SlideShare a Scribd company logo

Move Auth, Policy, and Resilience to the Platform

Christian Posta
Christian Posta

Developer's time is the most crucial resource in an enterprise IT organization. Too much time is spent on undifferentiated heavy lifting and in the world of APIs and microservices much of that is spent on non-functional, cross-cutting networking requirements like security, observability, and resilience. As organizations reconcile their DevOps practices into Platform Engineering, tools like Istio help alleviate developer pain. In this talk we dig into what that pain looks like, how much it costs, and how Istio has solved these concerns by examining three real-life use cases. As this space continues to emerge, and innovation has not slowed, we will also discuss the recently announced Istio sidecar-less mode which significantly reduces the hurdles to adopt Istio within Kubernetes or outside Kubernetes.

Technology
1 of 61
Download to read offline
1 | Copyright © 2022 Reducing Developer Overload: Moving Auth, Policy, and Resilience to the Platform
2 | Copyright © 2022 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io /in/ceposta
3 | Copyright © 2022 https://solo.io
4 | Copyright © 2022 Digital Experiences… Driven by APIs and Services
5 | Copyright © 2022 Silos - Conway’s Law
6 | Copyright © 2022 “Ticket Ops” to Drive Changes to APIs and Services
7 | Copyright © 2022 Platform Engineering ● Cross functional team ● Infrastructure integration ● Golden paths for delivery ● Internal Dev Portals ● Tenancy for teams Platform engineering: ● Accelerate business value ● Improve efficiencies ● Increase compliance ● Reduce costs/lockin Platform engineering outcomes:
8 | Copyright © 2022 You don’t start with pipes, electrical, doors and locks, but eventually you need them.
9 | Copyright © 2022 Internal Developer Platforms are like a House
10 | Copyright © 2022 ● Kubernetes / containers ● Microservices architecture ● Public cloud ● CI / CD / ArgoCD / GitOps ● Platform orchestration ● Metric collection (CPU, Network, Memory) Foundations
11 | Copyright © 2022 Platform Strategy
12 | Copyright © 2022 T-Mobile: 25% of time spent on non-functional reqs; 75% incidents caused by network misconfiguration
13 | Copyright © 2022 The platform is not finished. We need to modernize networking.
14 | Copyright © 2022 Outdated Assumptions and Network Control
15 | Copyright © 2022 Policy Bit Rot
16 | Copyright © 2022 Policy Bit Rot
17 | Copyright © 2022
18 | Copyright © 2022 Inefficiencies and Bottlenecks
19 | Copyright © 2022 Build it into the Code!
20 | Copyright © 2022 JWT Unravels your API Gateway!
21 | Copyright © 2022 ● Distributed implementation ● Declarative configuration ● Standard interfaces/integration ● Dynamic configuration ● Fine-grained, request-level auth/rate limit/policy enforcement ● Traffic control, circuit breaking, routing ● Metrics, logging, distributed tracing Modern Networking Needs for Internal Dev Platform
22 | Copyright © 2022 The House is not Finished!
23 | Copyright © 2022 Finishing the house
24 | Copyright © 2022 You need Plumbing, Electrical, Locks on Doors, etc
25 | Copyright © 2022 Modern Networking Solves Auth, Policy, Resilience ● Locks on doors ○ zero-trust, workload/request authentication, authorization, policy enforcement ● Air conditioning / thermostat ○ load balancing, timeouts, retries, circuit breaking ● Electrical / Piping ○ traffic control, load balancing, routing ● CO, fire, smoke detectors, cameras ○ metrics, distributed tracing, logging
26 | Copyright © 2022 Application Networking
27 | Copyright © 2022 Istio Service Mesh https://istio.io ● mTLS, mutual authentication, encryption ● Network, L7 observability ● Traffic control, resilience, failover ● Blue-green, canary release ● Driven by declarative configuration
28 | Copyright © 2022 Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/ Istio Ambient Mode A sidecar-less implementation of Istio Service Mesh Production ready as of Istio 1.22 (May 2024)
29 | Copyright © 2022 Demo
30 | Copyright © 2022 Istio Ambient Mode Pure L4 mode only, no L7
31 | Copyright © 2022 Istio Ambient Mode
32 | Copyright © 2022 Istio Ambient Mode L7 goes through “waypoint” proxy, in the network; L7 policies (retry, traffic splitting, canary, fine-grained authz, etc) applied here.
33 | Copyright © 2022 Istio Ambient Mode L7 goes through “waypoint” proxy (Envoy), in the network; Deploy multiple replicas of proxy for traffic sizing, high availability, etc.
34 | Copyright © 2022 Service Mesh For Less!
35 | Copyright © 2022 Istio Ambient Mode https://bit.ly/ambient-book
36 | Copyright © 2022 Auth, Policy, and Resilience
37 | Copyright © 2022 Location Singapore Revenue Approaching $1B Digital Banking Industry From Zero to 4th Largest Bank in Singapore within 2 Years Requires Trust CASE STUDY A Joint Venture between a Top 3 Bank in the UK (Operating in Asia) and Singapore Largest Loyalty Program launched one of Singapore’s first Digital Native Banks. The ambitious growth goals for the bank meant there was no time to waste selecting the technologies that would underpin the business. Regulators in Singapore keep strong standards on financial institutions, including the need to maintain a 99.95% uptime or greater as well as ensuring strong security across the banks infrastructure. With the help of Solo.io and Gloo, the bank was able to onboard 100K customers in the first 10 days of operating Business Goals Key tenants of the modernization initiative: ● Unified Stack - From Identity to Mesh, to CNI and GraphQL ● Multi-Cluster Orchestration ● GitOps deployments ● Event-Driven, Real Time Architecture Region APJ Benchmark Scale ● 100% Containerized ● 9 EKS Clusters in Production ● 400 to 600 Concurrent Pods During Peak Processing ● Mandate to meet 99.95% Uptime Customer Growth 100K First 10 Days 450K First 5 Months 1M+ Today Differentiators ● Single Solution providing significant cost savings through consolidation of disparate tools ● Multi-Cluster Mesh Enables transparent failover and ability to treat EKS clusters as “cattle” ● Unified Stack allows Bank to implement a trust “Defense in Depth” model from Identity to Network Policy Competition
38 | Copyright © 2022 Workload Identity and Authentication
39 | Copyright © 2022 Secure Production Identity Framework (for Everyone) • Intended to solve the “universal workload identity problem” • Independent of application type, network, or platform/cloud • Specified with URI strings • Verified via signed credentials (x509, JWT, etc) • API and workflow for attestation built into SPIFFE implementations • Intended to eliminate passwords, other secrets, etc
40 | Copyright © 2022 Who is Service A?
41 | Copyright © 2022 Identity for Workloads
42 | Copyright © 2022 Network Policy Based on Stable Workload Identity apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: allow-traffic-between-workloads namespace: your-namespace spec: selector: matchLabels: app: your-app action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/your-namespace/sa/first-service-account"] to: - operation: principals: ["spiffe://example.org/ns/your-namespace/sa/second-service-account"]
43 | Copyright © 2022 Demo
44 | Copyright © 2022 IstioCon (2023)
45 | Copyright © 2022 Traffic Control Powerful load balancing IN THE NETWORK ● Fine-grained, request-based load balancing ● Region/Zone/Subset aware load balancing ● Retry/Timeout/Circuit breaker ● % based traffic splitting ● Header based traffic splitting
46 | Copyright © 2022 Global Routing / Failover
47 | Copyright © 2022 Circuit Breaker - Degrade gracefully when services are overwhelmed
48 | Copyright © 2022 Demo
49 | Copyright © 2022 Tying it all together
50 | Copyright © 2022 Offload Auth, Policy, and Resilience to the Platform!
51 | Copyright © 2022 ● Get code into production, safely! ● Increasing the release safety and velocity with: ○ High availability ○ Global routing ○ Failover ○ Resiliency ■ either planned, unplanned ■ migrations, re-deployments ● Canary releasing, blue/green, A/B testing ● Reducing MTTR ○ Metrics, distributed tracing, logging ● Reduce change failure rate Accelerating Business Value
52 | Copyright © 2022 ● Declarative configuration fits IaC automation, tenancy ● Better resource utilization / scale ● Eliminate silos, reduce ticket ops, reduce UI click Ops ● Reduce dependencies on other teams (self service) ● Teams to focus on business logic not complexity of networking ● Integrations with standard interfaces ● Reduce reliance on large proprietary vendor stacks with heavy license fees ● Smart traffic, networking control for zonal, region, data center networking costs Improve Efficiency, Reduce Costs
53 | Copyright © 2022 ● Zero trust network ○ Encryption, authentication, authorization ○ Central requirements for PCI-DSS, HIPPA, GDPR, etc ● Eliminate bespoke code for security, routing, load balancing ○ Especially across multiple languages, frameworks, etc ○ Easier to audit and understand ● Eliminate centralized bottlenecks, UI clicking, and ● Drive everything through Git so it’s trackable and auditable ● Organizational policy enforcement based on durable workload ID ○ Not ephemeral IP addresses or network segments Increase Compliance
54 | Copyright © 2022 Resources ● https://istio.io ● https://envoyproxy.io ● https://academy.solo.io ● See QR codes in slides!
55 | Copyright © 2022 Please Reach Out! VP, Global Field CTO, Solo.io @christianposta christian@solo.io /in/ceposta
Thank You!
57 | Copyright © 2022 Location Singapore Revenue Approaching $1B Digital Banking Industry From Zero to 4th Largest Bank in Singapore within 2 Years Requires Trust CASE STUDY A Joint Venture between a Top 3 Bank in the UK (Operating in Asia) and Singapore Largest Loyalty Program launched one of Singapore’s first Digital Native Banks. The ambitious growth goals for the bank meant there was no time to waste selecting the technologies that would underpin the business. Regulators in Singapore keep strong standards on financial institutions, including the need to maintain a 99.95% uptime or greater as well as ensuring strong security across the banks infrastructure. With the help of Solo.io and Gloo, the bank was able to onboard 100K customers in the first 10 days of operating Business Goals Key tenants of the modernization initiative: ● Unified Stack - From Identity to Mesh, to CNI and GraphQL ● Multi-Cluster Orchestration ● GitOps deployments ● Event-Driven, Real Time Architecture Region APJ Benchmark Scale ● 100% Containerized ● 9 EKS Clusters in Production ● 400 to 600 Concurrent Pods During Peak Processing ● Mandate to meet 99.95% Uptime Customer Growth 100K First 10 Days 450K First 5 Months 1M+ Today Differentiators ● Single Solution providing significant cost savings through consolidation of disparate tools ● Multi-Cluster Mesh Enables transparent failover and ability to treat EKS clusters as “cattle” ● Unified Stack allows Bank to implement a trust “Defense in Depth” model from Identity to Network Policy Competition
58 | Copyright © 2022
59 | Copyright © 2022 API Management at Google
60 | Copyright © 2022 Massive outage
61 | Copyright © 2022 Optimize Proxy Placement

Recommended

Startup InsurTech Award - Galileo Platforms
Startup InsurTech Award - Galileo PlatformsStartup InsurTech Award - Galileo Platforms
Startup InsurTech Award - Galileo Platforms
The Digital Insurer
 
Managing User Experience During Cloud Migrations
Managing User Experience During Cloud MigrationsManaging User Experience During Cloud Migrations
Managing User Experience During Cloud Migrations
eG Innovations
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
All Things Open
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceGetting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
ThousandEyes
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
RENJITHKNAIR5
 

Recommended

Startup InsurTech Award - Galileo Platforms
Startup InsurTech Award - Galileo PlatformsStartup InsurTech Award - Galileo Platforms
Startup InsurTech Award - Galileo Platforms
The Digital Insurer
 
Managing User Experience During Cloud Migrations
Managing User Experience During Cloud MigrationsManaging User Experience During Cloud Migrations
Managing User Experience During Cloud Migrations
eG Innovations
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
All Things Open
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceGetting Started With ThousandEyes Proof of Concepts: End User Digital Experience
Getting Started With ThousandEyes Proof of Concepts: End User Digital Experience
ThousandEyes
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
RENJITHKNAIR5
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5
Zaighum Malik 赞谋
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
FIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case StudiesFIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case Studies
FIDO Alliance
 
Guruprasad_Srinivasamurthy - CV
Guruprasad_Srinivasamurthy - CVGuruprasad_Srinivasamurthy - CV
Guruprasad_Srinivasamurthy - CV
Guruprasad Srinivasamurthy
 
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Equinix
 
How Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHow Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data Center
Hostway|HOSTING
 
Container Technologies and Transformational value
Container Technologies and Transformational valueContainer Technologies and Transformational value
Container Technologies and Transformational value
Mihai Criveti
 
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedasTDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
tdc-globalcode
 
Oracle Blockchain Experience Day
Oracle Blockchain Experience DayOracle Blockchain Experience Day
Oracle Blockchain Experience Day
Juarez Junior
 
Ahmed El Mawaziny CV
Ahmed El Mawaziny CVAhmed El Mawaziny CV
Ahmed El Mawaziny CV
Ahmed El Mawaziny
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
Check Point Software Technologies
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2
 
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Application Modernization to Accelerate Business Growth | JK Tech Webinar
Application Modernization to Accelerate Business Growth | JK Tech WebinarApplication Modernization to Accelerate Business Growth | JK Tech Webinar
Application Modernization to Accelerate Business Growth | JK Tech Webinar
JK Tech
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 
Innovation in the network – Adding value to voice OpenCloud Bouygues
Innovation in the network – Adding value to voice OpenCloud BouyguesInnovation in the network – Adding value to voice OpenCloud Bouygues
Innovation in the network – Adding value to voice OpenCloud Bouygues
Alan Quayle
 
Cloud Integration Strategy
Cloud Integration StrategyCloud Integration Strategy
Cloud Integration Strategy
Revelation Technologies
 
Company Profile - jvnetwroks resources sdn bhd
Company Profile - jvnetwroks resources sdn bhdCompany Profile - jvnetwroks resources sdn bhd
Company Profile - jvnetwroks resources sdn bhd
IT FIRST SDN BHD
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
Christian Posta
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
Christian Posta
 

More Related Content

Similar to Move Auth, Policy, and Resilience to the Platform

CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5
Zaighum Malik 赞谋
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
FIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case StudiesFIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case Studies
FIDO Alliance
 
Guruprasad_Srinivasamurthy - CV
Guruprasad_Srinivasamurthy - CVGuruprasad_Srinivasamurthy - CV
Guruprasad_Srinivasamurthy - CV
Guruprasad Srinivasamurthy
 
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Equinix
 
How Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHow Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data Center
Hostway|HOSTING
 
Container Technologies and Transformational value
Container Technologies and Transformational valueContainer Technologies and Transformational value
Container Technologies and Transformational value
Mihai Criveti
 
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedasTDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
tdc-globalcode
 
Oracle Blockchain Experience Day
Oracle Blockchain Experience DayOracle Blockchain Experience Day
Oracle Blockchain Experience Day
Juarez Junior
 
Ahmed El Mawaziny CV
Ahmed El Mawaziny CVAhmed El Mawaziny CV
Ahmed El Mawaziny CV
Ahmed El Mawaziny
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
Check Point Software Technologies
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2
 
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
ThousandEyes
 
Application Modernization to Accelerate Business Growth | JK Tech Webinar
Application Modernization to Accelerate Business Growth | JK Tech WebinarApplication Modernization to Accelerate Business Growth | JK Tech Webinar
Application Modernization to Accelerate Business Growth | JK Tech Webinar
JK Tech
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 
Innovation in the network – Adding value to voice OpenCloud Bouygues
Innovation in the network – Adding value to voice OpenCloud BouyguesInnovation in the network – Adding value to voice OpenCloud Bouygues
Innovation in the network – Adding value to voice OpenCloud Bouygues
Alan Quayle
 
Cloud Integration Strategy
Cloud Integration StrategyCloud Integration Strategy
Cloud Integration Strategy
Revelation Technologies
 
Company Profile - jvnetwroks resources sdn bhd
Company Profile - jvnetwroks resources sdn bhdCompany Profile - jvnetwroks resources sdn bhd
Company Profile - jvnetwroks resources sdn bhd
IT FIRST SDN BHD
 

Similar to Move Auth, Policy, and Resilience to the Platform (20)

CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
FIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case StudiesFIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case Studies
 
Guruprasad_Srinivasamurthy - CV
Guruprasad_Srinivasamurthy - CVGuruprasad_Srinivasamurthy - CV
Guruprasad_Srinivasamurthy - CV
 
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...
 
How Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHow Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data Center
 
Container Technologies and Transformational value
Container Technologies and Transformational valueContainer Technologies and Transformational value
Container Technologies and Transformational value
 
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedasTDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedas
 
Oracle Blockchain Experience Day
Oracle Blockchain Experience DayOracle Blockchain Experience Day
Oracle Blockchain Experience Day
 
Ahmed El Mawaziny CV
Ahmed El Mawaziny CVAhmed El Mawaziny CV
Ahmed El Mawaziny CV
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Application Modernization to Accelerate Business Growth | JK Tech Webinar
Application Modernization to Accelerate Business Growth | JK Tech WebinarApplication Modernization to Accelerate Business Growth | JK Tech Webinar
Application Modernization to Accelerate Business Growth | JK Tech Webinar
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 
Innovation in the network – Adding value to voice OpenCloud Bouygues
Innovation in the network – Adding value to voice OpenCloud BouyguesInnovation in the network – Adding value to voice OpenCloud Bouygues
Innovation in the network – Adding value to voice OpenCloud Bouygues
 
Cloud Integration Strategy
Cloud Integration StrategyCloud Integration Strategy
Cloud Integration Strategy
 
Company Profile - jvnetwroks resources sdn bhd
Company Profile - jvnetwroks resources sdn bhdCompany Profile - jvnetwroks resources sdn bhd
Company Profile - jvnetwroks resources sdn bhd
 

More from Christian Posta

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
Christian Posta
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
Christian Posta
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
Christian Posta
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
Christian Posta
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
Christian Posta
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
Christian Posta
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
Christian Posta
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
Christian Posta
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
Christian Posta
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
Christian Posta
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
Christian Posta
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
Christian Posta
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
Christian Posta
 

More from Christian Posta (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
 

Recently uploaded

this resume for sadika shaikh bca student
this resume for sadika shaikh bca studentthis resume for sadika shaikh bca student
this resume for sadika shaikh bca student
SadikaShaikh7
 
Corporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade LaterCorporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade Later
ScyllaDB
 
Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0
Neeraj Kumar Singh
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
Cynthia Thomas
 
Cassandra to ScyllaDB: Technical Comparison and the Path to Success
Cassandra to ScyllaDB: Technical Comparison and the Path to SuccessCassandra to ScyllaDB: Technical Comparison and the Path to Success
Cassandra to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...
Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...
Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...
shardda patel
 
Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...
Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...
Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...
jiaulalam7655
 
Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0
Neeraj Kumar Singh
 
Multimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with MilvusMultimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with Milvus
Zilliz
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
Enterprise Knowledge
 
Product Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdfProduct Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdf
gaydlc2513
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
Balancing Compaction Principles and Practices
Balancing Compaction Principles and PracticesBalancing Compaction Principles and Practices
Balancing Compaction Principles and Practices
ScyllaDB
 
ASIMOV: Enterprise RAG at Dialog Axiata PLC
ASIMOV: Enterprise RAG at Dialog Axiata PLCASIMOV: Enterprise RAG at Dialog Axiata PLC
ASIMOV: Enterprise RAG at Dialog Axiata PLC
Zilliz
 
Leveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptxLeveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptx
petabridge
 
Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...
Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...
Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...
anilsa9823
 
STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1
Dr. Jimmy Schwarzkopf
 
Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024
Prasta Maha
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
NTTDATA INTRAMART
 
Product Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdfProduct Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdf
gaydlc2513
 

Recently uploaded (20)

this resume for sadika shaikh bca student
this resume for sadika shaikh bca studentthis resume for sadika shaikh bca student
this resume for sadika shaikh bca student
 
Corporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade LaterCorporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade Later
 
Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
 
Cassandra to ScyllaDB: Technical Comparison and the Path to Success
Cassandra to ScyllaDB: Technical Comparison and the Path to SuccessCassandra to ScyllaDB: Technical Comparison and the Path to Success
Cassandra to ScyllaDB: Technical Comparison and the Path to Success
 
Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...
Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...
Churchgate Call Girls 👑VIP — Mumbai ☎️ 9910780858 🎀Niamh@ Churchgate Call Gi...
 
Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...
Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...
Call Girls Firozabad ☎️ +91-7426014248 😍 Firozabad Call Girl Beauty Girls Fir...
 
Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0
 
Multimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with MilvusMultimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with Milvus
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
 
Product Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdfProduct Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdf
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
Balancing Compaction Principles and Practices
Balancing Compaction Principles and PracticesBalancing Compaction Principles and Practices
Balancing Compaction Principles and Practices
 
ASIMOV: Enterprise RAG at Dialog Axiata PLC
ASIMOV: Enterprise RAG at Dialog Axiata PLCASIMOV: Enterprise RAG at Dialog Axiata PLC
ASIMOV: Enterprise RAG at Dialog Axiata PLC
 
Leveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptxLeveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptx
 
Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...
Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...
Call Girls Bangalore ☎️ +91-7426014248 😍 Bangalore Call Girl Beauty Girls Ban...
 
STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1
 
Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
 
Product Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdfProduct Listing Optimization Presentation - Gay De La Cruz.pdf
Product Listing Optimization Presentation - Gay De La Cruz.pdf
 

Move Auth, Policy, and Resilience to the Platform

  • 1. 1 | Copyright © 2022 Reducing Developer Overload: Moving Auth, Policy, and Resilience to the Platform
  • 2. 2 | Copyright © 2022 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io /in/ceposta
  • 3. 3 | Copyright © 2022 https://solo.io
  • 4. 4 | Copyright © 2022 Digital Experiences… Driven by APIs and Services
  • 5. 5 | Copyright © 2022 Silos - Conway’s Law
  • 6. 6 | Copyright © 2022 “Ticket Ops” to Drive Changes to APIs and Services
  • 7. 7 | Copyright © 2022 Platform Engineering ● Cross functional team ● Infrastructure integration ● Golden paths for delivery ● Internal Dev Portals ● Tenancy for teams Platform engineering: ● Accelerate business value ● Improve efficiencies ● Increase compliance ● Reduce costs/lockin Platform engineering outcomes:
  • 8. 8 | Copyright © 2022 You don’t start with pipes, electrical, doors and locks, but eventually you need them.
  • 9. 9 | Copyright © 2022 Internal Developer Platforms are like a House
  • 10. 10 | Copyright © 2022 ● Kubernetes / containers ● Microservices architecture ● Public cloud ● CI / CD / ArgoCD / GitOps ● Platform orchestration ● Metric collection (CPU, Network, Memory) Foundations
  • 11. 11 | Copyright © 2022 Platform Strategy
  • 12. 12 | Copyright © 2022 T-Mobile: 25% of time spent on non-functional reqs; 75% incidents caused by network misconfiguration
  • 13. 13 | Copyright © 2022 The platform is not finished. We need to modernize networking.
  • 14. 14 | Copyright © 2022 Outdated Assumptions and Network Control
  • 15. 15 | Copyright © 2022 Policy Bit Rot
  • 16. 16 | Copyright © 2022 Policy Bit Rot
  • 17. 17 | Copyright © 2022
  • 18. 18 | Copyright © 2022 Inefficiencies and Bottlenecks
  • 19. 19 | Copyright © 2022 Build it into the Code!
  • 20. 20 | Copyright © 2022 JWT Unravels your API Gateway!
  • 21. 21 | Copyright © 2022 ● Distributed implementation ● Declarative configuration ● Standard interfaces/integration ● Dynamic configuration ● Fine-grained, request-level auth/rate limit/policy enforcement ● Traffic control, circuit breaking, routing ● Metrics, logging, distributed tracing Modern Networking Needs for Internal Dev Platform
  • 22. 22 | Copyright © 2022 The House is not Finished!
  • 23. 23 | Copyright © 2022 Finishing the house
  • 24. 24 | Copyright © 2022 You need Plumbing, Electrical, Locks on Doors, etc
  • 25. 25 | Copyright © 2022 Modern Networking Solves Auth, Policy, Resilience ● Locks on doors ○ zero-trust, workload/request authentication, authorization, policy enforcement ● Air conditioning / thermostat ○ load balancing, timeouts, retries, circuit breaking ● Electrical / Piping ○ traffic control, load balancing, routing ● CO, fire, smoke detectors, cameras ○ metrics, distributed tracing, logging
  • 26. 26 | Copyright © 2022 Application Networking
  • 27. 27 | Copyright © 2022 Istio Service Mesh https://istio.io ● mTLS, mutual authentication, encryption ● Network, L7 observability ● Traffic control, resilience, failover ● Blue-green, canary release ● Driven by declarative configuration
  • 28. 28 | Copyright © 2022 Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/ Istio Ambient Mode A sidecar-less implementation of Istio Service Mesh Production ready as of Istio 1.22 (May 2024)
  • 29. 29 | Copyright © 2022 Demo
  • 30. 30 | Copyright © 2022 Istio Ambient Mode Pure L4 mode only, no L7
  • 31. 31 | Copyright © 2022 Istio Ambient Mode
  • 32. 32 | Copyright © 2022 Istio Ambient Mode L7 goes through “waypoint” proxy, in the network; L7 policies (retry, traffic splitting, canary, fine-grained authz, etc) applied here.
  • 33. 33 | Copyright © 2022 Istio Ambient Mode L7 goes through “waypoint” proxy (Envoy), in the network; Deploy multiple replicas of proxy for traffic sizing, high availability, etc.
  • 34. 34 | Copyright © 2022 Service Mesh For Less!
  • 35. 35 | Copyright © 2022 Istio Ambient Mode https://bit.ly/ambient-book
  • 36. 36 | Copyright © 2022 Auth, Policy, and Resilience
  • 37. 37 | Copyright © 2022 Location Singapore Revenue Approaching $1B Digital Banking Industry From Zero to 4th Largest Bank in Singapore within 2 Years Requires Trust CASE STUDY A Joint Venture between a Top 3 Bank in the UK (Operating in Asia) and Singapore Largest Loyalty Program launched one of Singapore’s first Digital Native Banks. The ambitious growth goals for the bank meant there was no time to waste selecting the technologies that would underpin the business. Regulators in Singapore keep strong standards on financial institutions, including the need to maintain a 99.95% uptime or greater as well as ensuring strong security across the banks infrastructure. With the help of Solo.io and Gloo, the bank was able to onboard 100K customers in the first 10 days of operating Business Goals Key tenants of the modernization initiative: ● Unified Stack - From Identity to Mesh, to CNI and GraphQL ● Multi-Cluster Orchestration ● GitOps deployments ● Event-Driven, Real Time Architecture Region APJ Benchmark Scale ● 100% Containerized ● 9 EKS Clusters in Production ● 400 to 600 Concurrent Pods During Peak Processing ● Mandate to meet 99.95% Uptime Customer Growth 100K First 10 Days 450K First 5 Months 1M+ Today Differentiators ● Single Solution providing significant cost savings through consolidation of disparate tools ● Multi-Cluster Mesh Enables transparent failover and ability to treat EKS clusters as “cattle” ● Unified Stack allows Bank to implement a trust “Defense in Depth” model from Identity to Network Policy Competition
  • 38. 38 | Copyright © 2022 Workload Identity and Authentication
  • 39. 39 | Copyright © 2022 Secure Production Identity Framework (for Everyone) • Intended to solve the “universal workload identity problem” • Independent of application type, network, or platform/cloud • Specified with URI strings • Verified via signed credentials (x509, JWT, etc) • API and workflow for attestation built into SPIFFE implementations • Intended to eliminate passwords, other secrets, etc
  • 40. 40 | Copyright © 2022 Who is Service A?
  • 41. 41 | Copyright © 2022 Identity for Workloads
  • 42. 42 | Copyright © 2022 Network Policy Based on Stable Workload Identity apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: allow-traffic-between-workloads namespace: your-namespace spec: selector: matchLabels: app: your-app action: ALLOW rules: - from: - source: principals: ["cluster.local/ns/your-namespace/sa/first-service-account"] to: - operation: principals: ["spiffe://example.org/ns/your-namespace/sa/second-service-account"]
  • 43. 43 | Copyright © 2022 Demo
  • 44. 44 | Copyright © 2022 IstioCon (2023)
  • 45. 45 | Copyright © 2022 Traffic Control Powerful load balancing IN THE NETWORK ● Fine-grained, request-based load balancing ● Region/Zone/Subset aware load balancing ● Retry/Timeout/Circuit breaker ● % based traffic splitting ● Header based traffic splitting
  • 46. 46 | Copyright © 2022 Global Routing / Failover
  • 47. 47 | Copyright © 2022 Circuit Breaker - Degrade gracefully when services are overwhelmed
  • 48. 48 | Copyright © 2022 Demo
  • 49. 49 | Copyright © 2022 Tying it all together
  • 50. 50 | Copyright © 2022 Offload Auth, Policy, and Resilience to the Platform!
  • 51. 51 | Copyright © 2022 ● Get code into production, safely! ● Increasing the release safety and velocity with: ○ High availability ○ Global routing ○ Failover ○ Resiliency ■ either planned, unplanned ■ migrations, re-deployments ● Canary releasing, blue/green, A/B testing ● Reducing MTTR ○ Metrics, distributed tracing, logging ● Reduce change failure rate Accelerating Business Value
  • 52. 52 | Copyright © 2022 ● Declarative configuration fits IaC automation, tenancy ● Better resource utilization / scale ● Eliminate silos, reduce ticket ops, reduce UI click Ops ● Reduce dependencies on other teams (self service) ● Teams to focus on business logic not complexity of networking ● Integrations with standard interfaces ● Reduce reliance on large proprietary vendor stacks with heavy license fees ● Smart traffic, networking control for zonal, region, data center networking costs Improve Efficiency, Reduce Costs
  • 53. 53 | Copyright © 2022 ● Zero trust network ○ Encryption, authentication, authorization ○ Central requirements for PCI-DSS, HIPPA, GDPR, etc ● Eliminate bespoke code for security, routing, load balancing ○ Especially across multiple languages, frameworks, etc ○ Easier to audit and understand ● Eliminate centralized bottlenecks, UI clicking, and ● Drive everything through Git so it’s trackable and auditable ● Organizational policy enforcement based on durable workload ID ○ Not ephemeral IP addresses or network segments Increase Compliance
  • 54. 54 | Copyright © 2022 Resources ● https://istio.io ● https://envoyproxy.io ● https://academy.solo.io ● See QR codes in slides!
  • 55. 55 | Copyright © 2022 Please Reach Out! VP, Global Field CTO, Solo.io @christianposta christian@solo.io /in/ceposta
  • 57. 57 | Copyright © 2022 Location Singapore Revenue Approaching $1B Digital Banking Industry From Zero to 4th Largest Bank in Singapore within 2 Years Requires Trust CASE STUDY A Joint Venture between a Top 3 Bank in the UK (Operating in Asia) and Singapore Largest Loyalty Program launched one of Singapore’s first Digital Native Banks. The ambitious growth goals for the bank meant there was no time to waste selecting the technologies that would underpin the business. Regulators in Singapore keep strong standards on financial institutions, including the need to maintain a 99.95% uptime or greater as well as ensuring strong security across the banks infrastructure. With the help of Solo.io and Gloo, the bank was able to onboard 100K customers in the first 10 days of operating Business Goals Key tenants of the modernization initiative: ● Unified Stack - From Identity to Mesh, to CNI and GraphQL ● Multi-Cluster Orchestration ● GitOps deployments ● Event-Driven, Real Time Architecture Region APJ Benchmark Scale ● 100% Containerized ● 9 EKS Clusters in Production ● 400 to 600 Concurrent Pods During Peak Processing ● Mandate to meet 99.95% Uptime Customer Growth 100K First 10 Days 450K First 5 Months 1M+ Today Differentiators ● Single Solution providing significant cost savings through consolidation of disparate tools ● Multi-Cluster Mesh Enables transparent failover and ability to treat EKS clusters as “cattle” ● Unified Stack allows Bank to implement a trust “Defense in Depth” model from Identity to Network Policy Competition
  • 58. 58 | Copyright © 2022
  • 59. 59 | Copyright © 2022 API Management at Google
  • 60. 60 | Copyright © 2022 Massive outage
  • 61. 61 | Copyright © 2022 Optimize Proxy Placement