SlideShare a Scribd company logo

Securely Serving Millions of Boot Artifacts a Day by João Pedro Lima & Matt Fleming

ScyllaDB
ScyllaDB

Cloudflare’s boot infrastructure dynamically generates and signs boot artifacts for nodes worldwide, ensuring secure, scalable, and customizable deployments. This talk dives into its architecture, scaling decisions, and how it enables seamless testing while maintaining a strong chain of trust.

1 of 23
Download to read offline
A ScyllaDB Community Securely Serving Millions of Boot Artifacts a Day João Pedro Lima Systems Engineer, Linux Team Matt Fleming Senior Systems Engineer
João Pedro Lima (he/him) ■ Previously Product Security @VMWare, Infrastructure Security @ Cloudflare ■ Interested in OS Security and Cryptography
Matt Fleming (he/him) ■ Former Linux Kernel maintainer ■ Focused on performance of OS, DB, and dist sys ■ Co-authored papers on Change Point Detection and testing distributed systems
■ Cloudflare’s Fleet Architecture ■ Boot Process ■ Design Evolution ■ Future Work Presentation Agenda
Fleet Architecture
Cloudflare has data centers in over 335 cities ■ Edge vs. control plane ■ Control plane data centers can have thousands of machines ■ Edge data centers can be big or small ■ Edge compute servers are called “metals” for historical reasons ■ OS is stateless and executes from ramdisk ■ Optimised, latest LTS Linux Kernel ■ Debian 12 (bookworm) ■ Secure Boot Fleet Architecture
■ Each datacenter has a set of datacenter manager (DM) nodes ■ DM renders boot configuration for all nodes in datacenter from configuration management ■ Metal requests boot artifacts from DM ■ DM runs nginx ■ DM cryptographically signs all artifacts on render ■ Metal verifies artifacts before executing Fleet Architecture
Boot Process
Boot Process Power-on /Reset Chipset/CPU BIOS/UEFI firmware PXE/iPXE OS Kernel Userspace Baseboard management controller (BMC) iPXE scripts
■ Secure boot keys configured when metal is provisioned into datacenter ■ iPXE used to pull kernel image and ramdisk via HTTP ■ Secure boot used to verify kernel images and modules Boot Process
#!ipxe :diag kernel ${boot_prefix}/vmlinuz initrd=diag-image.img console=tty0 imgverify vmlinuz ${boot_prefix}/vmlinuz.sig initrd ${boot_prefix}/diag-image.img imgverify diag-image.img ${boot_prefix}/diag-image.img.sig boot :updates imgfetch --name {{ hw_model }}/update.ipxe {{ hw_model }}/update.ipxe imgverify {{ hw_model }}/update.ipxe {{ hw_model }}/update.ipxe.sig imgexec {{ hw_model }}/update.ipxe :baseimg kernel vmlinuz imgverify vmlinuz ${boot_prefix}/vmlinuz.sig initrd ${boot_prefix}/baseimg.img imgverify baseimg.img ${boot_prefix}/baseimg.img.sig initrd ${boot_prefix}/{{ net_img }}.img imgverify {{ net_img }}.img ${boot_prefix}/{{ net_img }}.img.sig boot
Secure boot Power-on /Reset Chipset/CPU BIOS/UEFI firmware PXE/iPXE OS Kernel Userspace Baseboard management controller (BMC) iPXE scripts https://blog.cloudflare.com/anchoring-trust-a-hardware-secure-boot-story/ Platform Secure Boot/ HW root of trust UEFI Secure Boot
Secure boot + iPXE signing Power-on /Reset Chipset/CPU BIOS/UEFI firmware PXE/iPXE OS Kernel Userspace Baseboard management controller (BMC) iPXE scripts Platform Secure Boot/ HW root of trust UEFI Secure Boot
■ Network boot (netboot) via DM ■ Default boot strategy for metals ■ Boot artifacts retrieved just-in-time ■ Local disk boot (localboot) from disk EFI partition ■ Needed to boot first DM in datacenter ■ Fallback strategy for metals if no DM is available ■ Boot artifacts are synced every time configuration management runs (~ 3 hours) Boot strategies
Architecture Control plane colo Config mgmt master Vault Boot information sources “Primary” DM Metals DMs Edge colo Boot render flow Boot flow
Design Evolution
Challenges ■ Too many nodes trusted to render and sign boot artifacts ■ Ideally go from all DMs to just a single identity ■ DMs have failover but it’s not elastic ■ DMs configuration management update time is dominated by boot artifact handling ■ Localboot pull model is costly and inefficient
Requirements ■ Must be able to generate artifacts for all nodes ■ Highly available service ■ Tolerant to the loss of part of/entire control plane ■ Some degradation is acceptable in extreme circumstances
Architecture Internal K8S cluster Boot service Vault Boot information sources DMs Metals Edge colo Internal backup K8S cluster Boot service Vault Boot information sources Internal S3 cluster Backup cloud S3 cluster
■ Reduced trust domain ■ Only boot service is able to render and sign dynamic artifacts ■ Static artifacts are signed once and served from S3 afterwards ■ DM configuration management gains ■ High Availability and Elasticity ■ K8s service written in Go ■ Load balanced across multiple instances ■ Fallback to public cloud S3 for default artifacts if all K8S out ■ Localboot adopts push model ■ Only rendered and updated if node configuration changed Boot service
Future Work
Future Work ■ Cryptographically verify all executable code ■ Eliminate DMs completely ■ TPMs!
Thank you! João Pedro Lima jlima@cloudflare.com jopelima in/joaopedropaulinolima Matt Fleming mfleming@cloudflare.com fleming_matt mfleming
Ad

Recommended

XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
Tuning Linux for MongoDB
Tuning Linux for MongoDBTuning Linux for MongoDB
Tuning Linux for MongoDB
Tim Vaillancourt
 
Xen revisited
Xen revisitedXen revisited
Xen revisited
Shahbaz Sidhu
 
IBM's Cloud Storage Options
IBM's Cloud Storage OptionsIBM's Cloud Storage Options
IBM's Cloud Storage Options
Tony Pearson
 
Windows XP operating system
Windows XP operating systemWindows XP operating system
Windows XP operating system
Himanshu Choudhary
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RAC
Secure-24
 
Current and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on LinuxCurrent and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on Linux
mountpoint.io
 
EMBA - From Firmware to Exploit - BHEU22
EMBA - From Firmware to Exploit - BHEU22EMBA - From Firmware to Exploit - BHEU22
EMBA - From Firmware to Exploit - BHEU22
EMBA Firmware Analyzer
 
Oct2009
Oct2009Oct2009
Oct2009
guest81ab2b4
 
Evolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave ProbertEvolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
C++ Programming and the Persistent Memory Developers Kit
C++ Programming and the Persistent Memory Developers KitC++ Programming and the Persistent Memory Developers Kit
C++ Programming and the Persistent Memory Developers Kit
Intel® Software
 
NXP IMX6 Processor - Embedded Linux
NXP IMX6 Processor - Embedded LinuxNXP IMX6 Processor - Embedded Linux
NXP IMX6 Processor - Embedded Linux
NEEVEE Technologies
 
2018 FRecure CISSP Mentor Program- Session 4
2018 FRecure CISSP Mentor Program- Session 42018 FRecure CISSP Mentor Program- Session 4
2018 FRecure CISSP Mentor Program- Session 4
FRSecure
 
Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
OpenStack Foundation
 
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
Christoph Adler
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
MongoDB
 
Lec 9-os-review
Lec 9-os-reviewLec 9-os-review
Lec 9-os-review
Mothi R
 
2337610
23376102337610
2337610
hantfhan
 
Virtualization of computing and servers
Virtualization of computing and serversVirtualization of computing and servers
Virtualization of computing and servers
pooranionline
 
Reliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on LinuxReliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on Linux
Samsung Open Source Group
 
Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible
DefconRussia
 
lecture04_Overview of a Cloud architecture.pdf
lecture04_Overview of a Cloud architecture.pdflecture04_Overview of a Cloud architecture.pdf
lecture04_Overview of a Cloud architecture.pdf
hoangdinhhanh88
 
IBM Cloud Object Storage System (powered by Cleversafe) and its Applications
IBM Cloud Object Storage System (powered by Cleversafe) and its ApplicationsIBM Cloud Object Storage System (powered by Cleversafe) and its Applications
IBM Cloud Object Storage System (powered by Cleversafe) and its Applications
Tony Pearson
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016
Kuniyasu Suzaki
 
Porting_uClinux_CELF2008_Griffin
Porting_uClinux_CELF2008_GriffinPorting_uClinux_CELF2008_Griffin
Porting_uClinux_CELF2008_Griffin
Peter Griffin
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Scott K. Larson
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra Solutions
QUONTRASOLUTIONS
 
We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster
We4IT Group
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
ScyllaDB
 
Ad

More Related Content

Similar to Securely Serving Millions of Boot Artifacts a Day by João Pedro Lima & Matt Fleming (20)

Oct2009
Oct2009Oct2009
Oct2009
guest81ab2b4
 
Evolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave ProbertEvolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
C++ Programming and the Persistent Memory Developers Kit
C++ Programming and the Persistent Memory Developers KitC++ Programming and the Persistent Memory Developers Kit
C++ Programming and the Persistent Memory Developers Kit
Intel® Software
 
NXP IMX6 Processor - Embedded Linux
NXP IMX6 Processor - Embedded LinuxNXP IMX6 Processor - Embedded Linux
NXP IMX6 Processor - Embedded Linux
NEEVEE Technologies
 
2018 FRecure CISSP Mentor Program- Session 4
2018 FRecure CISSP Mentor Program- Session 42018 FRecure CISSP Mentor Program- Session 4
2018 FRecure CISSP Mentor Program- Session 4
FRSecure
 
Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
OpenStack Foundation
 
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
Christoph Adler
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
MongoDB
 
Lec 9-os-review
Lec 9-os-reviewLec 9-os-review
Lec 9-os-review
Mothi R
 
2337610
23376102337610
2337610
hantfhan
 
Virtualization of computing and servers
Virtualization of computing and serversVirtualization of computing and servers
Virtualization of computing and servers
pooranionline
 
Reliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on LinuxReliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on Linux
Samsung Open Source Group
 
Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible
DefconRussia
 
lecture04_Overview of a Cloud architecture.pdf
lecture04_Overview of a Cloud architecture.pdflecture04_Overview of a Cloud architecture.pdf
lecture04_Overview of a Cloud architecture.pdf
hoangdinhhanh88
 
IBM Cloud Object Storage System (powered by Cleversafe) and its Applications
IBM Cloud Object Storage System (powered by Cleversafe) and its ApplicationsIBM Cloud Object Storage System (powered by Cleversafe) and its Applications
IBM Cloud Object Storage System (powered by Cleversafe) and its Applications
Tony Pearson
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016
Kuniyasu Suzaki
 
Porting_uClinux_CELF2008_Griffin
Porting_uClinux_CELF2008_GriffinPorting_uClinux_CELF2008_Griffin
Porting_uClinux_CELF2008_Griffin
Peter Griffin
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Scott K. Larson
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra Solutions
QUONTRASOLUTIONS
 
We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster
We4IT Group
 
Oct2009
Oct2009Oct2009
Oct2009
guest81ab2b4
 
Evolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave ProbertEvolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
C++ Programming and the Persistent Memory Developers Kit
C++ Programming and the Persistent Memory Developers KitC++ Programming and the Persistent Memory Developers Kit
C++ Programming and the Persistent Memory Developers Kit
Intel® Software
 
NXP IMX6 Processor - Embedded Linux
NXP IMX6 Processor - Embedded LinuxNXP IMX6 Processor - Embedded Linux
NXP IMX6 Processor - Embedded Linux
NEEVEE Technologies
 
2018 FRecure CISSP Mentor Program- Session 4
2018 FRecure CISSP Mentor Program- Session 42018 FRecure CISSP Mentor Program- Session 4
2018 FRecure CISSP Mentor Program- Session 4
FRSecure
 
Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
OpenStack Foundation
 
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
CollabSphere2018 - Virtual, Faster, Better! How to virtualize IBM Notes V10
Christoph Adler
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
MongoDB
 
Lec 9-os-review
Lec 9-os-reviewLec 9-os-review
Lec 9-os-review
Mothi R
 
2337610
23376102337610
2337610
hantfhan
 
Virtualization of computing and servers
Virtualization of computing and serversVirtualization of computing and servers
Virtualization of computing and servers
pooranionline
 
Reliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on LinuxReliability, Availability and Serviceability on Linux
Reliability, Availability and Serviceability on Linux
Samsung Open Source Group
 
Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible Gal Diskin - Virtually Impossible
Gal Diskin - Virtually Impossible
DefconRussia
 
lecture04_Overview of a Cloud architecture.pdf
lecture04_Overview of a Cloud architecture.pdflecture04_Overview of a Cloud architecture.pdf
lecture04_Overview of a Cloud architecture.pdf
hoangdinhhanh88
 
IBM Cloud Object Storage System (powered by Cleversafe) and its Applications
IBM Cloud Object Storage System (powered by Cleversafe) and its ApplicationsIBM Cloud Object Storage System (powered by Cleversafe) and its Applications
IBM Cloud Object Storage System (powered by Cleversafe) and its Applications
Tony Pearson
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016
Kuniyasu Suzaki
 
Porting_uClinux_CELF2008_Griffin
Porting_uClinux_CELF2008_GriffinPorting_uClinux_CELF2008_Griffin
Porting_uClinux_CELF2008_Griffin
Peter Griffin
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Scott K. Larson
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra Solutions
QUONTRASOLUTIONS
 
We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster
We4IT Group
 

More from ScyllaDB (20)

Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
ScyllaDB
 
Leading a High-Stakes Database Migration
Leading a High-Stakes Database MigrationLeading a High-Stakes Database Migration
Leading a High-Stakes Database Migration
ScyllaDB
 
Achieving Extreme Scale with ScyllaDB: Tips & Tradeoffs
Achieving Extreme Scale with ScyllaDB: Tips & TradeoffsAchieving Extreme Scale with ScyllaDB: Tips & Tradeoffs
Achieving Extreme Scale with ScyllaDB: Tips & Tradeoffs
ScyllaDB
 
How Agoda Scaled 50x Throughput with ScyllaDB by Worakarn Isaratham
How Agoda Scaled 50x Throughput with ScyllaDB by Worakarn IsarathamHow Agoda Scaled 50x Throughput with ScyllaDB by Worakarn Isaratham
How Agoda Scaled 50x Throughput with ScyllaDB by Worakarn Isaratham
ScyllaDB
 
How Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd Coleman
How Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd ColemanHow Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd Coleman
How Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd Coleman
ScyllaDB
 
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor LaorScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB
 
Reduce Your Cloud Spend with ScyllaDB by Tzach Livyatan
Reduce Your Cloud Spend with ScyllaDB by Tzach LivyatanReduce Your Cloud Spend with ScyllaDB by Tzach Livyatan
Reduce Your Cloud Spend with ScyllaDB by Tzach Livyatan
ScyllaDB
 
Migrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence Liu
Migrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence LiuMigrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence Liu
Migrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence Liu
ScyllaDB
 
Vector Search with ScyllaDB by Szymon Wasik
Vector Search with ScyllaDB by Szymon WasikVector Search with ScyllaDB by Szymon Wasik
Vector Search with ScyllaDB by Szymon Wasik
ScyllaDB
 
Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...
Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...
Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...
ScyllaDB
 
Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...
Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...
Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...
ScyllaDB
 
Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...
Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...
Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...
ScyllaDB
 
Object Storage in ScyllaDB by Ran Regev, ScyllaDB
Object Storage in ScyllaDB by Ran Regev, ScyllaDBObject Storage in ScyllaDB by Ran Regev, ScyllaDB
Object Storage in ScyllaDB by Ran Regev, ScyllaDB
ScyllaDB
 
Lessons Learned from Building a Serverless Notifications System by Srushith R...
Lessons Learned from Building a Serverless Notifications System by Srushith R...Lessons Learned from Building a Serverless Notifications System by Srushith R...
Lessons Learned from Building a Serverless Notifications System by Srushith R...
ScyllaDB
 
A Dist Sys Programmer's Journey into AI by Piotr Sarna
A Dist Sys Programmer's Journey into AI by Piotr SarnaA Dist Sys Programmer's Journey into AI by Piotr Sarna
A Dist Sys Programmer's Journey into AI by Piotr Sarna
ScyllaDB
 
High Availability: Lessons Learned by Paul Preuveneers
High Availability: Lessons Learned by Paul PreuveneersHigh Availability: Lessons Learned by Paul Preuveneers
High Availability: Lessons Learned by Paul Preuveneers
ScyllaDB
 
How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...
How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...
How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...
ScyllaDB
 
Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...
Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...
Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...
ScyllaDB
 
Database Migration Strategies and Pitfalls by Patrick Bossman
Database Migration Strategies and Pitfalls by Patrick BossmanDatabase Migration Strategies and Pitfalls by Patrick Bossman
Database Migration Strategies and Pitfalls by Patrick Bossman
ScyllaDB
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
Powering a Billion Dreams: Scaling Meesho’s E-commerce Revolution with Scylla...
ScyllaDB
 
Leading a High-Stakes Database Migration
Leading a High-Stakes Database MigrationLeading a High-Stakes Database Migration
Leading a High-Stakes Database Migration
ScyllaDB
 
Achieving Extreme Scale with ScyllaDB: Tips & Tradeoffs
Achieving Extreme Scale with ScyllaDB: Tips & TradeoffsAchieving Extreme Scale with ScyllaDB: Tips & Tradeoffs
Achieving Extreme Scale with ScyllaDB: Tips & Tradeoffs
ScyllaDB
 
How Agoda Scaled 50x Throughput with ScyllaDB by Worakarn Isaratham
How Agoda Scaled 50x Throughput with ScyllaDB by Worakarn IsarathamHow Agoda Scaled 50x Throughput with ScyllaDB by Worakarn Isaratham
How Agoda Scaled 50x Throughput with ScyllaDB by Worakarn Isaratham
ScyllaDB
 
How Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd Coleman
How Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd ColemanHow Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd Coleman
How Yieldmo Cut Database Costs and Cloud Dependencies Fast by Todd Coleman
ScyllaDB
 
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor LaorScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB: 10 Years and Beyond by Dor Laor
ScyllaDB
 
Reduce Your Cloud Spend with ScyllaDB by Tzach Livyatan
Reduce Your Cloud Spend with ScyllaDB by Tzach LivyatanReduce Your Cloud Spend with ScyllaDB by Tzach Livyatan
Reduce Your Cloud Spend with ScyllaDB by Tzach Livyatan
ScyllaDB
 
Migrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence Liu
Migrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence LiuMigrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence Liu
Migrating 50TB Data From a Home-Grown Database to ScyllaDB, Fast by Terence Liu
ScyllaDB
 
Vector Search with ScyllaDB by Szymon Wasik
Vector Search with ScyllaDB by Szymon WasikVector Search with ScyllaDB by Szymon Wasik
Vector Search with ScyllaDB by Szymon Wasik
ScyllaDB
 
Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...
Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...
Workload Prioritization: How to Balance Multiple Workloads in a Cluster by Fe...
ScyllaDB
 
Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...
Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...
Two Leading Approaches to Data Virtualization, and Which Scales Better? by Da...
ScyllaDB
 
Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...
Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...
Scaling a Beast: Lessons from 400x Growth in a High-Stakes Financial System b...
ScyllaDB
 
Object Storage in ScyllaDB by Ran Regev, ScyllaDB
Object Storage in ScyllaDB by Ran Regev, ScyllaDBObject Storage in ScyllaDB by Ran Regev, ScyllaDB
Object Storage in ScyllaDB by Ran Regev, ScyllaDB
ScyllaDB
 
Lessons Learned from Building a Serverless Notifications System by Srushith R...
Lessons Learned from Building a Serverless Notifications System by Srushith R...Lessons Learned from Building a Serverless Notifications System by Srushith R...
Lessons Learned from Building a Serverless Notifications System by Srushith R...
ScyllaDB
 
A Dist Sys Programmer's Journey into AI by Piotr Sarna
A Dist Sys Programmer's Journey into AI by Piotr SarnaA Dist Sys Programmer's Journey into AI by Piotr Sarna
A Dist Sys Programmer's Journey into AI by Piotr Sarna
ScyllaDB
 
High Availability: Lessons Learned by Paul Preuveneers
High Availability: Lessons Learned by Paul PreuveneersHigh Availability: Lessons Learned by Paul Preuveneers
High Availability: Lessons Learned by Paul Preuveneers
ScyllaDB
 
How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...
How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...
How Natura Uses ScyllaDB and ScyllaDB Connector to Create a Real-time Data Pi...
ScyllaDB
 
Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...
Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...
Persistence Pipelines in a Processing Graph: Mutable Big Data at Salesforce b...
ScyllaDB
 
Database Migration Strategies and Pitfalls by Patrick Bossman
Database Migration Strategies and Pitfalls by Patrick BossmanDatabase Migration Strategies and Pitfalls by Patrick Bossman
Database Migration Strategies and Pitfalls by Patrick Bossman
ScyllaDB
 
Ad

Recently uploaded (20)

AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Ad

Securely Serving Millions of Boot Artifacts a Day by João Pedro Lima & Matt Fleming

  • 1. A ScyllaDB Community Securely Serving Millions of Boot Artifacts a Day João Pedro Lima Systems Engineer, Linux Team Matt Fleming Senior Systems Engineer
  • 2. João Pedro Lima (he/him) ■ Previously Product Security @VMWare, Infrastructure Security @ Cloudflare ■ Interested in OS Security and Cryptography
  • 3. Matt Fleming (he/him) ■ Former Linux Kernel maintainer ■ Focused on performance of OS, DB, and dist sys ■ Co-authored papers on Change Point Detection and testing distributed systems
  • 4. ■ Cloudflare’s Fleet Architecture ■ Boot Process ■ Design Evolution ■ Future Work Presentation Agenda
  • 6. Cloudflare has data centers in over 335 cities ■ Edge vs. control plane ■ Control plane data centers can have thousands of machines ■ Edge data centers can be big or small ■ Edge compute servers are called “metals” for historical reasons ■ OS is stateless and executes from ramdisk ■ Optimised, latest LTS Linux Kernel ■ Debian 12 (bookworm) ■ Secure Boot Fleet Architecture
  • 7. ■ Each datacenter has a set of datacenter manager (DM) nodes ■ DM renders boot configuration for all nodes in datacenter from configuration management ■ Metal requests boot artifacts from DM ■ DM runs nginx ■ DM cryptographically signs all artifacts on render ■ Metal verifies artifacts before executing Fleet Architecture
  • 9. Boot Process Power-on /Reset Chipset/CPU BIOS/UEFI firmware PXE/iPXE OS Kernel Userspace Baseboard management controller (BMC) iPXE scripts
  • 10. ■ Secure boot keys configured when metal is provisioned into datacenter ■ iPXE used to pull kernel image and ramdisk via HTTP ■ Secure boot used to verify kernel images and modules Boot Process
  • 11. #!ipxe :diag kernel ${boot_prefix}/vmlinuz initrd=diag-image.img console=tty0 imgverify vmlinuz ${boot_prefix}/vmlinuz.sig initrd ${boot_prefix}/diag-image.img imgverify diag-image.img ${boot_prefix}/diag-image.img.sig boot :updates imgfetch --name {{ hw_model }}/update.ipxe {{ hw_model }}/update.ipxe imgverify {{ hw_model }}/update.ipxe {{ hw_model }}/update.ipxe.sig imgexec {{ hw_model }}/update.ipxe :baseimg kernel vmlinuz imgverify vmlinuz ${boot_prefix}/vmlinuz.sig initrd ${boot_prefix}/baseimg.img imgverify baseimg.img ${boot_prefix}/baseimg.img.sig initrd ${boot_prefix}/{{ net_img }}.img imgverify {{ net_img }}.img ${boot_prefix}/{{ net_img }}.img.sig boot
  • 12. Secure boot Power-on /Reset Chipset/CPU BIOS/UEFI firmware PXE/iPXE OS Kernel Userspace Baseboard management controller (BMC) iPXE scripts https://blog.cloudflare.com/anchoring-trust-a-hardware-secure-boot-story/ Platform Secure Boot/ HW root of trust UEFI Secure Boot
  • 13. Secure boot + iPXE signing Power-on /Reset Chipset/CPU BIOS/UEFI firmware PXE/iPXE OS Kernel Userspace Baseboard management controller (BMC) iPXE scripts Platform Secure Boot/ HW root of trust UEFI Secure Boot
  • 14. ■ Network boot (netboot) via DM ■ Default boot strategy for metals ■ Boot artifacts retrieved just-in-time ■ Local disk boot (localboot) from disk EFI partition ■ Needed to boot first DM in datacenter ■ Fallback strategy for metals if no DM is available ■ Boot artifacts are synced every time configuration management runs (~ 3 hours) Boot strategies
  • 15. Architecture Control plane colo Config mgmt master Vault Boot information sources “Primary” DM Metals DMs Edge colo Boot render flow Boot flow
  • 17. Challenges ■ Too many nodes trusted to render and sign boot artifacts ■ Ideally go from all DMs to just a single identity ■ DMs have failover but it’s not elastic ■ DMs configuration management update time is dominated by boot artifact handling ■ Localboot pull model is costly and inefficient
  • 18. Requirements ■ Must be able to generate artifacts for all nodes ■ Highly available service ■ Tolerant to the loss of part of/entire control plane ■ Some degradation is acceptable in extreme circumstances
  • 19. Architecture Internal K8S cluster Boot service Vault Boot information sources DMs Metals Edge colo Internal backup K8S cluster Boot service Vault Boot information sources Internal S3 cluster Backup cloud S3 cluster
  • 20. ■ Reduced trust domain ■ Only boot service is able to render and sign dynamic artifacts ■ Static artifacts are signed once and served from S3 afterwards ■ DM configuration management gains ■ High Availability and Elasticity ■ K8s service written in Go ■ Load balanced across multiple instances ■ Fallback to public cloud S3 for default artifacts if all K8S out ■ Localboot adopts push model ■ Only rendered and updated if node configuration changed Boot service
  • 22. Future Work ■ Cryptographically verify all executable code ■ Eliminate DMs completely ■ TPMs!
  • 23. Thank you! João Pedro Lima jlima@cloudflare.com jopelima in/joaopedropaulinolima Matt Fleming mfleming@cloudflare.com fleming_matt mfleming