SlideShare a Scribd company logo

Centralize and Simplify Secrets Management for Red Hat OpenShift Container Environments with the CyberArk Conjur Enterprise Integration

DevOps.com
DevOps.com

This document provides an overview of a webinar on integrating OpenShift and Conjur for DevOps. It discusses containers and Kubernetes, and how they are not enough on their own for DevOps without additional components like networking, image registries, metrics/logging, deployment automation, application lifecycles, services, and self-service portals. It then outlines how OpenShift addresses these needs and how Conjur can integrate to provide secrets management and access control when using OpenShift for DevOps. The integration goals, components, deployment within OpenShift, and detailed flow are described to securely provide secrets to applications in a scalable and robust manner.

1 of 30
Downloaded 62 times
OPENSHIFT-CONJUR WEBINAR JUNE 27, 2018 • May 2018
TODAY’S PRESENTERS: JASON DOBIES Partner Technical Marketing Engineer OpenShift Ecosystem Red Hat NAAMA SCHWARTZBLAT Application Identity Manager Senior Product Manager CyberArk JOE GARCIA Global Corporate Solutions Engineer CyberArk
WHAT ARE CONTAINERS? ● Sandboxed application processes on a shared Linux OS kernel ● Simpler, lighter, and denser than virtual machines ● Portable across different environments ● Package my application and all of its dependencies ● Deploy to any environment in seconds and enable CI/CD ● Easily access and share containerized components INFRASTRUCTURE APPLICATIONS It Depends Who You Ask
DEVOPS WITH CONTAINERS Source Repository CI/CD Engine Dev Container Images Physical Virtual Private cloud Public cloud Libraries Repositories Container Images Repository
DEVOPS WITH CONTAINERS ?
DEVOPS WITH CONTAINERS ?
CONTAINERS AREN’T ENOUGH Scheduling Decide where to deploy containers Lifecycle and Health Keep containers running despite failures Discovery Find other containers on the network Monitoring Visibility into running containers Security Control who can do what Scaling Scale containers up and down Persistence Survive data beyond container lifecycle Aggregation Compose apps from multiple containers
KUBERNETES Kubernetes is an open- source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes
DEVOPS WITH CONTAINERS kubernetes
DEVOPS WITH CONTAINERS AND KUBERNETES
DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need networking NETWORK
DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need an image registry NETWORK IMAGE REGISTRY
DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need metrics and logging METRICS AND LOGGING IMAGE REGISTRY NETWORK
DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need complex deployments and upgrades METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION
DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need application lifecycle and management METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION APP LIFECYCLE MGMT
DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need application services (databases, messaging, etc) METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION APP LIFECYCLE MGMT APPLICATION SERVICES
DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need a self-service portal METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION APP LIFECYCLE MGMT APPLICATION SERVICES SELF-SERVICE
DEVOPS WITH OPENSHIFT OPENSHIFT
Confidential and Proprietary. ©CyberArk Software Ltd. All rights reserved. #1 Leader in Privileged Account Security Securing Privilege at more than 50% of the Fortune 100 More than 3,800 customer globally
CYBERARK SOLUTION PORTFOLIO
CyberArk Conjur is a DevOps and cloud security solution • Addresses the unique secrets management and privileged access security challenges of the DevOps pipeline • Native integration with cloud management, PaaS/Containerized platforms and DevOps orchestration solutions • Focused on security – supports Separation of Duties • Designed for developers – Open Source accessible, well documented, fully supported CYBERARK CONJUR
Confidential and Proprietary. ©CyberArk Software Ltd. All rights reserved. Business Owner Security Owner Developers Operations/ DevOps Auditor Dashboards for reporting full audit. "Everything as code” Community Edition and APIs designed to be easy for developers to use CLI and Multiple native integrations with the "New IT Department“ tools Dashboards for central security management Conjur Offers Multiple Interfaces To Address Wide Enterprise Needs
CENTRAL MANAGEMENT - NO “SECURITY ISLANDS” • Central view and control of Privileged Account Security • Enterprise wide solution for on premise, hybrid, cloud only organizations • Leverage the CyberArk Vault and existing investments • Highest levels of Security, Recoverability, and Auditability • Central Policy Manager – to manage and rotate secrets • Bring other CyberArk solutions like Privileged Session Manager, Application Identity Manager, and On-Demand Privilege Manager to the DevOps environment Islands of Security Extend the #1 solution in Privileged Account Security to the DevOps, cloud and container world
INTEGRATION GOALS • Securely provide secrets to application running in PaaS • Ease of use - Seamlessly integrate into the PaaS environment • Strong Authentication of the calling container/ pod based on its properties • Leverage the Kubernetes API’s to verify the application container identity • Segregation of duties, between application developers and operations, as well as between different project • Central audit • Secret rotation Server Host Operating System PaaS Engine Bins/Libs APP1 Bins/Libs APP2 Bins/Libs Containers Conjur
INTEGRATION COMPONENTS • Conjur Master – Secret managed repository. Supports full read/write operations such as permission checks, as well as management of policies, secrets and all Conjur services. • Conjur Follower – Read only replica of the Master. Distributed across data centers and geographies to locally support application read requests and to distribute load from the Master. Can scale horizontally, and each additional follower adds read capacity. Includes the K8S/OpenShift authenticator. • Summon – Open Source component, used to control the process as well as push the secrets into pod environment variables. • Conjur-authn-client– CyberArk container, run as a sidecar or init-container, responsible for the login process of the pod against the authenticator. Init Container Pod PodApp Container Pod App Container Conjur-authn- client Shared Storage Summon Conjur Follower (and authenticator) Pod Conjur Master Pod Master Standby Pod Master Standby
ROBUST AND SCALABLE DEPLOYMENT WITHIN OPENSHIFT Standby Init Container Pod App Container Conjur- authn-client Shared Volume Summon Application Project Pod App Container Conjur- authn-client Shared Volume Summon Conjur Project Pod Conjur Follower Pod Conjur Follower Load Balancer Conjur Master Conjur Project Init Container Pod App Container Conjur- authn-client Shared Volume Summon Application Project Pod App Container Conjur- authn-client Shared Volume Summon Conjur Project Pod Conjur Follower Pod Conjur Follower Load Balancer Standby
OPENSHIFT – CONJUR DETAILED FLOW 1. Create a policy for each pod/ application 2. Load the policy into Conjur Master 3. When pod starts, Conjur-authn-client goes up and creates a CSR 4. Conjur-authn-client calls the Follower with pod details and CSR 5. Follower verifies pod exist against Kubernetes API 6. If exist, signs the request and writes it out of band to the Conjur-authn-client 7. Conjur-authn-client calls Follower - follower authenticates against Conjur policies and returns a encrypted token 8. The Conjur-authn-client decrypts the token and writes it in the pod shared memory 9. Summon uses the token to fetch the secrets from Conjur and writes the retrieved secrets to the environment variables. Init Container Pod Summon App Container Conjur-authn- client Shared Volume Pod Conjur Master Application Project Conjur Project Pod Conjur Follower (and authenticator) Init Container Pod Conjur-authn- client Pod Conjur Follower (and authenticator) Load Balancer App policy: - !policy id: allowed_apps annotations: description: Apps and services in cluster. body: - !layer - &apps - !host [namespace]/service_account/[sa-name] - !grant role: !layer members: *apps ü Summon App Container Shared Volume
✓ Simple, context free, secure method for retrieving credentials in containers ✓ End-to-end encryption of secrets through mutual TLS (Transport Layer Security) using SPIFFE-compliant resource identifiers. ✓ Robust authentication and authorization incorporating Conjur policy, signed certificates, and an internal Kubernetes APIs. ✓ Conjur Follower running inside OpenShift ✓ Elastic, can scale out ✓ High availability is provided with the multiple followers running inside OpenShift, making secrets local cache available also if network suffers ✓ Segregation of Duty between applications ✓ SoD also between the OpenShift security operator and the development teams using Conjur policy ✓ Credentials are not exposed to any 3rd party, reside only in memory ✓ Full central audit trail ✓ UI for auditors BENEFITS
Confidential and Proprietary. ©CyberArk Software Ltd. All rights reserved. IT’S EASY TO GET STARTED • Try CyberArk Conjur Open Source at www.conjur.org • Request a DevOps Workshop • Ask for a DevOps Security Assessment • Read our DevOps Security Blog www.conjur.org/blog
THANK YOU • May 2018
Ad

Recommended

Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
Opsta
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
Stenio Ferreira
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Karthikeyan Anbarasan (AK)
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
Raleigh ISSA
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slides
Andre Debilloez
 
Commvault Story - CVTSP_1.pptx
Commvault Story - CVTSP_1.pptxCommvault Story - CVTSP_1.pptx
Commvault Story - CVTSP_1.pptx
Hardeep Singh Manhas
 
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019
Steve Wong
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Manage your kubernetes cluster with cluster api, azure and git ops
Manage your kubernetes cluster with cluster api, azure and git opsManage your kubernetes cluster with cluster api, azure and git ops
Manage your kubernetes cluster with cluster api, azure and git ops
Jorge Arteiro
 
Comment hacker Active Directory de A à Z? - Par Sylvain Cortès
Comment hacker Active Directory de A à Z? - Par Sylvain CortèsComment hacker Active Directory de A à Z? - Par Sylvain Cortès
Comment hacker Active Directory de A à Z? - Par Sylvain Cortès
Identity Days
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Container Security Vulnerability Scanning with Trivy
Container Security Vulnerability Scanning with TrivyContainer Security Vulnerability Scanning with Trivy
Container Security Vulnerability Scanning with Trivy
Faheem Memon
 
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
태준 문
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitor
Praveen Nair
 
Microsoft Azure alerts
Microsoft Azure alertsMicrosoft Azure alerts
Microsoft Azure alerts
Student
 
Container Security Essentials
Container Security EssentialsContainer Security Essentials
Container Security Essentials
DNIF
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Funny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscapeFunny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscape
Mikalai Alimenkou
 
Container security
Container securityContainer security
Container security
Anthony Chow
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Martyn Coupland
 
An Overview of Spinnaker
An Overview of SpinnakerAn Overview of Spinnaker
An Overview of Spinnaker
Pierre-Nicolas Durette
 
What is Docker Architecture | Edureka
What is Docker Architecture | EdurekaWhat is Docker Architecture | Edureka
What is Docker Architecture | Edureka
Edureka!
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
How to Monitoring the SRE Golden Signals (E-Book)
How to Monitoring the SRE Golden Signals (E-Book)How to Monitoring the SRE Golden Signals (E-Book)
How to Monitoring the SRE Golden Signals (E-Book)
Siglos
 
Intel Software Partner Program
Intel Software Partner ProgramIntel Software Partner Program
Intel Software Partner Program
Kerstin Monzel
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Understanding docker ecosystem and vulnerabilities points
Understanding docker ecosystem and vulnerabilities pointsUnderstanding docker ecosystem and vulnerabilities points
Understanding docker ecosystem and vulnerabilities points
Abdul Khan
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
DevSecCon
 
Ad

More Related Content

What's hot (20)

Manage your kubernetes cluster with cluster api, azure and git ops
Manage your kubernetes cluster with cluster api, azure and git opsManage your kubernetes cluster with cluster api, azure and git ops
Manage your kubernetes cluster with cluster api, azure and git ops
Jorge Arteiro
 
Comment hacker Active Directory de A à Z? - Par Sylvain Cortès
Comment hacker Active Directory de A à Z? - Par Sylvain CortèsComment hacker Active Directory de A à Z? - Par Sylvain Cortès
Comment hacker Active Directory de A à Z? - Par Sylvain Cortès
Identity Days
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Container Security Vulnerability Scanning with Trivy
Container Security Vulnerability Scanning with TrivyContainer Security Vulnerability Scanning with Trivy
Container Security Vulnerability Scanning with Trivy
Faheem Memon
 
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
태준 문
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitor
Praveen Nair
 
Microsoft Azure alerts
Microsoft Azure alertsMicrosoft Azure alerts
Microsoft Azure alerts
Student
 
Container Security Essentials
Container Security EssentialsContainer Security Essentials
Container Security Essentials
DNIF
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Funny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscapeFunny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscape
Mikalai Alimenkou
 
Container security
Container securityContainer security
Container security
Anthony Chow
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Martyn Coupland
 
An Overview of Spinnaker
An Overview of SpinnakerAn Overview of Spinnaker
An Overview of Spinnaker
Pierre-Nicolas Durette
 
What is Docker Architecture | Edureka
What is Docker Architecture | EdurekaWhat is Docker Architecture | Edureka
What is Docker Architecture | Edureka
Edureka!
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
How to Monitoring the SRE Golden Signals (E-Book)
How to Monitoring the SRE Golden Signals (E-Book)How to Monitoring the SRE Golden Signals (E-Book)
How to Monitoring the SRE Golden Signals (E-Book)
Siglos
 
Intel Software Partner Program
Intel Software Partner ProgramIntel Software Partner Program
Intel Software Partner Program
Kerstin Monzel
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Manage your kubernetes cluster with cluster api, azure and git ops
Manage your kubernetes cluster with cluster api, azure and git opsManage your kubernetes cluster with cluster api, azure and git ops
Manage your kubernetes cluster with cluster api, azure and git ops
Jorge Arteiro
 
Comment hacker Active Directory de A à Z? - Par Sylvain Cortès
Comment hacker Active Directory de A à Z? - Par Sylvain CortèsComment hacker Active Directory de A à Z? - Par Sylvain Cortès
Comment hacker Active Directory de A à Z? - Par Sylvain Cortès
Identity Days
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Container Security Vulnerability Scanning with Trivy
Container Security Vulnerability Scanning with TrivyContainer Security Vulnerability Scanning with Trivy
Container Security Vulnerability Scanning with Trivy
Faheem Memon
 
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
DEVOPS 에 대한 전반적인 소개 및 자동화툴 소개
태준 문
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitor
Praveen Nair
 
Microsoft Azure alerts
Microsoft Azure alertsMicrosoft Azure alerts
Microsoft Azure alerts
Student
 
Container Security Essentials
Container Security EssentialsContainer Security Essentials
Container Security Essentials
DNIF
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Funny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscapeFunny stories and anti-patterns from DevOps landscape
Funny stories and anti-patterns from DevOps landscape
Mikalai Alimenkou
 
Container security
Container securityContainer security
Container security
Anthony Chow
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Martyn Coupland
 
An Overview of Spinnaker
An Overview of SpinnakerAn Overview of Spinnaker
An Overview of Spinnaker
Pierre-Nicolas Durette
 
What is Docker Architecture | Edureka
What is Docker Architecture | EdurekaWhat is Docker Architecture | Edureka
What is Docker Architecture | Edureka
Edureka!
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
How to Monitoring the SRE Golden Signals (E-Book)
How to Monitoring the SRE Golden Signals (E-Book)How to Monitoring the SRE Golden Signals (E-Book)
How to Monitoring the SRE Golden Signals (E-Book)
Siglos
 
Intel Software Partner Program
Intel Software Partner ProgramIntel Software Partner Program
Intel Software Partner Program
Kerstin Monzel
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 

Similar to Centralize and Simplify Secrets Management for Red Hat OpenShift Container Environments with the CyberArk Conjur Enterprise Integration (20)

Understanding docker ecosystem and vulnerabilities points
Understanding docker ecosystem and vulnerabilities pointsUnderstanding docker ecosystem and vulnerabilities points
Understanding docker ecosystem and vulnerabilities points
Abdul Khan
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
DevSecCon
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
DevOps.com
 
Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015
WaveMaker, Inc.
 
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
Red Hat Events
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
Shikha Srivastava
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
sbbabu
 
Container Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container ParadiseContainer Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container Paradise
XebiaLabs
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Duo World Architecture
Duo World ArchitectureDuo World Architecture
Duo World Architecture
Supun Dissanayake
 
SS Introduction to Docker
SS Introduction to DockerSS Introduction to Docker
SS Introduction to Docker
Stephane Woillez
 
Halifax DevOps - Meet-up - July.19 2017
Halifax DevOps - Meet-up - July.19 2017Halifax DevOps - Meet-up - July.19 2017
Halifax DevOps - Meet-up - July.19 2017
Kyle Bassett
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
Runcy Oommen
 
Docker and Kubernetes Training | Kubernetes Online Training
Docker and Kubernetes Training | Kubernetes Online TrainingDocker and Kubernetes Training | Kubernetes Online Training
Docker and Kubernetes Training | Kubernetes Online Training
navyatejavisualpath
 
Newt global meetup microservices
Newt global meetup microservicesNewt global meetup microservices
Newt global meetup microservices
Venkatnadhan Thirunalai
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic
 
Docker Datacenter - CaaS
Docker Datacenter - CaaSDocker Datacenter - CaaS
Docker Datacenter - CaaS
Harish Jayakumar
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
Docker, Inc.
 
Understanding docker ecosystem and vulnerabilities points
Understanding docker ecosystem and vulnerabilities pointsUnderstanding docker ecosystem and vulnerabilities points
Understanding docker ecosystem and vulnerabilities points
Abdul Khan
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
DevSecCon
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
DevOps.com
 
Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015
WaveMaker, Inc.
 
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
Red Hat Events
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
Shikha Srivastava
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
sbbabu
 
Container Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container ParadiseContainer Shangri-La Attaining the Promise of Container Paradise
Container Shangri-La Attaining the Promise of Container Paradise
XebiaLabs
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Duo World Architecture
Duo World ArchitectureDuo World Architecture
Duo World Architecture
Supun Dissanayake
 
SS Introduction to Docker
SS Introduction to DockerSS Introduction to Docker
SS Introduction to Docker
Stephane Woillez
 
Halifax DevOps - Meet-up - July.19 2017
Halifax DevOps - Meet-up - July.19 2017Halifax DevOps - Meet-up - July.19 2017
Halifax DevOps - Meet-up - July.19 2017
Kyle Bassett
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
Runcy Oommen
 
Docker and Kubernetes Training | Kubernetes Online Training
Docker and Kubernetes Training | Kubernetes Online TrainingDocker and Kubernetes Training | Kubernetes Online Training
Docker and Kubernetes Training | Kubernetes Online Training
navyatejavisualpath
 
Newt global meetup microservices
Newt global meetup microservicesNewt global meetup microservices
Newt global meetup microservices
Venkatnadhan Thirunalai
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic
 
Docker Datacenter - CaaS
Docker Datacenter - CaaSDocker Datacenter - CaaS
Docker Datacenter - CaaS
Harish Jayakumar
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
Docker, Inc.
 
Ad

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
DevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
DevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
DevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
DevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
DevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
DevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
DevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
DevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
DevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
DevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
DevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
DevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 
Ad

Recently uploaded (20)

What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Network Security. Different aspects of Network Security.
Network Security. Different aspects of Network Security.Network Security. Different aspects of Network Security.
Network Security. Different aspects of Network Security.
gregtap1
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Buckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug LogsBuckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug Logs
Lynda Kane
 
Rock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning JourneyRock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning Journey
Lynda Kane
 
Asthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdfAsthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdf
VanessaRaudez
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Automation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From AnywhereAutomation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From Anywhere
Lynda Kane
 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
Image processinglab image processing image processing
Image processinglab image processing image processingImage processinglab image processing image processing
Image processinglab image processing image processing
RaghadHany
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
"PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System""PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System"
Jainul Musani
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Network Security. Different aspects of Network Security.
Network Security. Different aspects of Network Security.Network Security. Different aspects of Network Security.
Network Security. Different aspects of Network Security.
gregtap1
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Buckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug LogsBuckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug Logs
Lynda Kane
 
Rock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning JourneyRock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning Journey
Lynda Kane
 
Asthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdfAsthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdf
VanessaRaudez
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Automation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From AnywhereAutomation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From Anywhere
Lynda Kane
 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
Image processinglab image processing image processing
Image processinglab image processing image processingImage processinglab image processing image processing
Image processinglab image processing image processing
RaghadHany
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
"PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System""PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System"
Jainul Musani
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 

Centralize and Simplify Secrets Management for Red Hat OpenShift Container Environments with the CyberArk Conjur Enterprise Integration

  • 2. TODAY’S PRESENTERS: JASON DOBIES Partner Technical Marketing Engineer OpenShift Ecosystem Red Hat NAAMA SCHWARTZBLAT Application Identity Manager Senior Product Manager CyberArk JOE GARCIA Global Corporate Solutions Engineer CyberArk
  • 3. WHAT ARE CONTAINERS? ● Sandboxed application processes on a shared Linux OS kernel ● Simpler, lighter, and denser than virtual machines ● Portable across different environments ● Package my application and all of its dependencies ● Deploy to any environment in seconds and enable CI/CD ● Easily access and share containerized components INFRASTRUCTURE APPLICATIONS It Depends Who You Ask
  • 4. DEVOPS WITH CONTAINERS Source Repository CI/CD Engine Dev Container Images Physical Virtual Private cloud Public cloud Libraries Repositories Container Images Repository
  • 7. CONTAINERS AREN’T ENOUGH Scheduling Decide where to deploy containers Lifecycle and Health Keep containers running despite failures Discovery Find other containers on the network Monitoring Visibility into running containers Security Control who can do what Scaling Scale containers up and down Persistence Survive data beyond container lifecycle Aggregation Compose apps from multiple containers
  • 8. KUBERNETES Kubernetes is an open- source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes
  • 10. DEVOPS WITH CONTAINERS AND KUBERNETES
  • 11. DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need networking NETWORK
  • 12. DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need an image registry NETWORK IMAGE REGISTRY
  • 13. DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need metrics and logging METRICS AND LOGGING IMAGE REGISTRY NETWORK
  • 14. DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need complex deployments and upgrades METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION
  • 15. DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need application lifecycle and management METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION APP LIFECYCLE MGMT
  • 16. DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need application services (databases, messaging, etc) METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION APP LIFECYCLE MGMT APPLICATION SERVICES
  • 17. DEVOPS WITH CONTAINERS AND KUBERNETES Not enough… need a self-service portal METRICS AND LOGGING IMAGE REGISTRY NETWORK DEPLOYMENT AUTOMATION APP LIFECYCLE MGMT APPLICATION SERVICES SELF-SERVICE
  • 19. Confidential and Proprietary. ©CyberArk Software Ltd. All rights reserved. #1 Leader in Privileged Account Security Securing Privilege at more than 50% of the Fortune 100 More than 3,800 customer globally
  • 21. CyberArk Conjur is a DevOps and cloud security solution • Addresses the unique secrets management and privileged access security challenges of the DevOps pipeline • Native integration with cloud management, PaaS/Containerized platforms and DevOps orchestration solutions • Focused on security – supports Separation of Duties • Designed for developers – Open Source accessible, well documented, fully supported CYBERARK CONJUR
  • 22. Confidential and Proprietary. ©CyberArk Software Ltd. All rights reserved. Business Owner Security Owner Developers Operations/ DevOps Auditor Dashboards for reporting full audit. "Everything as code” Community Edition and APIs designed to be easy for developers to use CLI and Multiple native integrations with the "New IT Department“ tools Dashboards for central security management Conjur Offers Multiple Interfaces To Address Wide Enterprise Needs
  • 23. CENTRAL MANAGEMENT - NO “SECURITY ISLANDS” • Central view and control of Privileged Account Security • Enterprise wide solution for on premise, hybrid, cloud only organizations • Leverage the CyberArk Vault and existing investments • Highest levels of Security, Recoverability, and Auditability • Central Policy Manager – to manage and rotate secrets • Bring other CyberArk solutions like Privileged Session Manager, Application Identity Manager, and On-Demand Privilege Manager to the DevOps environment Islands of Security Extend the #1 solution in Privileged Account Security to the DevOps, cloud and container world
  • 24. INTEGRATION GOALS • Securely provide secrets to application running in PaaS • Ease of use - Seamlessly integrate into the PaaS environment • Strong Authentication of the calling container/ pod based on its properties • Leverage the Kubernetes API’s to verify the application container identity • Segregation of duties, between application developers and operations, as well as between different project • Central audit • Secret rotation Server Host Operating System PaaS Engine Bins/Libs APP1 Bins/Libs APP2 Bins/Libs Containers Conjur
  • 25. INTEGRATION COMPONENTS • Conjur Master – Secret managed repository. Supports full read/write operations such as permission checks, as well as management of policies, secrets and all Conjur services. • Conjur Follower – Read only replica of the Master. Distributed across data centers and geographies to locally support application read requests and to distribute load from the Master. Can scale horizontally, and each additional follower adds read capacity. Includes the K8S/OpenShift authenticator. • Summon – Open Source component, used to control the process as well as push the secrets into pod environment variables. • Conjur-authn-client– CyberArk container, run as a sidecar or init-container, responsible for the login process of the pod against the authenticator. Init Container Pod PodApp Container Pod App Container Conjur-authn- client Shared Storage Summon Conjur Follower (and authenticator) Pod Conjur Master Pod Master Standby Pod Master Standby
  • 26. ROBUST AND SCALABLE DEPLOYMENT WITHIN OPENSHIFT Standby Init Container Pod App Container Conjur- authn-client Shared Volume Summon Application Project Pod App Container Conjur- authn-client Shared Volume Summon Conjur Project Pod Conjur Follower Pod Conjur Follower Load Balancer Conjur Master Conjur Project Init Container Pod App Container Conjur- authn-client Shared Volume Summon Application Project Pod App Container Conjur- authn-client Shared Volume Summon Conjur Project Pod Conjur Follower Pod Conjur Follower Load Balancer Standby
  • 27. OPENSHIFT – CONJUR DETAILED FLOW 1. Create a policy for each pod/ application 2. Load the policy into Conjur Master 3. When pod starts, Conjur-authn-client goes up and creates a CSR 4. Conjur-authn-client calls the Follower with pod details and CSR 5. Follower verifies pod exist against Kubernetes API 6. If exist, signs the request and writes it out of band to the Conjur-authn-client 7. Conjur-authn-client calls Follower - follower authenticates against Conjur policies and returns a encrypted token 8. The Conjur-authn-client decrypts the token and writes it in the pod shared memory 9. Summon uses the token to fetch the secrets from Conjur and writes the retrieved secrets to the environment variables. Init Container Pod Summon App Container Conjur-authn- client Shared Volume Pod Conjur Master Application Project Conjur Project Pod Conjur Follower (and authenticator) Init Container Pod Conjur-authn- client Pod Conjur Follower (and authenticator) Load Balancer App policy: - !policy id: allowed_apps annotations: description: Apps and services in cluster. body: - !layer - &apps - !host [namespace]/service_account/[sa-name] - !grant role: !layer members: *apps ü Summon App Container Shared Volume
  • 28. ✓ Simple, context free, secure method for retrieving credentials in containers ✓ End-to-end encryption of secrets through mutual TLS (Transport Layer Security) using SPIFFE-compliant resource identifiers. ✓ Robust authentication and authorization incorporating Conjur policy, signed certificates, and an internal Kubernetes APIs. ✓ Conjur Follower running inside OpenShift ✓ Elastic, can scale out ✓ High availability is provided with the multiple followers running inside OpenShift, making secrets local cache available also if network suffers ✓ Segregation of Duty between applications ✓ SoD also between the OpenShift security operator and the development teams using Conjur policy ✓ Credentials are not exposed to any 3rd party, reside only in memory ✓ Full central audit trail ✓ UI for auditors BENEFITS
  • 29. Confidential and Proprietary. ©CyberArk Software Ltd. All rights reserved. IT’S EASY TO GET STARTED • Try CyberArk Conjur Open Source at www.conjur.org • Request a DevOps Workshop • Ask for a DevOps Security Assessment • Read our DevOps Security Blog www.conjur.org/blog