Developer's time is the most crucial resource in an enterprise IT organization. Too much time is spent on undifferentiated heavy lifting and in the world of APIs and microservices much of that is spent on non-functional, cross-cutting networking requirements like security, observability, and resilience.
As organizations reconcile their DevOps practices into Platform Engineering, tools like Istio help alleviate developer pain. In this talk we dig into what that pain looks like, how much it costs, and how Istio has solved these concerns by examining three real-life use cases. As this space continues to emerge, and innovation has not slowed, we will also discuss the recently announced Istio sidecar-less mode which significantly reduces the hurdles to adopt Istio within Kubernetes or outside Kubernetes.
Galileo Platforms is developing an insurance platform using blockchain technology to connect insurers, distributors and other participants. The platform provides a full digital experience for clients from quotes to claims. It aims to help insurers address challenges in legacy systems and incomplete digital experiences. The platform uses a private, permissioned blockchain with smart contracts and APIs. It has made progress in areas like credentialing, products and claims. Galileo sees benefits for all parties including new distribution channels and data analytics.
Managing User Experience During Cloud MigrationseG Innovations
Competition in the digital services world is about managing the customer experience. The cloud is an operating model, and migrating workloads to the cloud involves much more than ‘lift & shift’. In fact, the heavy lifting of cloud migrations may be much more about people than technologies.
Managing customer expectations requires that the user experience be at least as good—if not better—after a cloud migration than it was before the migration took place. Customers really don’t care about the ‘cloud’ per se, they care about the outcomes that cloud-based services can provide.
Learn how you can manage customer expectations and leverage services-oriented monitoring as a program of work within a cloud migration.
The Current And Future State Of Service MeshRam Vennam
This document discusses the current and future state of service mesh. It provides an overview of Solo.io, including its leadership team members and growth. It then discusses key functions of service meshes like Istio including traffic control and policy enforcement. The document outlines considerations for extending the data plane, such as with GraphQL and eBPF. It argues that optimizing the data plane is an area of ongoing innovation and discusses tradeoffs between different data plane architectures.
Istio ambient mesh uses a sidecar-less data plane that focuses on ease of operations, incremental adoption, and separation of security boundaries for applications and mesh infrastructure.
In this webinar, we'll explore:
- The forces of modernization and compliance pressures,
- How Zero Trust Architecture (ZTA) can help, and
- How Istio ambient mesh lowers the barrier for establishing the properties necessary to achieve Zero Trust and compliance
Presented at Spacewalk 2023
Presented by Christian Posta, solo.io
Title: The Future of Service Mesh
Abstract: Service mesh is a powerful way to solve cross-cutting application-networking concerns, such as load balancing, service resilience, observability, and security. Adopting a mesh for your services can save hundreds of hours of developer time and reduce the burden placed on operations. In this talk we'll explore some common use cases for service mesh, look at some case studies, and then dig into innovation happening in this space such as "sidecar-less" service mesh.
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
The document provides an overview of a ThousandEyes proof of concept process. It discusses identifying opportunities, defining success criteria, executing the PoC, and developing a go-forward plan. The success criteria section outlines metrics like reducing mean time to identify and resolve issues, improving visibility, and moving from reactive to proactive monitoring. The overall goal is to demonstrate how ThousandEyes can help lower troubleshooting times and improve the digital experience for end users and applications.
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceThousandEyes
The document provides an overview of conducting a proof of concept (PoC) with ThousandEyes. It outlines the key stages of the PoC process, including preparation, trial active period, and go-forward planning. Success criteria for evaluating digital experience are also presented, such as correlating application performance with infrastructure issues, reducing troubleshooting time, and gaining proactive monitoring capabilities. The document emphasizes focusing the PoC on defined success criteria and having experts available for support during the trial period. A demo is also included to illustrate ThousandEyes capabilities.
The document discusses the new enterprise reality of hybrid workers, modern app architectures, software as a service (SaaS) adoption, and agile networks. It notes that enterprise IT is rapidly losing visibility and control as infrastructure is provisioned at the edge and outages can be caused by external providers. ThousandEyes provides cloud and network intelligence to give enterprises deep visibility into every layer of the network and applications to help optimize digital experiences. This includes monitoring application performance, network paths, routing, and correlating data to identify issues. ThousandEyes has agents around the world and integrates with popular platforms.
Galileo Platforms is developing an insurance platform using blockchain technology to connect insurers, distributors and other participants. The platform provides a full digital experience for clients from quotes to claims. It aims to help insurers address challenges in legacy systems and incomplete digital experiences. The platform uses a private, permissioned blockchain with smart contracts and APIs. It has made progress in areas like credentialing, products and claims. Galileo sees benefits for all parties including new distribution channels and data analytics.
Managing User Experience During Cloud MigrationseG Innovations
Competition in the digital services world is about managing the customer experience. The cloud is an operating model, and migrating workloads to the cloud involves much more than ‘lift & shift’. In fact, the heavy lifting of cloud migrations may be much more about people than technologies.
Managing customer expectations requires that the user experience be at least as good—if not better—after a cloud migration than it was before the migration took place. Customers really don’t care about the ‘cloud’ per se, they care about the outcomes that cloud-based services can provide.
Learn how you can manage customer expectations and leverage services-oriented monitoring as a program of work within a cloud migration.
The Current And Future State Of Service MeshRam Vennam
This document discusses the current and future state of service mesh. It provides an overview of Solo.io, including its leadership team members and growth. It then discusses key functions of service meshes like Istio including traffic control and policy enforcement. The document outlines considerations for extending the data plane, such as with GraphQL and eBPF. It argues that optimizing the data plane is an area of ongoing innovation and discusses tradeoffs between different data plane architectures.
Istio ambient mesh uses a sidecar-less data plane that focuses on ease of operations, incremental adoption, and separation of security boundaries for applications and mesh infrastructure.
In this webinar, we'll explore:
- The forces of modernization and compliance pressures,
- How Zero Trust Architecture (ZTA) can help, and
- How Istio ambient mesh lowers the barrier for establishing the properties necessary to achieve Zero Trust and compliance
Presented at Spacewalk 2023
Presented by Christian Posta, solo.io
Title: The Future of Service Mesh
Abstract: Service mesh is a powerful way to solve cross-cutting application-networking concerns, such as load balancing, service resilience, observability, and security. Adopting a mesh for your services can save hundreds of hours of developer time and reduce the burden placed on operations. In this talk we'll explore some common use cases for service mesh, look at some case studies, and then dig into innovation happening in this space such as "sidecar-less" service mesh.
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
The document provides an overview of a ThousandEyes proof of concept process. It discusses identifying opportunities, defining success criteria, executing the PoC, and developing a go-forward plan. The success criteria section outlines metrics like reducing mean time to identify and resolve issues, improving visibility, and moving from reactive to proactive monitoring. The overall goal is to demonstrate how ThousandEyes can help lower troubleshooting times and improve the digital experience for end users and applications.
Getting Started With ThousandEyes Proof of Concepts: End User Digital ExperienceThousandEyes
The document provides an overview of conducting a proof of concept (PoC) with ThousandEyes. It outlines the key stages of the PoC process, including preparation, trial active period, and go-forward planning. Success criteria for evaluating digital experience are also presented, such as correlating application performance with infrastructure issues, reducing troubleshooting time, and gaining proactive monitoring capabilities. The document emphasizes focusing the PoC on defined success criteria and having experts available for support during the trial period. A demo is also included to illustrate ThousandEyes capabilities.
The document discusses the new enterprise reality of hybrid workers, modern app architectures, software as a service (SaaS) adoption, and agile networks. It notes that enterprise IT is rapidly losing visibility and control as infrastructure is provisioned at the edge and outages can be caused by external providers. ThousandEyes provides cloud and network intelligence to give enterprises deep visibility into every layer of the network and applications to help optimize digital experiences. This includes monitoring application performance, network paths, routing, and correlating data to identify issues. ThousandEyes has agents around the world and integrates with popular platforms.
The document summarizes a CNCF webinar about Project Updates with LitmusChaos. The webinar agenda covers what's new in LitmusChaos 2.0, use cases from iFood and HaloDoc, and a demo of making an e-commerce application resilient. For iFood, the challenges of a growing online food delivery platform moving to microservices are described. For HaloDoc, the service reliability challenges of a hybrid cloud-native healthcare application are covered. LitmusChaos helps both companies by providing experiments, observability, and automation to test reliability.
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
The document provides an overview and agenda for a ThousandEyes proof of concept. It discusses the ThousandEyes overview, identifying opportunities, defining success criteria, executing the proof of concept, and includes a demo. The agenda includes preparing for the proof of concept over two weeks, running the active trial for 4-6 weeks, and developing a go-forward plan over another two weeks. It also discusses best practices for executing the proof of concept and ensuring a focus on the defined success criteria.
FIDO in Action: Real World Development Case StudiesFIDO Alliance
This document summarizes case studies of two companies, Intuit and T-Mobile, deploying passwordless authentication using Nok Nok's FIDO solution. Intuit wanted to improve security while providing a seamless customer experience on mobile and web. Their implementation of Nok Nok's FIDO reduced authentication failures from 20-15% to under 1% and cut authentication time by 20%. T-Mobile aimed to reduce password pains and increase confidence in the right user accessing accounts. Their rollout of Nok Nok's FIDO cut password resets by 65% and saw 50% adoption in the first 5 months. Both companies were able to successfully deploy modern, standards-based passwordless authentication improving the customer experience
Guruprasad Srinivasamurthy has over 15 years of experience in testing services for the telecom, banking, and investment domains. He has worked on projects for clients like Infosys, Bank of America, Rogers, Motorola, and Del Tree. Currently he is a project manager at Infosys working on a data-less key implementation for Fidelity Investments.
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...Equinix
Maximize the Capabilities of Oracle® GoldenGate: Replicate Data Bi-Directionally across Data Centers with Equinix. Read our blog post here: https://blog.equinix.com/blog/2018/06/27/maximize-the-capabilities-of-oracle-goldengate/
How Cloud Providers are Playing with Traditional Data CenterHostway|HOSTING
The keynote presentation discusses how cloud providers are impacting traditional data centers. It notes that as companies grow from startups to established enterprises, their hosting needs change from fully public cloud to hybrid models. The presentation outlines the tradeoffs of different hosting options like owning your own data center, colocation, managed hosting, and public cloud. It argues that a hybrid multi-cloud approach combining on-premises, dedicated, managed, public and other specialty clouds provides the most flexibility, cost savings, and ability to put the right workload in the right environment. Case studies are presented showing how hybrid cloud delivered major cost reductions and performance gains for Explore.org and enabled critical security and compliance requirements for Samsung. The presentation concludes that
Container Technologies and Transformational valueMihai Criveti
Transformational value for container technologies - the business impact of Digital Transformation to Cloud Native technologies.
A brief overview of the technology impact of containers, OpenShift and automation.
Talk delivered at Guide Share Europe Conference 2021: https://www.youtube.com/watch?v=1QunNECL26M
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedastdc-globalcode
Blockchain technologies can enable trusted transactions by providing a distributed digital ledger of transactions and asset transfers. The document discusses several use cases of blockchain including enabling global payments, improving supply chain visibility and traceability, facilitating trade finance and private equity administration, and addressing challenges in renewable energy flexibility and aircraft maintenance records. Blockchain allows for near real-time sharing of information across organizations on a secure immutable platform.
This document provides a summary of Ahmed El Mawaziny's experience and skills. It includes details about his roles as a Senior Software Architect, Technology Team Lead, and Senior Software Engineer. It lists the programming languages, frameworks, databases, cloud platforms, and other tools he has experience with. It also summarizes several software projects he has worked on, including for the Saudi Ministry of Commerce, the Egyptian Electricity Holding Company, UniCare medical insurance, and others.
Migrating Datacenters to AWS with Automated Security with Don Meyer (Head of Cloud Marketing, Check Point), Amit Schnitzer (Cloud Solutions Expert, Check Point) and Dr. Alexander Zimmermann (Cloud Architect, Accenture)
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Synchronous Communication Patterns: A journey from ESB to APIs & Service Mesh
Sébastien Bergougnoux, CEO at Devoteam I nexDigital
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
This document outlines the process for conducting a proof of concept (PoC) using ThousandEyes, which provides internet and cloud monitoring. It begins with an overview and agenda. It then discusses identifying opportunities by qualifying customer problems and priorities. Success criteria for the PoC are defined, such as improving visibility, reducing troubleshooting time, and proactive monitoring. The execution process is explained, including installing agents, creating tests, building dashboards, and continuous monitoring. A demo is provided, followed by resources and next steps. The overall goal of the PoC is to demonstrate ThousandEyes' business value for the customer in addressing their specific needs.
Guardicore - Shrink Your Attack Surface with Micro-SegmentationCSNP
1) The document discusses micro-segmentation as a better strategy than traditional network segmentation approaches for securing hybrid cloud environments. It argues micro-segmentation provides better visibility, faster deployment, and flexibility compared to VLANs.
2) Various use cases are presented where software-defined segmentation was able to simplify and accelerate compliance efforts for critical applications like SWIFT and PCI in complex, multi-cloud environments.
3) Guardicore is introduced as a company providing software-defined segmentation to securely protect critical assets across on-premises and cloud environments through a simple and intuitive centralized management platform.
Innovation in the network – Adding value to voice OpenCloud BouyguesAlan Quayle
Innovation in the network – Adding value to voice. TADSummit 12-13 November, Istanbul, Point Hotel Taksim. Patrice Crutel Senior Architect - Core Network & Services, Mark Windle, Head of Marketing, OpenCloud.
Learn about various cloud integration strategies, and how API Gateways fit into the schema of things. Learn about cloud integration development lifecycles and cloud integration strategies.
We specializing in:
- HD Video Conferencing & LIVE Streaming Solution for Education, Hospital, Graphic Design Industry
- Dedicated High Speed Broadband for House, SME & Corporate.
- NGV (New Generation Voice) Solution : eg: Unlimited Free Call Saving Solution for Telemarketing, Call
Centre
- New Smart Wi-Fi Solution for SME & huge Mall.
- Intelligent Cloud Solution (ERP, POS, CRM) for Chain Stores, SME, Hotel, Customer Service Centre
- Comprehensive Raised Floor, Cooling, Fireproof solution for DataCentre
- Comprehensive Network Infra, Structured Cabling Works for NEW Startup Business, Offices & Buildings.
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
Service mesh is a powerful pattern for implementing strong zero-trust networking practices, introducing better network observability, and allowing for more fine-grained traffic control. Up until now, the sidecar pattern was used to implement service-mesh capability but as the technology matures, a new pattern has emerged: sidecarless service mesh. Two prominent open-source networking projects, Cilium and Istio, have implemented a sidecar-free approach to service mesh but they both make interesting design decisions and tradeoffs. In this talk we review the architecture of both, focusing on the pros and cons of implementations such as mutual authentication, ingress, and observability.
Understanding Wireguard, TLS and Workload IdentityChristian Posta
Zero Trust Networking has become a standard marketing buzzword but the underlying principles are critical for modern microservice-style architectures. Authentication, authorizations, policy, etc. can be difficult to implement between services and do so in a maintainable way. Google invented their own transparent encryption and authorization protocol called "ALTS" back in 2007 to serve the application layer of Google's Borg workload scheduler, but we don't see others using it outside Google.
In this webinar we look at existing technology like TLS and newcomer Wireguard and see how these technologies come together to provide a secure foundation for workload identity and modern service-to-service networking.
More Related Content
Similar to Move Auth, Policy, and Resilience to the Platform
The document summarizes a CNCF webinar about Project Updates with LitmusChaos. The webinar agenda covers what's new in LitmusChaos 2.0, use cases from iFood and HaloDoc, and a demo of making an e-commerce application resilient. For iFood, the challenges of a growing online food delivery platform moving to microservices are described. For HaloDoc, the service reliability challenges of a hybrid cloud-native healthcare application are covered. LitmusChaos helps both companies by providing experiments, observability, and automation to test reliability.
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
The document provides an overview and agenda for a ThousandEyes proof of concept. It discusses the ThousandEyes overview, identifying opportunities, defining success criteria, executing the proof of concept, and includes a demo. The agenda includes preparing for the proof of concept over two weeks, running the active trial for 4-6 weeks, and developing a go-forward plan over another two weeks. It also discusses best practices for executing the proof of concept and ensuring a focus on the defined success criteria.
FIDO in Action: Real World Development Case StudiesFIDO Alliance
This document summarizes case studies of two companies, Intuit and T-Mobile, deploying passwordless authentication using Nok Nok's FIDO solution. Intuit wanted to improve security while providing a seamless customer experience on mobile and web. Their implementation of Nok Nok's FIDO reduced authentication failures from 20-15% to under 1% and cut authentication time by 20%. T-Mobile aimed to reduce password pains and increase confidence in the right user accessing accounts. Their rollout of Nok Nok's FIDO cut password resets by 65% and saw 50% adoption in the first 5 months. Both companies were able to successfully deploy modern, standards-based passwordless authentication improving the customer experience
Guruprasad Srinivasamurthy has over 15 years of experience in testing services for the telecom, banking, and investment domains. He has worked on projects for clients like Infosys, Bank of America, Rogers, Motorola, and Del Tree. Currently he is a project manager at Infosys working on a data-less key implementation for Fidelity Investments.
Maximize the Capabilities of Oracle® Golden Gate: Replicate Data Bi-Direction...Equinix
Maximize the Capabilities of Oracle® GoldenGate: Replicate Data Bi-Directionally across Data Centers with Equinix. Read our blog post here: https://blog.equinix.com/blog/2018/06/27/maximize-the-capabilities-of-oracle-goldengate/
How Cloud Providers are Playing with Traditional Data CenterHostway|HOSTING
The keynote presentation discusses how cloud providers are impacting traditional data centers. It notes that as companies grow from startups to established enterprises, their hosting needs change from fully public cloud to hybrid models. The presentation outlines the tradeoffs of different hosting options like owning your own data center, colocation, managed hosting, and public cloud. It argues that a hybrid multi-cloud approach combining on-premises, dedicated, managed, public and other specialty clouds provides the most flexibility, cost savings, and ability to put the right workload in the right environment. Case studies are presented showing how hybrid cloud delivered major cost reductions and performance gains for Explore.org and enabled critical security and compliance requirements for Samsung. The presentation concludes that
Container Technologies and Transformational valueMihai Criveti
Transformational value for container technologies - the business impact of Digital Transformation to Cloud Native technologies.
A brief overview of the technology impact of containers, OpenShift and automation.
Talk delivered at Guide Share Europe Conference 2021: https://www.youtube.com/watch?v=1QunNECL26M
TDC2018FLN | Trilha Blockchain - BlockChain Casos de Usos alem das CryptoMoedastdc-globalcode
Blockchain technologies can enable trusted transactions by providing a distributed digital ledger of transactions and asset transfers. The document discusses several use cases of blockchain including enabling global payments, improving supply chain visibility and traceability, facilitating trade finance and private equity administration, and addressing challenges in renewable energy flexibility and aircraft maintenance records. Blockchain allows for near real-time sharing of information across organizations on a secure immutable platform.
This document provides a summary of Ahmed El Mawaziny's experience and skills. It includes details about his roles as a Senior Software Architect, Technology Team Lead, and Senior Software Engineer. It lists the programming languages, frameworks, databases, cloud platforms, and other tools he has experience with. It also summarizes several software projects he has worked on, including for the Saudi Ministry of Commerce, the Egyptian Electricity Holding Company, UniCare medical insurance, and others.
Migrating Datacenters to AWS with Automated Security with Don Meyer (Head of Cloud Marketing, Check Point), Amit Schnitzer (Cloud Solutions Expert, Check Point) and Dr. Alexander Zimmermann (Cloud Architect, Accenture)
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Synchronous Communication Patterns: A journey from ESB to APIs & Service Mesh
Sébastien Bergougnoux, CEO at Devoteam I nexDigital
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
This document outlines the process for conducting a proof of concept (PoC) using ThousandEyes, which provides internet and cloud monitoring. It begins with an overview and agenda. It then discusses identifying opportunities by qualifying customer problems and priorities. Success criteria for the PoC are defined, such as improving visibility, reducing troubleshooting time, and proactive monitoring. The execution process is explained, including installing agents, creating tests, building dashboards, and continuous monitoring. A demo is provided, followed by resources and next steps. The overall goal of the PoC is to demonstrate ThousandEyes' business value for the customer in addressing their specific needs.
Guardicore - Shrink Your Attack Surface with Micro-SegmentationCSNP
1) The document discusses micro-segmentation as a better strategy than traditional network segmentation approaches for securing hybrid cloud environments. It argues micro-segmentation provides better visibility, faster deployment, and flexibility compared to VLANs.
2) Various use cases are presented where software-defined segmentation was able to simplify and accelerate compliance efforts for critical applications like SWIFT and PCI in complex, multi-cloud environments.
3) Guardicore is introduced as a company providing software-defined segmentation to securely protect critical assets across on-premises and cloud environments through a simple and intuitive centralized management platform.
Innovation in the network – Adding value to voice OpenCloud BouyguesAlan Quayle
Innovation in the network – Adding value to voice. TADSummit 12-13 November, Istanbul, Point Hotel Taksim. Patrice Crutel Senior Architect - Core Network & Services, Mark Windle, Head of Marketing, OpenCloud.
Learn about various cloud integration strategies, and how API Gateways fit into the schema of things. Learn about cloud integration development lifecycles and cloud integration strategies.
We specializing in:
- HD Video Conferencing & LIVE Streaming Solution for Education, Hospital, Graphic Design Industry
- Dedicated High Speed Broadband for House, SME & Corporate.
- NGV (New Generation Voice) Solution : eg: Unlimited Free Call Saving Solution for Telemarketing, Call
Centre
- New Smart Wi-Fi Solution for SME & huge Mall.
- Intelligent Cloud Solution (ERP, POS, CRM) for Chain Stores, SME, Hotel, Customer Service Centre
- Comprehensive Raised Floor, Cooling, Fireproof solution for DataCentre
- Comprehensive Network Infra, Structured Cabling Works for NEW Startup Business, Offices & Buildings.
Similar to Move Auth, Policy, and Resilience to the Platform (20)
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
Service mesh is a powerful pattern for implementing strong zero-trust networking practices, introducing better network observability, and allowing for more fine-grained traffic control. Up until now, the sidecar pattern was used to implement service-mesh capability but as the technology matures, a new pattern has emerged: sidecarless service mesh. Two prominent open-source networking projects, Cilium and Istio, have implemented a sidecar-free approach to service mesh but they both make interesting design decisions and tradeoffs. In this talk we review the architecture of both, focusing on the pros and cons of implementations such as mutual authentication, ingress, and observability.
Understanding Wireguard, TLS and Workload IdentityChristian Posta
Zero Trust Networking has become a standard marketing buzzword but the underlying principles are critical for modern microservice-style architectures. Authentication, authorizations, policy, etc. can be difficult to implement between services and do so in a maintainable way. Google invented their own transparent encryption and authorization protocol called "ALTS" back in 2007 to serve the application layer of Google's Borg workload scheduler, but we don't see others using it outside Google.
In this webinar we look at existing technology like TLS and newcomer Wireguard and see how these technologies come together to provide a secure foundation for workload identity and modern service-to-service networking.
The document discusses Cilium and Istio with Gloo Mesh. It provides an overview of Gloo Mesh, an enterprise service mesh for multi-cluster, cross-cluster and hybrid environments based on upstream Istio. Gloo Mesh focuses on ease of use, powerful best practices built in, security, and extensibility. It allows for consistent API for multi-cluster north-south and east-west policy, team tenancy with service mesh as a service, and driving everything through GitOps.
This document discusses service mesh patterns for connecting microservices across multiple clusters. It describes using Envoy proxy to provide service discovery, load balancing, security and resiliency. Patterns are presented for connecting services across clusters with flat, controlled or separate networks. Managing connectivity across clusters can increase operator burden. Gloo Mesh is presented as a way to simplify management across multiple clusters with a centralized control plane.
Multicluster Kubernetes and Service Mesh PatternsChristian Posta
Building applications for cloud-native infrastructure that are resilient, scalable, secure, and meet compliance and IT objectives gets complicated. Another wrinkle for the organizations with which we work is the fact they need to run across a hybrid deployment footprint, not just Kubernetes. At Solo.io, we build application networking technology on Envoy Proxy that helps solve difficult multi-deployment, multi-cluster, and even multi-mesh problems.
In this webinar, we’re going to explore different options and patterns for building secure, scalable, resilient applications using technology like Kubernetes and Service Mesh without leaving behind existing IT investments. We’ll see why and when to use multi-cluster topologies, how to build for high availability and team autonomy, and solve for things like service discovery, identity federation, traffic routing, and access control.
Cloud-Native Application Debugging with Envoy and Service MeshChristian Posta
Microservices have been great for accelerating the software innovation and delivery, but they also present new challenges, especially as abstractions and automated orchestration at every layer make pinpointing the issue seem like walking around a maze with a blindfold. Existing tools weren’t designed for distributed environments, and the new tools need to consider how to leverage these abstraction layers to better observe, test, and troubleshoot issues.
Christian Posta walks you through Envoy Proxy and service mesh architecture for L7 data plane, the key features in Envoy that can help in debugging and troubleshooting, chaos engineering as a testing methodology for microservices, how to approach a testing and debugging framework for microservices, and new open source tools that address these areas. You’ll explore a workflow to discover and resolve microservices issues, including injecting experiments for stress testing the applications, gathering requests in flight, recording and replaying them, and debugging them step by step without affecting production traffic.
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
Kubernetes users need to allow traffic to flow into and within the cluster. Treating the application traffic separately from the business logic allows presents new possibilities in how service to service traffic is served, controlled and observed — and provides a transition to intra cluster networking like Service Mesh. With microservices, there is a concept of both North / South traffic (incoming requests from end users to the cluster) and East / West (intra cluster) communication between the services. In this talk we will explain how Envoy Proxy works in Kubernetes as a proxy for both of these traffic directions and how it can be leveraged to do things like traffic shaping, security, and integrate the north/south to east/west behavior.
Christian Posta (@christianposta) is Global Field CTO at Solo.io, former Chief Architect at Red Hat, and well known in the community for being an author (Istio in Action, Manning, Istio Service Mesh, O'Reilly 2018, Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects including Istio, Kubernetes, and many others. Christian has spent time at both enterprises as well as web-scale companies and now helps companies create and deploy large-scale, cloud-native resilient, distributed architectures. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, devops, and cloud-native application design.
The exploration of service mesh for any organization comes with some serious questions. What data plane should I use? How does this tie in with my existing API infrastructure? What kind of overhead do sidecar proxies demand? As I've seen in my work with various organizations over the years "if you have a successful microservices deployment, then you have a service mesh whether it’s explicitly optimized as one or not."
In this talk, we seek to understand the role of the data plane and how to pick the right component for the problem context. We start off by establishing the spectrum of data-plane components from shared gateways to in-code libraries with service proxies being along that spectrum. We clearly identify which scenarios would benefit from which part of the data-plane spectrum and show how modern service meshes including Istio, Linkerd, and Consul enable these optimizations.
Deep Dive: Building external auth plugins for Gloo EnterpriseChristian Posta
Using the plugin framework for Ext. Auth Service in Gloo Enterprise, we can build any custom AuthN/AuthZ plugins to handle security requirements not provided out of the box.
Role of edge gateways in relation to service mesh adoptionChristian Posta
API Gateways provide functionality like rate limiting, authentication, request routing, reporting, and more. If you’ve been following the rise in service-mesh technologies, you’ll notice there is a lot of overlap with API Gateways when solving some of the challenges of microservices. If service mesh can solve these same problems, you may wonder whether you really need a dedicated API Gateway solution?
The reality is there is some nuance in the problems solved at the edge (API Gateway) compared to service-to-service communication (service mesh) within a cluster. But with the evolution of cluster-deployment patterns, these nuances are becoming less important. What’s more important is that the API Gateway is evolving to live at a layer above service mesh and not directly overlapping with it. In other words, API Gateways are evolving to solve application-level concerns like aggregation, transformation, and deeper context and content-based routing as well as fitting into a more self-service, GitOps style workflow.
In this talk we put aside the “API Gateway” infrastructure as we know it today and go back to first principles with the “API Gateway pattern” and revisit the real problems we’re trying to solve. Then we’ll discuss pros and cons of alternative ways to implement the API Gateway pattern and finally look at open source projects like Envoy, Kubernetes, and GraphQL to see how the “API Gateway pattern” actually becomes the API for our applications while coexisting nicely with a service mesh (if you adopt a service mesh).
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
The document discusses various service mesh options including Linkerd, Consul Connect, Istio, and AWS App Mesh. It provides an overview of each solution, describing their key features and strengths/opportunities. It emphasizes that the service mesh approach is useful for managing inter-service communication and that implementations are still evolving. It recommends starting simply and iteratively adopting capabilities to match needs.
Distributed microservices introduce new challenges: failure modes are harder to anticipate and resolve. In this session, we present a “Chaos Debugging” framework enabled by three open source projects: Gloo Shot, Squash, and Loop to help you increase your microservices’ “immunity” to issues.
Gloo Shot integrates with any service mesh to implement advanced, realistic chaos experiments. Squash connects powerful and mature debuggers (gdb, dlv, java debugging) to your microservices while they run in Kubernetes. Loop extends the capability of your service mesh to observe your application and record full transactions for sandboxed replay and debugging.
Come to this demo-heavy talk to see how together, Squash, Gloo Shot, and Loop allow you to trigger, replay, and investigate failure modes of your microservices in a language agnostic and efficient manner without requiring any changes to your code.
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Christian Posta
If you have an existing Java monolith, you know you must take care making changes to it or altering it in any negative way. Often times these monoliths are very valuable to the business and generate a lot of revenue. At the same time, since it’s difficult to make changes to the monolith it’s desirable to move to a microservices architecture. Unfortunately you cannot just do a big-bang migration to a greenfield architecture and will have to incrementally adopt microservices. In this talk, we’ll look at using Gloo proxy which is based on Envoy Proxy and GraphQL to do surgical, function-level traffic control and API aggregation to safely migrate your monolith to microservices and serverless functions.
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshChristian Posta
Service mesh abstracts the network from developers to solve three main pain points:
How do services communicate securely with one another
How can services implement network resilience
When things go wrong, can we identify what and why
Service mesh implementations usually follow a similar architecture: traffic flows through control points between services (usually service proxies deployed as sidecar processes) while an out-of-band set of nodes is responsible for defining the behavior and management of the control points. This loosely breaks out into an architecture of a "data plane" through which requests flow and a "control plane" for managing a service mesh.
Different service mesh implementations use different data planes depending on their use cases and familiarity with particular technology. The control plane implementations vary between service-mesh implementations as well. In this talk, we'll take a look at three different control plane implementations with Istio, Linkerd and Consul, their strengths, and their specific tradeoffs to see how they chose to solve each of the three pain points from above. We can use this information to make choices about a service mesh or to inform our journey if we choose to build a control plane ourselves.
The document summarizes the new features of Istio 1.1, an open-source service mesh. Some key highlights include improved performance and scalability, namespace isolation, multi-cluster capabilities, easier installation with Helm, and locality-aware load balancing. A new Sidecar resource was introduced to improve performance by configuring resources for individual proxies. The presentation demonstrates performance improvements with the Sidecar resource and highlights additional functionality in Istio like traffic control and metrics collection.
API Gateways are going through an identity crisisChristian Posta
API Gateways provide functionality like rate limiting, authentication, request routing, reporting, and more. If you've been following the rise in service-mesh technologies, you'll notice there is a lot of overlap with API Gateways when solving some of the challenges of microservices. If service mesh can solve these same problems, you may wonder whether you really need a dedicated API Gateway solution?
The reality is there is some nuance in the problems solved at the edge (API Gateway) compared to service-to-service communication (service mesh) within a cluster. But with the evolution of cluster-deployment patterns, these nuances are becoming less important. What's more important is that the API Gateway is evolving to live at a layer above service mesh and not directly overlapping with it. In other words, API Gateways are evolving to solve application-level concerns like aggregation, transformation, and deeper context and content-based routing as well as fitting into a more self-service, GitOps style workflow.
In this talk we put aside the "API Gateway" infrastructure as we know it today and go back to first principles with the "API Gateway pattern" and revisit the real problems we're trying to solve. Then we'll discuss pros and cons of alternative ways to implement the API Gateway pattern and finally look at open source projects like Envoy, Kubernetes, and GraphQL to see how the "API Gateway pattern" actually becomes the API for our applications while coexisting nicely with a service mesh (if you adopt a service mesh).
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...Christian Posta
Cloud-native describes a way of building applications on a cloud platform to iteratively discover and deliver business value. We now have access to a lot of similar technology that the large internet companies pioneered and used to their advantage to dominate their respective markets. What challenges arise when we start building applications to take advantage of this new technology?
In this talk we'll explore the role of service meshes when building distributed systems, why they make sense, and where they don't make sense. We will look at a class of problem that crops up that service mesh cannot solve, but that frameworks and even new programming languages like Ballerina are aiming to solve
Service-mesh technology promises to deliver a lot of value to a cloud-native application, but it doesn't come without some hype. In this talk, we'll look at what is a "service mesh", how it compares to similar technology (Netflix OSS, API Management, ESBs, etc) and what options for service mesh exist today.
Knative builds on Kubernetes and Istio to provide "PaaS-like abstractions" that raise the level of abstraction for specifying, running, and modifying applications. Knative includes building blocks like Knative Serving for autoscaling container workloads to zero, Knative Eventing for composing event-driven services, Knative Build for building containers from source, and Knative Pipelines for abstracting CI/CD pipelines. While Knative can run any type of container, its building blocks help enable serverless-style functions by allowing compute resources to scale to zero and be driven by event loads.
Service-mesh technology promises to deliver a lot of value to a cloud-native application, but it doesn't come without some hype. In this talk, we'll look at what is a "service mesh", how it compares to similar technology (Netflix OSS, API Management, ESBs, etc) and what options for service mesh exist today.
this resume for sadika shaikh bca studentSadikaShaikh7
I am a dedicated BCA student with a strong foundation in web technologies, including PHP and MySQL. I have hands-on experience in Java and Python, and a solid understanding of data structures. My technical skills are complemented by my ability to learn quickly and adapt to new challenges in the ever-evolving field of computer science.
Corporate Open Source Anti-Patterns: A Decade LaterScyllaDB
A little over a decade ago, I gave a talk on corporate open source anti-patterns, vowing that I would return in ten years to give an update. Much has changed in the last decade: open source is pervasive in infrastructure software, with many companies (like our hosts!) having significant open source components from their inception. But just as open source has changed, the corporate anti-patterns around open source have changed too: where the challenges of the previous decade were all around how to open source existing products (and how to engage with existing communities), the challenges now seem to revolve around how to thrive as a business without betraying the community that made it one in the first place. Open source remains one of humanity's most important collective achievements and one that all companies should seek to engage with at some level; in this talk, we will describe the changes that open source has seen in the last decade, and provide updated guidance for corporations for ways not to do it!
Tool Support for Testing as Chapter 6 of ISTQB Foundation 2018. Topics covered are Tool Benefits, Test Tool Classification, Benefits of Test Automation and Risk of Test Automation
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCynthia Thomas
Identities are a crucial part of running workloads on Kubernetes. How do you ensure Pods can securely access Cloud resources? In this lightning talk, you will learn how large Cloud providers work together to share Identity Provider responsibilities in order to federate identities in multi-cloud environments.
Cassandra to ScyllaDB: Technical Comparison and the Path to SuccessScyllaDB
What can you expect when migrating from Cassandra to ScyllaDB? This session provides a jumpstart based on what we’ve learned from working with your peers across hundreds of use cases. Discover how ScyllaDB’s architecture, capabilities, and performance compares to Cassandra’s. Then, hear about your Cassandra to ScyllaDB migration options and practical strategies for success, including our top do’s and don’ts.
The document discusses fundamentals of software testing including definitions of testing, why testing is necessary, seven testing principles, and the test process. It describes the test process as consisting of test planning, monitoring and control, analysis, design, implementation, execution, and completion. It also outlines the typical work products created during each phase of the test process.
Multimodal Retrieval Augmented Generation (RAG) with MilvusZilliz
We've seen an influx of powerful multimodal capabilities in many LLMs. In this talk, we'll vectorize a dataset of images and texts into the same embedding space, store them in Milvus, retrieve all relevant data using multilingual texts and/or images and input multimodal data as context into GPT-4o.
Enterprise Knowledge’s Joe Hilger, COO, and Sara Nash, Principal Consultant, presented “Building a Semantic Layer of your Data Platform” at Data Summit Workshop on May 7th, 2024 in Boston, Massachusetts.
This presentation delved into the importance of the semantic layer and detailed four real-world applications. Hilger and Nash explored how a robust semantic layer architecture optimizes user journeys across diverse organizational needs, including data consistency and usability, search and discovery, reporting and insights, and data modernization. Practical use cases explore a variety of industries such as biotechnology, financial services, and global retail.
Guidelines for Effective Data VisualizationUmmeSalmaM1
This PPT discuss about importance and need of data visualization, and its scope. Also sharing strong tips related to data visualization that helps to communicate the visual information effectively.
Balancing Compaction Principles and PracticesScyllaDB
Compaction is a crucial component for preventing storage consumption from exploding. In this session, we’ll talk about why compaction is required and its principles of operation, the main compaction strategies available for use, when they should be used, and how they can be configured. Finally, we’ll present new compaction features recently introduced in ScyllaDB Enterprise and ScyllaDB Cloud.
The presentation will delve into the ASIMOV project, a novel initiative that leverages Retrieval-Augmented Generation (RAG) to provide precise, domain-specific assistance to telecommunications engineers and technicians. The session will focus on the unique capabilities of Milvus, the chosen vector database for the project, and its advantages over other vector databases.
Attending this session will give you a deeper understanding of the potential of RAG and Milvus DB in telecommunications engineering. You will learn how to address common challenges in the field and enhance the efficiency of their operations. The session will equip you with the knowledge to make informed decisions about the choice of vector databases, and how best to use them for your use-cases
Leveraging AI for Software Developer Productivity.pptxpetabridge
Supercharge your software development productivity with our latest webinar! Discover the powerful capabilities of AI tools like GitHub Copilot and ChatGPT 4.X. We'll show you how these tools can automate tedious tasks, generate complete syntax, and enhance code documentation and debugging.
In this talk, you'll learn how to:
- Efficiently create GitHub Actions scripts
- Convert shell scripts
- Develop Roslyn Analyzers
- Visualize code with Mermaid diagrams
And these are just a few examples from a vast universe of possibilities!
Packed with practical examples and demos, this presentation offers invaluable insights into optimizing your development process. Don't miss the opportunity to improve your coding efficiency and productivity with AI-driven solutions.
32. 32 | Copyright © 2022
Istio Ambient Mode
L7 goes through “waypoint” proxy, in the network;
L7 policies (retry, traffic splitting, canary, fine-grained authz, etc) applied here.
33. 33 | Copyright © 2022
Istio Ambient Mode
L7 goes through “waypoint” proxy (Envoy), in the network;
Deploy multiple replicas of proxy for traffic sizing, high availability, etc.
37. 37 | Copyright © 2022
Location
Singapore
Revenue
Approaching $1B
Digital Banking
Industry
From Zero to 4th Largest Bank in
Singapore within 2 Years Requires Trust
CASE STUDY
A Joint Venture between a Top 3 Bank in the UK
(Operating in Asia) and Singapore Largest Loyalty
Program launched one of Singapore’s first Digital Native
Banks. The ambitious growth goals for the bank meant
there was no time to waste selecting the technologies
that would underpin the business.
Regulators in Singapore keep strong standards on
financial institutions, including the need to maintain a
99.95% uptime or greater as well as ensuring strong
security across the banks infrastructure.
With the help of Solo.io and Gloo, the bank was able to
onboard 100K customers in the first 10 days of operating
Business Goals
Key tenants of the modernization initiative:
● Unified Stack - From Identity to Mesh, to CNI
and GraphQL
● Multi-Cluster Orchestration
● GitOps deployments
● Event-Driven, Real Time Architecture
Region
APJ
Benchmark Scale
● 100% Containerized
● 9 EKS Clusters in
Production
● 400 to 600 Concurrent
Pods During Peak
Processing
● Mandate to meet 99.95%
Uptime
Customer Growth
100K
First 10
Days
450K
First 5
Months
1M+
Today
Differentiators
● Single Solution providing
significant cost savings
through consolidation of
disparate tools
● Multi-Cluster Mesh Enables
transparent failover and
ability to treat EKS clusters
as “cattle”
● Unified Stack allows Bank to
implement a trust “Defense
in Depth” model from
Identity to Network Policy
Competition
38. 38 | Copyright © 2022
Workload Identity and Authentication
39. 39 | Copyright © 2022
Secure Production Identity Framework (for Everyone)
• Intended to solve the “universal workload identity problem”
• Independent of application type, network, or platform/cloud
• Specified with URI strings
• Verified via signed credentials (x509, JWT, etc)
• API and workflow for attestation built into SPIFFE
implementations
• Intended to eliminate passwords, other secrets, etc
50. 50 | Copyright © 2022
Offload Auth, Policy, and Resilience to the Platform!
51. 51 | Copyright © 2022
● Get code into production, safely!
● Increasing the release safety and velocity with:
○ High availability
○ Global routing
○ Failover
○ Resiliency
■ either planned, unplanned
■ migrations, re-deployments
● Canary releasing, blue/green, A/B testing
● Reducing MTTR
○ Metrics, distributed tracing, logging
● Reduce change failure rate
Accelerating Business Value
52. 52 | Copyright © 2022
● Declarative configuration fits IaC automation, tenancy
● Better resource utilization / scale
● Eliminate silos, reduce ticket ops, reduce UI click Ops
● Reduce dependencies on other teams (self service)
● Teams to focus on business logic not complexity of networking
● Integrations with standard interfaces
● Reduce reliance on large proprietary vendor stacks with heavy
license fees
● Smart traffic, networking control for zonal, region, data center
networking costs
Improve Efficiency, Reduce Costs
53. 53 | Copyright © 2022
● Zero trust network
○ Encryption, authentication, authorization
○ Central requirements for PCI-DSS, HIPPA, GDPR, etc
● Eliminate bespoke code for security, routing, load balancing
○ Especially across multiple languages, frameworks, etc
○ Easier to audit and understand
● Eliminate centralized bottlenecks, UI clicking, and
● Drive everything through Git so it’s trackable and auditable
● Organizational policy enforcement based on durable workload ID
○ Not ephemeral IP addresses or network segments
Increase Compliance
54. 54 | Copyright © 2022
Resources
● https://istio.io
● https://envoyproxy.io
● https://academy.solo.io
● See QR codes in slides!
55. 55 | Copyright © 2022
Please Reach Out!
VP, Global Field CTO, Solo.io
@christianposta
christian@solo.io
/in/ceposta
57. 57 | Copyright © 2022
Location
Singapore
Revenue
Approaching $1B
Digital Banking
Industry
From Zero to 4th Largest Bank in
Singapore within 2 Years Requires Trust
CASE STUDY
A Joint Venture between a Top 3 Bank in the UK
(Operating in Asia) and Singapore Largest Loyalty
Program launched one of Singapore’s first Digital Native
Banks. The ambitious growth goals for the bank meant
there was no time to waste selecting the technologies
that would underpin the business.
Regulators in Singapore keep strong standards on
financial institutions, including the need to maintain a
99.95% uptime or greater as well as ensuring strong
security across the banks infrastructure.
With the help of Solo.io and Gloo, the bank was able to
onboard 100K customers in the first 10 days of operating
Business Goals
Key tenants of the modernization initiative:
● Unified Stack - From Identity to Mesh, to CNI
and GraphQL
● Multi-Cluster Orchestration
● GitOps deployments
● Event-Driven, Real Time Architecture
Region
APJ
Benchmark Scale
● 100% Containerized
● 9 EKS Clusters in
Production
● 400 to 600 Concurrent
Pods During Peak
Processing
● Mandate to meet 99.95%
Uptime
Customer Growth
100K
First 10
Days
450K
First 5
Months
1M+
Today
Differentiators
● Single Solution providing
significant cost savings
through consolidation of
disparate tools
● Multi-Cluster Mesh Enables
transparent failover and
ability to treat EKS clusters
as “cattle”
● Unified Stack allows Bank to
implement a trust “Defense
in Depth” model from
Identity to Network Policy
Competition