as a set of Docker containers. With docker-compose up you start up ten docker containers that run Codenvy on your network.
Codenvy also uses Docker Swarm as the clustering and workspace distribution technology. Before the end of the year, Che and Codenvy will have an identical CLI – so anywhere Docker exists, you can run Che or a clustered Codenvy deployment with the same syntax.

This is all pretty exciting. We’ve been happy to work with Codenvy on this project. After the keynote at CheConf, Docker’s own Patrick Chanezon led a session: Docker 101 & Why Docker Powers Che and here are the slides.

Docker 101 Checonf 2016 from Patrick Chanezon

More importantly, we wanted to get to work directly on Che, which is the fastest moving project under the Eclipse umbrella. So we’re happy to announce that Docker is joining the Eclipse Project! We look forward to working more with Eclipse and Codenvy going forward.
So check out the Che documentation, and Che in the Docker Store. And check out our other developer tools labs in the Docker Labs repo on GitHub. We’ll be adding in some Che content going forward.

Exciting news from #CheConf2016: Docker Compose powers @eclipse_che Click To Tweet

The post Exciting news from CheConf appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Introducing Image Signing Policy in Docker Datacenter

My colleague colleague Ying Li and I recently blogged about Securing the Software Supply Chain and drew the analogy between traditional physical supply chains and the creation, building, and deployment involved in a software supply chain. We believe that a software pipeline that can be verified at every stage is an important step in raising the security bar for all software, and we didn’t stop at simply presenting the idea.

Integrated Content Trust and Image Signing Policy
In the recent release of Docker Datacenter,  we announced a new feature that starts to brings these security capabilities together along the software supply chain. Built on Notary, a signing infrastructure based on The Update Framework (TUF), along with Docker Content Trust (DCT), an integration of the Notary toolchain into the Docker client, DDC now allows administrators to set up signing policies that prevent untrusted content from being deployed.
In this release of DDC, the Docker Trusted Registry (DTR) now also ships with integrated Notary services. This means you’re ready to start using DCT and the new Signing Policy features out of the box! No separate server and database to install, configure and connect to the registry.

Bringing it all together
Image signing is important for image creators to provide a proof of origin and verification through a digital signature of that image. Because an image is built in layers and passes through many different stages and is touched by different systems and teams, the ability to tie this together with a central policy ensures a greater level of application security.
In the web UI under settings, the admin can enable Content Trust to enforce that only signed images can be deployed to the DDC managed cluster. As part of that configuration, the admin can also select which signatures are required in order for that image to be deployed.

The configuration screen prompts the admin to select any number of teams from which a signature is required. A team in DDC can be defined as automated systems (Build / CI) or people in your organization.
The diagram below shows a sample workflow where the Content Trust Settings are required to check for CI and QA.

Stage 1: Developer checks in code and kicks of an integration test. Code passes CI and automatically triggers a new image build, signature and push to Docker Trusted Registry (DTR).
Stage 2: QA team pulls image from DTR, performs additional testing and once completed (and passes), signs and pushes the image to DTR
Stage 3: Release engineering goes to deploy the image to the production cluster. Since the Content Trust setting requires a signature from both CI and QA, DDC will check the image for both signatures and since they exist (in our example) will deploy the container.

We are excited to introduce this feature to our enterprise users to increase the security of their software supply chain and add a level of automated enforcement of policies that can be set up centrally.  As applications scale and teams grow, these features help provide assurances with proof of content origin, safe transport and that the approval gates have been met before deploying to production.
Download the free 30 day evaluation of Docker Datacenter to get started today.

#DockerDatacenter offers enhanced security w/layered image signing & policy enforcementClick To Tweet

Learn More

Save your seat: Demo webinar – Tomorrow Wed Nov. 16th
Learn more by visiting the Docker Datacenter webpage
See What’s New in Docker Datacenter
Read the blog about the Secure Software Supply Chain
Sign up for a free 30 day trial license

The post Introducing Image Signing Policy in Docker Datacenter appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

What should operators consider when deploying NFV

The post What should operators consider when deploying NFV appeared first on Mirantis | The Pure Play OpenStack Company.
NFV comes with big promises and one of the key drivers for NFV is to allow operators to rapidly launch and scale new applications. Today, if an operator wants to launch a new application, the process can be rather complex. It requires a lot of preparation and planning as the data center space has to be allocated, specialized servers, networking and storage have to be acquired. It has to be architected for 5 nines of availability plus integrated with other network elements. Given the costs involved in this process, every project is scrutinized by finance departments and this cautious approach leaves very little room for innovation.
In an NFV world, every application is a piece of software that can run on virtualized servers, storage and networks. Keeping the hardware separate from software gives a new level of flexibility. NFV infrastructure is built as a utility, and when it is time to launch new applications, you do not have to worry about such things as finding racks or integrating servers or even the storage. All of this is already provided by NFV and it is just a matter of allocating the right resources.
Additionally, integration becomes easier as networks are virtualized and pre-integrated. This works fine — as long as the application is simple and not subscriber-aware. If the application is subscriber aware, it needs to integrate with provisioning systems, and for a typical operator this can be a nine- to twelve-month long process that can cost up to a million dollars per integration. Therefore, for subscriber-aware applications, the agility of NFV can be easily lost.
Fortunately, you can recover that agility by using a built-in virtual User Data Repository (vUDR, or Subscriber Data Management as a Service) as part of your NFV infrastructure. reason some of the more forward-looking operators are placing a vUDR as one of the first subscriber-aware applications in the NFV cloud.
There are clear benefits to this approach. Once the vUDR is in place, all subscriber-related information is readily available to applications that want to use it. New applications launched on NFV don’t need a one-to-one provisioning integration and operators can start enjoying ‘agility’ for subscriber-aware applications too.
Subscriber Data Management (SDM) is a mission critical application. Before any voice connection can be established, any data service accessed, or any message sent, internal systems need to authenticate a subscriber and their device to authorize their request. For a communications network, SDM is the life-giving oxygen – services simply cannot be offered without authenticating the subscriber. Openwave Mobility vUDR SDM solution has been validated within Mirantis OpenStack environment and deploying it as the first NFV application helps operators maximize the Agility benefit promised by NFV.
Openwave Mobility vUDR is validated with Mirantis Openstack
Openwave Mobility vUDR is the industry’s first NFV-enabled Subscriber Data Management solution, and has been deployed by several tier one operators globally to manage subscriber profile data across voice and data networks.
Openwave Mobility’s cloud-based vUDR goes above and beyond traditional UDR systems.  Built-in federation and replication means that network applications can read and write data from any data center or data silo, and while the NFV infrastructure is typically built using commodity servers that provide 99.9% availability at best, by using proprietary software processes, Openwave Mobility&8217;s vUDR is able to deliver 99.999% (five-nines) availability on commodity virtual machines.  vUDR is nevertheless lightweight and agile, and it has enabled our customers to on-board new applications in just two weeks, compared to the average subscriber data provisioning integration that can take nine months.
Openwave Mobility’s vUDR, has been validated within the Mirantis OpenStack environment. It provides the crucial SDM element for NFV clouds so that operators who deploy it can truly realize the agility that NFV promises.
The post What should operators consider when deploying NFV appeared first on Mirantis | The Pure Play OpenStack Company.
Quelle: Mirantis

da Agency

Docker Datacenter adds enterprise orchestration, security policy and refreshed UI

Today we are excited to introduce new additions to Docker Datacenter, our Container as a Service (CaaS) platform for enterprise IT and application teams. Docker Datacenter provides an integrated platform for developers and IT operations teams to collaborate securely on the application lifecycle. Built on the foundation of Docker Engine, Docker Datacenter (DDC) also provides integrated orchestration, management and security around managing resources like access, images, applications, networks and more across the cluster.

This latest release of Docker Datacenter includes a number of new features and improvements focused in the following areas:

Enterprise orchestration and operations to make running and operating multi container applications simple, secure and scalable
Integrated end to end security to cover all of the components and people that interact with the application pipeline
User experience and performance improvements ensure that even the most complex operations are handled efficiently

Let’s dig into some of the new features.
Enterprise orchestration with backward compatibility
This release of Docker Datacenter not only integrates the built in orchestration capabilities of Docker Engine 1.12 utilizing swarm mode and services, but also provides backwards compatibility for standalone containers using the docker run commands. To help enterprise application teams migrate, it is important for us to provide this continuity and time for applications to be updated to services while still supporting environments that may contain both new Docker services and individual Docker containers. We do this by simultaneously enabling swarm mode and running warm containers across the same cluster of nodes. This is completely transparent to the user; it’s all handled as part of the DDC installation and there is nothing for the admin to configure.  The applications built with Docker Compose (version 2) files on Docker Engine 1.10 and 1.11 will continue to operate when deployed to the 1.12 cluster running DDC.
Docker Services, Load Balancing and Service Discovery
We’ve talked about Docker Services before with 1.12, where every Docker Service can easily scale out to add additional instances by declaring a desired start. This enables you to create a replicated, distributed, load balanced process on a swarm, which includes a virtual IP (VIP) and internal load balancing using IPVS. This can all be addressed through Docker Datacenter as well through both the CLI and new refreshed GUI that walks through the process of creating and managing services, especially if you’re new to the concept. You can also optionally add HTTP hostname-based routing using an experimental feature called HTTP Routing Mesh.
 
 
 
Integrated Image Signing and Policy Enforcement
To enable a secure software supply chain requires building security directly into the platform and making it a natural part of any admin tasks. In this release of Docker Datacenter we advance content security with an integration to Docker Content Trust in both a  seamless installation experience and also the ability to enforce deployment policy in the cluster based on the  image signatures. Stay tuned as our security team has a detailed blog on this later this week.
 
Refreshed User Interface and New Features
Providing an intuitive UI that is robust and easy to use is paramount to operating applications at scale, especially applications that can be comprised of tens or even hundreds of different containers that are rapidly changing. With this release we took the opportunity to refresh the GUI as we added more resources to manage and configuration screens.
 
Integrating orchestration into Docker Datacenter also means exposing many of these new capabilities directly in the GUI.  One example is the ability to deploy services directly from the DDC UI. You can simply type all of the parameters like service name, image name, the number of replicas and permissions for this service.
 
In addition to deploying services, new capabilities have been added to the web UI like:

Node Management: The ability to add, remove, pause nodes and drain containers from the node.You can also manage labels and SAN (Subject Alternative Name) for certificates assigned to each node.
Tag Metadata: Within the image repository, DDC now displays additional metadata for each tag that’s pushed to the repository, to provide greater visibility to what’s happening and who’s pushing changes with each image.
Container Health Checks: Introduced in Docker Engine 1.12 command line is available in the Docker Datacenter UI as part of the container details page.
Access Control for Networks: Now networks can be assigned labels for granular levels of access control, just like services and containers.
DTR Installer: The commands to deploy the Trusted Registry are now available from inside the UI so it’s easier than ever to get working as quickly as possible.
Expanded Storage Support for images: we’ve added and enhanced support for image storage including new support for Google Cloud Storage, S3 Compatible Object Storage (e.g. IBM Cleversafe) and enhanced configuration for NFS.

This is a jam packed release of big and small features – all designed to bring more agility and control to the enterprise application pipeline. Our goal is to make it easy for application teams to build and operate dockerized workloads in the infrastructure they already have. Don’t miss the demo webinar on Wednesday to check out the new features in real time.
Learn More

Save your seat: Demo webinar on Wed Nov. 16th
Learn more by visiting the Docker Datacenter webpage
Sign up for a free 30 day trial license

Check out the latest #DockerDatacenter w/ more security, new GUI and built in orchestrationClick To Tweet

The post Docker Datacenter adds enterprise orchestration, security policy and refreshed UI appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Docker Online Meetup #46: Introduction to InfraKit

In case you missed it, Solomon Hykes (#Docker Founder and CTO) open sourced #InfraKit during his keynote address at LinuxCon Europe in Berlin last month. InfraKit is a declarative management toolkit for orchestrating infrastructure built by two Docker core team engineers, David Chung and Bill Farner. Read this blog post to learn more about InfraKit origins, internals and plugins including groups, instances and flavors.
During this online meetup, David and Bill explained what InfraKit is, what problems it solves, some use cases, how you can contribute and what’s coming next.
InfraKit is being developed at  github.com/docker/infrakit.
 

 

There are many ways you can participate in the development of InfraKit and influence the roadmap:

Star the project on GitHub to follow issues and development
Help define and implement new and interesting plugins
Instance plugins to support different infrastructure providers
Flavor plugins to support a variety of systems like etcd or mysql clusters
Group controller plugins like metrics-driven auto scaling and more
Help define interfaces and implement new infrastructure resource types for things like load balancers, networks and storage volume provisioners

Check out the InfraKit repository README for more info, a quick tutorial and to start experimenting — from plain files to Terraform integration to building a Zookeeper ensemble.  Have a look, explore and send us a PR or open an issue with your ideas!

Check out the video and slides from docker Online meetup #46 – intro to infrakit by @wfarnerClick To Tweet

The post Docker Online Meetup 46: Introduction to InfraKit appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Docker at Tech Field Day 12

Docker will be presenting at Tech Field Day 12, and you can sit in on the sessions – at least virtually.
Tech Field Day is an opportunity for IT practitioners to hear from some of the leading technology companies, and Docker is excited to be participating again. Many thanks to Stephen Foskett and Tom Hollingsworth for cultivating a vibrant community of technical leaders and evangelists and inviting us to participate. Looking forward to meeting more of the delegates.
Our session will be Wednesday, November 16th, from 4:30 to 6:30pm Pacific. We have a full slate of topics including:

Docker Datacenter: What is Docker Datacenter and how can it help organizations implement their own Container as a Service platform.
Docker for Windows Server: An overview of the integration of Docker containers and Windows Server 2016.
Docker for AWS and Docker for Azure: Learn about the easiest way to deploy and manage clusters of Docker hosts on both Azure and AWS.
Docker Security: We’ll discuss how to implement a secure software supply chain with Docker.
Docker Networking: A conversation on how Docker allows developers to define container centric networks that run on top of your existing infrastructure.

Not at the event? You will be able to watch live streams of all these presentations here.
Finally, If you’d like to check out videos of presentations from previous Tech Field Day events visit our page on the Tech Field Day site.
See you online!
More Resources:

Watch live: All the presentations
View On Demand: Sessions from previous events
Learn More about Docker
Try Docker Datacenter free for 30 days

Watch #TFD12 live to learn about #DockerDatacenter, Networking, Security and moreClick To Tweet

The post Docker at Tech Field Day 12 appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

New Dockercast episode and interview with Docker Captain Laura Frank

We recently had the opportunity to catch up with the amazing Laura Frank. Laura is a developer focused on making tools for other developers.As an engineer at Codeship, she works on improving the Docker infrastructure and overall experience for users on Codeship. Previously, she worked on several open source projects to support Docker in the early stages of the project, including Panamax and ImageLayers. She currently lives in Berlin.
Laura is also a Docker Captain, a distinction that Docker awards select members of the community that are experts in their field and passionate about sharing their Docker knowledge with others.
As we do with all of these podcasts, we begin with a little bit of history of “How did you get here?” Then we dive into the Codeship offering and how it optimizes its delivery flow by using Docker containers for everything.  We then end up with a “What’s the coolest Docker story you have?”  I hope you enjoy  – please feel free to comment and leave suggestions.
 

In addition to the questions covered in the podcast, we’ve had the chance to ask Laura for a couple additional questions below.
How has Docker impacted what you do on a daily basis?
I’m lucky to work with Docker every day in my role as an engineer at Codeship. In addition to appreciating  the technical aspects of Docker, I really enjoy seeing the different ways the Docker ecosystem as a whole empowers engineering teams to move faster. Docker is really impactful at two levels: we can use Docker to simplify the way we build and distribute software. But we can also solve problems in more unique ways because containerization is more accessible. It’s not just about running a production application in containers; you can use Docker to provide a distributed system of containers in order to scale up and down and handle task processing in interesting ways. To me, Docker is really about reducing friction in the development process and allowing engineers to focus on the stuff we’re best at — solving complex problems in interesting ways.
As a Docker Captain, how do you share that learning with the community?
I’m usually in front of a crowd, talking through a set of problems that can be solved with Docker. There are lots of great ways to share information with others, from writing a blog post or presenting a webinar, to answering questions at a meetup. I’m very hands on when it comes to helping people wrap their heads around the questions they have when using Docker. I think the best way to help is to open my laptop and work through the issues together.
Since Docker has is such a complex and vast ecosystem, it’s important that Captains, and all of us who lead different areas of the Docker community, understand that each person has different levels of expertise with different components. The goal isn’t to impress people with how smart you are or what cool things you’ve built; the goal is to help your peers become better at what they do. But, the most important point is that everyone has something to contribute to the community.
Who are you when you’re not online?
I really love to get far away from computers when I’m not at work. I think there are so many other interesting parts of me that aren’t related to the work I do in the Docker community, and are separate from me as a technologist. You have to strike the right balance to stay focused and healthy. I love to adventure outdoors &8212; canoeing and kayaking in the summer in addition to, running around the city, hiking, and camping. Eliminating distractions and giving my brain some time to recover helps me think more clearly and strategically during the week.
How did you first get involved with Docker?
In 2013, I worked at HP Cloud on an infrastructure engineering team, and someone shared Solomon’s lightning talk from PyCon in an IRC or HipChat channel. I remember being really intrigued by the technical complexity and greater vision that he expressed. Later, my boss from HP left to join CenturyLink Labs, where he was building out a team to work on Docker-related developer tools, and a handful of us went with him. It was a huge gamble. There wasn’t much in the way of dev tools built around Docker, and those projects were really fun and exciting to work on, because we were just figuring out everything as we went along. My team was behind Panamax, ImageLayers, Lorry, and Dray, to name a few. If someone were to take me back to 2013 and tell me that this weirdly obscure new project would be the thing I spend 100% of my time working with, I wouldn’t have believed them, but I’m really glad it’s true.
If you could switch your job with anyone else, whose job would you want?
I’d be a pilot. I think it also shares common qualities with my role as an engineer &8212; I love the high-level view and seeing lots of complex systems working together. Plus, I think I’d look pretty cool in a tactical jumpsuit. Maybe I’ll float that idea by the rest of the engineers on my team as a possible dress code update.
Do you have a favorite quote?
“Don’t half-ass two things. Whole-ass one thing” &8211; Ron Swanson. It’s really tempting to try to learn everything about everything, especially related to technology that is constantly changing. The Docker world can be pretty chaotic. Sometimes it’s better to slow down, focus on one component of the ecosystem, and rely on the expertise of your peers for guidance in other areas. The Docker Community is great place to see this in action, because you simply can’t do it all yourself. You have to rely on the contributions of others. And you know, finish unloading the dishwasher before starting to clean the bathroom. Ron Swanson is a wise man in all areas of life.
 
The post New Dockercast episode and interview with Docker Captain Laura Frank appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Recapping OpenStack Summit Barcelona

More than 5,200 OpenStack professionals and enthusiasts gathered in Barcelona, Spain to attend the 2016 OpenStack Summit. From the keynotes to the break-out sessions to the marketplace to the evening events and the project work sessions on Friday, there was plenty to keep attendees busy throughout the week. In fact, if you were one of the lucky ones who attended OpenStack Summit, there was probably many sessions and activities you wanted to make it to but couldn’t.
Red Hat was very busy throughout the week as well, as we participated in 49 sessions, staffed a booth in the marketplace with five demo stations, announced several new and exciting customers, hosted and co-hosted evening events throughout the week, and held hands-on, intensive training through OpenStack Academy. So if you weren&8217;t able to make it to every Red Hat session, or couldn&8217;t go to the Summit at all, here is a recap of everything we did.
Announcements
With Ericsson, we announced a new alliance to enable the adoption of open source solutions. In addition, we announced several new customers who are having great success with OpenStack in deployment:

Swisscom Guides Customers into the Digital Age with Red Hat OpenStack Platform and Red Hat Virtualization
Produban Chooses Red Hat as Technology Partner to Deliver Modern Cloud Services with Kubernetes and Containers on OpenStack
Communications Leaders Choose Red Hat OpenStack Platform for Powering Cloud Deployments to Deliver New Services
UKCloud Creates an Open Source Alternative for UK Public Sector with Red Hat OpenStack Platform

Finally, we announced the results of our second annual customer survey, gathering their thoughts on key topics related to OpenStack, including deployment, management tools, and containers.
Sessions
Dozens of Red Hat&8217;s OpenStack experts delivered or co-delivered almost 50 sessions at OpenStack Summit. Here is a listing of them all, with links to the recorded version.

Red Hat: Leveraging CI/CD to Improve OpenStack Operations
Maria Bracho, Daniel Sheppard (Rackspace)

Deploying and Operating a Production Application Cloud with OpenStack
Chris Wright, Pere Monclus (PLUMgrid), Sandra O&8217;Boyle (Heavy Reading), Marcel Haerry (Swisscom)

Delivering Composable NFV Services for Business, Residential & Mobile Edge
Azhar Sayeed, Sharad Ashlawat (PLUMgrid)

Evolution of the Modern Day Service Provider Needs

Al Sadowski, Group 451
Radhesh Balakrishnan, Red Hat

I found a security bug, what happen&8217;s next?
Tristan de Cacqueray and Matthew Booth

Failed OpenStack Update?! Now What?
Roger Lopez

OpenStack Scale and Performance Testing with Browbeat
Will Foster, Sai Sindhur Malleni, Alex Krzos

Mobile Edge Computing in support of IoT

Sanjay Aiyagari, Red Hat
Pierre Olivier Mathys, Red Hat

OpenStack and the Orchestration Options for Telecom / NFV
Chris Wright, Tobias Ford (AT&T), Hui Deng (China Mobile), Diego Lopez Garcia (Telefonica)

How to Work Upstream with OpenStack
Julien Danjou, Ashiq Khan (NTT), Ryota Mibu (NEC)

OpenStack and Ansible: Automation born in the Cloud
Keith Tenzer

Message Routing: a next-generation alternative to RabbitMQ
Kenneth Giusti, Andrew Smith

Deploying Containers at Scale on OpenStack

Steve Gordon, Principal Product Manager, Red Hat OpenStack Platform

Pushing your QA upstream
Rodrigo Duarte Sousa

TryStack: The Free OpenStack Community Sandbox
Will Foster, Kambiz Aghaiepour

Panel: Meeting The Largest Service Provider’s Needs with an Ecosystem Approach

Susan James, Ericsson
Darrell Jordan Smith, Red Hat
Mark McCloughlin, Red Hat
Ian Hood, Red Hat
Lew Tucker, Cisco

Kerberos and Health Checks and Bare Metal, Oh My! Updates to OpenStack Sahara in Newton
Elise Gafford, Nikita Konovalov (Mirantis), Vitaly Gridnev (Mirantis)

Red Hat discovery session: Key considerations for a successful OpenStack deployment

Bart van den Heuvel, Manager, Consulting Services
Alberto Garcia, Senior Cloud Architect

Feeling a bit deprecated? We are too. Let&8217;s work together to embrace the OpenStack Unified CLI.
Darin Sorrentino, Chris Janiszewski

The race conditions of Neutron L3 HA&8217;s scheduler under scale performace
John Schwarz, Ann Taraday (Mirantis), Kevin Benton (Mirantis)

Bringing Cloud Innovation to the Enterprise

Nick Barcet, Senior Director of Product Management, Red Hat OpenStack Platform

Cinder Always On – Reliability And Scalability Guide

Gorka Eguileor, Michal Dulko (Intel)

OpenStack is an Application! Deploy and Manage Your Stack with Kolla-Kubernetes
Ryan Hallisey, Ken Wronkiewicz (Cisco), Michal Jastrzebski (Intel)

OpenStack Requirements: what we are doing, what to expect, and what’s next
Swapnil Kulkarni and Davanum Srinivas

Stewardship: bringing more leadership and vision to OpenStack
Monty Taylor, Amrith Kumar (Tesora), Colette Alexander (Intel), Thierry Carrez (OpenStack Foundation)

Using OpenStack Swift to empower Turkcell&8217;s public cloud services
Christian Schwede, Orhan Biyiklioglu (Turkcell) & Doruk Aksoy (Turkcell)

Lessons Learned from a Large-Scale Telco OSP+SDN Deployment

Guil Barros, Cyril Lopez, Vicken Krissian

KVM and QEMU Internals: Understanding the IO Subsystem
Kyle Bader

Effective Code Review
Dougal Matthews

OVN &8211; Moving into Production
Russell Bryant, Justin Pettit (VMware), Ben Pfaff (VMware)

Anatomy Of OpenStack Neutron Through The Eagle Eyes Of Troubleshooters
Sadique Puthen

Building self-healing applications with Aodh, Zaqar and Mistral
Zane Bitter, Lingxian Kong (Catalyst IT), Fei Long Wang (Catalyst IT)

Writing A New Puppet OpenStack Module Like A Rockstar

Emilien Macchi

Ambassador Community Report
Erwan Gallen, Kavit Munshi (Aptira), Jaesuk Ahn (SKT), Marton Kiss (Aptira), Akihiro Hasegawa (Bit-isle Equinix, Inc)

VPP: the ultimate NFV vSwitch (and more!)?
Franck Baudin, Uri Elzur (Intel)

Zuul v3: OpenStack and Ansible Native CI/CD
James Blair

Container Defense in Depth
Thomas Cameron, Scott McCarty

Analyzing Performance in the Cloud: solving an elastic problem with a scientific approach
Alex Krzos, Nicholas Wakou (Dell)

One-stop-shop for OpenStack tools
Ruchika Kharwar

OpenStack troubleshooting: So simple even your kids can do it
Vinny Valdez, Jonathan Jozwiak

Solving Distributed NFV Puzzle with OpenStack and SDN
Rimma Iontel, Fernando Oliveira (VZ), Rajneesh Bajpai (BigSwitch)

Ceph, now and later: our plan for open unified cloud storage
Sage Weil

How to configure your cloud to be able to charge your users using official OpenStack components!
Julien Danjou, Stephane Albert (Objectif Libre), Christophe Sauthier (Objectif Libre)

A dice with several faces: Coordinators, mentors and interns on OpenStack Outreachy internships
Victoria Martinez de la Cruz, Nisha Yadav (Delhi Tech Universty), Samuel de Medeiros Queiroz (HPE)

Yo dawg I herd you like Containers, so we put OpenStack and Ceph in Containers
Sean Cohen, Sebastien Han, Federico Lucifredi

Picking an OpenStack Networking solution
Russell Bryant, Gal Sagie (Huawei)

Forget everything you knew about Swift Rings &8211; here&8217;s everything you need to know about Swift Rings
Christian Schwede, Clay Gerrard (Swiftstack)

3-2-1 Action! Running OpenStack Shared File System Service in Production

Sean Cohen, Tom Barron, Anika Sure (NetApp)

OVN &8211; Moving into Production
Russell Bryant, Justin Pettit (VMware), Ben Pfaff (VMware)

Hopefully we&8217;ll see you in Boston in May, 2017, for either the OpenStack Summit or the Red Hat Summit, or even both.
 

Quelle: RedHat Stack