SlideShare a Scribd company logo

Enhanced Security and Visibility for Microservices Applications

Download as PPTX, PDF
Akshay Mathur
Akshay Mathur

Unified solution for application load balancing, security and traffic analytics in Kubernetes can do wonders for better user experience.

1 of 28
Downloaded 10 times
Reliable Security Always™ Enhanced Security & Visibility for Microservice Applications Akshay Mathur @akshaymathu
2 NEW DE-FACTO STANDARDS: Growing Industry Trend: Containers and Kubernetes APPLICATIONS Moving from Monolith to Micro Services APPLICATION DEPLOYMENTS Moving from Hardware Servers or Virtual Machines to Containers o Adopted by all industry major players – AWS, Azure, Google, VMWare, RedHat. o 10X increase in usage in Azure and GCP last year o 10X increase in deployment last 3 years o Deployment Size increased 75% in a year Growing Kubernetes Adoption
3 Key Requirements of Modern Teams … EFFICIENT OPERATIONS VISIBILITY & CONTROL Application Security SSL Encryption Access Control Attack Protection and Mitigation Analytics Faster troubleshooting Operational intelligence Central Management Multi-services Multi-cloud
4 Real-world Challenges
5 An E-Com Company: Access Control between Microservices • Security and compliance require monitoring traffic between microservices • In absence of policy enforcement, this company isolated clusters Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
6 A FinTech Company: Access Control and Traffic Flow Visibility problem • Separated microservices via namespaces • Controlled traffic flow via application Gateway Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
7 All Companies: Need to keep latency at minimum • Multiple traffic handling layers add its own latency ◦ IPS/IDS ◦ L7 LB ◦ Kube Proxy Kubernetes Node
8 A Media Service Company: Security Increased Cost of Operations • Istio sidecar model was tried for security implementation • Sidecar model increased resource requirement leading to increased cost Kubernetes Node
9 All Companies: Need to Manage Security across Environments • Not all workloads are in Kubernetes • Managing security separately for each env was challenging Public Private Data Center
10 Challenges in Kubernetes Environment Characteristics of K8s Environment Impact Only L3 policy support L7 security rules can’t be created Multiple Layers in traffic flow Increased latency IP addresses of pods keep changing IP based security policy become obsolete No access control between microservices Complicated deployment architecture No application traffic visibility Difficult to fine-tune security policies
11 Shared Security Responsibility Model Source: https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke- container-security-shared-responsibility-model-gke
12 Security & Policy Enforcement
13 Minimizing Cost of Operations vs Kubernetes NodeKubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment Resource intensive Expensive TCO Low overhead Lower TCO
14 Traffic Handling and Security are related Modern Approach Unified solution providing Load Balancing as well as Security Pros: • Operational simplicity • Better application performance Kubernetes Node Fact: • Incoming traffic is to be decrypted and evaluated • When Deny the traffic: Security • When Send traffic to right Application Server: Load Balancing Traditional Approach: Deploy Load Balancing and Security solutions separately Cons: • Operational Complexity • Increased latency
15 For East-West Traffic • Access control between microservices • Transparent encryption for traffic between nodes • Lower resource requirement as compare to sidecar service mesh model • Application layer traffic visibility and analytics Node 1 Node 2 S1 S2
16 For North-South Traffic • Container-native load balancer for L7 traffic routing (with ability to route traffic based on any info in HTTP header) • SSL offload • Reduced application response time • Web Application Firewall • L7 DDoS protection • Central management for load balancer • Application layer traffic visibility and analytics Kubernetes Cluster
17 More about the LB • Deployed as DaemonSet ◦ Image on Docker Hub ◦ Uses host networking • Based on NginX core ◦ 3rd party modules – ModSec, LuaJit etc. ◦ Custom modules • Connection Pooling • Distributed Limit Enforcement • Dynamic Upstream
18 More about the Kubernetes Connector • Deployed as K8s ‘Deployment’ ◦ Image on Docker Hub ◦ One instance in a cluster • Monitors Lifecycle of Containers and Ingress Resource • Calls APIs to update LB
19 Policy Configuration • Infrastructure as code • Kubernetes Service aand Ingress definitions are extended via annotations • Simple annotations to configure policies
20 Application Layer Visibility
21 Descriptive Analytics • Health Status • Logs & Events PERFORMANCE MONITORING Diagnostic Analytics • Per-App metrics • Trend Analysis FASTER TROUBLESHOOTING Predictive Analytics • Anomalies/Threats • Correlation INSIGHTS Prescriptive Analytics • Policy updates • Behavior Analysis ADAPTIVE CONTROLS Visibility, Analytics & Insights
22. Per-Service Visibility, Analytics & Reporting o Comprehensive metrics & logs o View, monitor and analyze o Efficient troubleshooting o Generate custom reports
23 Use Case – Troubleshooting High Response Time LB Only Confidence: Low No direct way to debug Alternate is to collect access logs from all application servers Merge the logs and move them to a log analyzer Get the info about request processing time by server ◦ Time taken in network remains unknown ◦ Geo distribution remains unknown Manually correlate and analyze LB + Application Analytics Confidence: High Harmony Portal displays end-to-end response time for the application Drill-down charts are available for historical analysis with enriched data Breakup of time taken in different portions of request-response cycle is available Segmented data by various aspects is available Access logs of individual transaction may be used for further isolation Customers are complaining about slowness of Application 2days 5mins
24
25. A10 ADC: Per-app Visibility : End-to-End Latency o Distinguish between application, client and infrastructure issues o Quickly identify consistent or one-off glitch o Pinpoint concerns and take corrective action
26 Takeaways: Simplified and Improved Security & Analytics • Simple Architecture • Clear ‘Dev’ and ‘Ops’ separation • ‘Config as code’ for automation • Application Traffic Analytics for efficiency
27 Thank You @akshaymathu amathur@a10networks.com Skype: mathurakshay Sample Config Files @ https://gist.github.com/c-success Steps to try @ http://docs.hc.a10networks.com/IngressController/2.0/a10-ladc-ingress-controller.html
Thank You Reliable Security Always™

Recommended

Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Akshay Mathur
 
Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in Kubernetes
Akshay Mathur
 
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
DevOps.com
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server Databases
Red Gate Software
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overview
BAKOTECH
 
Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2
Prem Sankar Gopannan
 
5 Ways to use Node in the Network
5 Ways to use Node in the Network5 Ways to use Node in the Network
5 Ways to use Node in the Network
F5 Networks
 
PLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PROIDEA
 
UC SDN
UC SDNUC SDN
UC SDN
IMTC
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
DevSecOpsSg
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud Story
MarketingArrowECS_CZ
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)
AlgoSec
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value Proposition
Steve Jones
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
NetFlow Analyzer
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
Cryptzone
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An Insight
Sai Sundhar Padmanabhan
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
ThousandEyes
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)
IMTC
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP Worlds
IMTC
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slides
Comit Projects Ltd
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Mitchell Pronschinske
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Nitin Saxena
 

More Related Content

What's hot (20)

UC SDN
UC SDNUC SDN
UC SDN
IMTC
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
DevSecOpsSg
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud Story
MarketingArrowECS_CZ
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)
AlgoSec
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value Proposition
Steve Jones
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
NetFlow Analyzer
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
Cryptzone
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An Insight
Sai Sundhar Padmanabhan
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
ThousandEyes
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)
IMTC
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP Worlds
IMTC
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slides
Comit Projects Ltd
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
UC SDN
UC SDNUC SDN
UC SDN
IMTC
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
DevSecOpsSg
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud Story
MarketingArrowECS_CZ
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)
AlgoSec
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value Proposition
Steve Jones
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
NetFlow Analyzer
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
Cryptzone
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An Insight
Sai Sundhar Padmanabhan
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
ThousandEyes
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)
IMTC
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP Worlds
IMTC
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slides
Comit Projects Ltd
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 

Similar to Enhanced Security and Visibility for Microservices Applications (20)

Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Mitchell Pronschinske
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Nitin Saxena
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
NGINX, Inc.
 
Top Six Application Modernization Strategies for 2024.pptx
Top Six Application Modernization Strategies for 2024.pptxTop Six Application Modernization Strategies for 2024.pptx
Top Six Application Modernization Strategies for 2024.pptx
Extentia Information Technology
 
VMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld 2015: No App is An Island
VMworld 2015: No App is An Island
VMworld
 
Kubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechKubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTech
Akshay Mathur
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
patmisasi
 
Enabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps ModelEnabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps Model
Cisco DevNet
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
RENJITHKNAIR5
 
Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...
Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...
Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...
Sun Technologies
 
Driving success in the cloud with NGINX
Driving success in the cloud with NGINXDriving success in the cloud with NGINX
Driving success in the cloud with NGINX
NGINX, Inc.
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
PINGXIONG3
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?
Codit
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of Infrastructure
GlobalLogic Ukraine
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Codit
 
Visualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven DecisionsVisualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven Decisions
CA Technologies
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Mitchell Pronschinske
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Nitin Saxena
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
NGINX, Inc.
 
Top Six Application Modernization Strategies for 2024.pptx
Top Six Application Modernization Strategies for 2024.pptxTop Six Application Modernization Strategies for 2024.pptx
Top Six Application Modernization Strategies for 2024.pptx
Extentia Information Technology
 
VMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld 2015: No App is An Island
VMworld 2015: No App is An Island
VMworld
 
Kubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechKubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTech
Akshay Mathur
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
patmisasi
 
Enabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps ModelEnabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps Model
Cisco DevNet
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
RENJITHKNAIR5
 
Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...
Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...
Scenarios in Which Kubernetes is Used for Container Orchestration of a Web Ap...
Sun Technologies
 
Driving success in the cloud with NGINX
Driving success in the cloud with NGINXDriving success in the cloud with NGINX
Driving success in the cloud with NGINX
NGINX, Inc.
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
PINGXIONG3
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?
Codit
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of Infrastructure
GlobalLogic Ukraine
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Codit
 
Visualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven DecisionsVisualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven Decisions
CA Technologies
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 

More from Akshay Mathur (18)

Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with Sphinx
Akshay Mathur
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
Akshay Mathur
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWS
Akshay Mathur
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
Akshay Mathur
 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScript
Akshay Mathur
 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JS
Akshay Mathur
 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing Team
Akshay Mathur
 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQuery
Akshay Mathur
 
CoffeeScript
CoffeeScriptCoffeeScript
CoffeeScript
Akshay Mathur
 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JS
Akshay Mathur
 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with Web
Akshay Mathur
 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with Javascript
Akshay Mathur
 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine Python
Akshay Mathur
 
Working with GIT
Working with GITWorking with GIT
Working with GIT
Akshay Mathur
 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page Webapp
Akshay Mathur
 
Mongo db
Mongo dbMongo db
Mongo db
Akshay Mathur
 
Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with Sphinx
Akshay Mathur
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
Akshay Mathur
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWS
Akshay Mathur
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
Akshay Mathur
 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScript
Akshay Mathur
 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JS
Akshay Mathur
 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing Team
Akshay Mathur
 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQuery
Akshay Mathur
 
CoffeeScript
CoffeeScriptCoffeeScript
CoffeeScript
Akshay Mathur
 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JS
Akshay Mathur
 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with Web
Akshay Mathur
 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with Javascript
Akshay Mathur
 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine Python
Akshay Mathur
 
Working with GIT
Working with GITWorking with GIT
Working with GIT
Akshay Mathur
 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page Webapp
Akshay Mathur
 
Mongo db
Mongo dbMongo db
Mongo db
Akshay Mathur
 

Recently uploaded (20)

Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 

Enhanced Security and Visibility for Microservices Applications

  • 1. Reliable Security Always™ Enhanced Security & Visibility for Microservice Applications Akshay Mathur @akshaymathu
  • 2. 2 NEW DE-FACTO STANDARDS: Growing Industry Trend: Containers and Kubernetes APPLICATIONS Moving from Monolith to Micro Services APPLICATION DEPLOYMENTS Moving from Hardware Servers or Virtual Machines to Containers o Adopted by all industry major players – AWS, Azure, Google, VMWare, RedHat. o 10X increase in usage in Azure and GCP last year o 10X increase in deployment last 3 years o Deployment Size increased 75% in a year Growing Kubernetes Adoption
  • 3. 3 Key Requirements of Modern Teams … EFFICIENT OPERATIONS VISIBILITY & CONTROL Application Security SSL Encryption Access Control Attack Protection and Mitigation Analytics Faster troubleshooting Operational intelligence Central Management Multi-services Multi-cloud
  • 5. 5 An E-Com Company: Access Control between Microservices • Security and compliance require monitoring traffic between microservices • In absence of policy enforcement, this company isolated clusters Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
  • 6. 6 A FinTech Company: Access Control and Traffic Flow Visibility problem • Separated microservices via namespaces • Controlled traffic flow via application Gateway Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
  • 7. 7 All Companies: Need to keep latency at minimum • Multiple traffic handling layers add its own latency ◦ IPS/IDS ◦ L7 LB ◦ Kube Proxy Kubernetes Node
  • 8. 8 A Media Service Company: Security Increased Cost of Operations • Istio sidecar model was tried for security implementation • Sidecar model increased resource requirement leading to increased cost Kubernetes Node
  • 9. 9 All Companies: Need to Manage Security across Environments • Not all workloads are in Kubernetes • Managing security separately for each env was challenging Public Private Data Center
  • 10. 10 Challenges in Kubernetes Environment Characteristics of K8s Environment Impact Only L3 policy support L7 security rules can’t be created Multiple Layers in traffic flow Increased latency IP addresses of pods keep changing IP based security policy become obsolete No access control between microservices Complicated deployment architecture No application traffic visibility Difficult to fine-tune security policies
  • 11. 11 Shared Security Responsibility Model Source: https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke- container-security-shared-responsibility-model-gke
  • 13. 13 Minimizing Cost of Operations vs Kubernetes NodeKubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment Resource intensive Expensive TCO Low overhead Lower TCO
  • 14. 14 Traffic Handling and Security are related Modern Approach Unified solution providing Load Balancing as well as Security Pros: • Operational simplicity • Better application performance Kubernetes Node Fact: • Incoming traffic is to be decrypted and evaluated • When Deny the traffic: Security • When Send traffic to right Application Server: Load Balancing Traditional Approach: Deploy Load Balancing and Security solutions separately Cons: • Operational Complexity • Increased latency
  • 15. 15 For East-West Traffic • Access control between microservices • Transparent encryption for traffic between nodes • Lower resource requirement as compare to sidecar service mesh model • Application layer traffic visibility and analytics Node 1 Node 2 S1 S2
  • 16. 16 For North-South Traffic • Container-native load balancer for L7 traffic routing (with ability to route traffic based on any info in HTTP header) • SSL offload • Reduced application response time • Web Application Firewall • L7 DDoS protection • Central management for load balancer • Application layer traffic visibility and analytics Kubernetes Cluster
  • 17. 17 More about the LB • Deployed as DaemonSet ◦ Image on Docker Hub ◦ Uses host networking • Based on NginX core ◦ 3rd party modules – ModSec, LuaJit etc. ◦ Custom modules • Connection Pooling • Distributed Limit Enforcement • Dynamic Upstream
  • 18. 18 More about the Kubernetes Connector • Deployed as K8s ‘Deployment’ ◦ Image on Docker Hub ◦ One instance in a cluster • Monitors Lifecycle of Containers and Ingress Resource • Calls APIs to update LB
  • 19. 19 Policy Configuration • Infrastructure as code • Kubernetes Service aand Ingress definitions are extended via annotations • Simple annotations to configure policies
  • 21. 21 Descriptive Analytics • Health Status • Logs & Events PERFORMANCE MONITORING Diagnostic Analytics • Per-App metrics • Trend Analysis FASTER TROUBLESHOOTING Predictive Analytics • Anomalies/Threats • Correlation INSIGHTS Prescriptive Analytics • Policy updates • Behavior Analysis ADAPTIVE CONTROLS Visibility, Analytics & Insights
  • 22. 22. Per-Service Visibility, Analytics & Reporting o Comprehensive metrics & logs o View, monitor and analyze o Efficient troubleshooting o Generate custom reports
  • 23. 23 Use Case – Troubleshooting High Response Time LB Only Confidence: Low No direct way to debug Alternate is to collect access logs from all application servers Merge the logs and move them to a log analyzer Get the info about request processing time by server ◦ Time taken in network remains unknown ◦ Geo distribution remains unknown Manually correlate and analyze LB + Application Analytics Confidence: High Harmony Portal displays end-to-end response time for the application Drill-down charts are available for historical analysis with enriched data Breakup of time taken in different portions of request-response cycle is available Segmented data by various aspects is available Access logs of individual transaction may be used for further isolation Customers are complaining about slowness of Application 2days 5mins
  • 24. 24
  • 25. 25. A10 ADC: Per-app Visibility : End-to-End Latency o Distinguish between application, client and infrastructure issues o Quickly identify consistent or one-off glitch o Pinpoint concerns and take corrective action
  • 26. 26 Takeaways: Simplified and Improved Security & Analytics • Simple Architecture • Clear ‘Dev’ and ‘Ops’ separation • ‘Config as code’ for automation • Application Traffic Analytics for efficiency
  • 27. 27 Thank You @akshaymathu [email protected] Skype: mathurakshay Sample Config Files @ https://gist.github.com/c-success Steps to try @ http://docs.hc.a10networks.com/IngressController/2.0/a10-ladc-ingress-controller.html