OpenStack Architecture

This webinar gives a brief introduction to the OpenStack cloud, covering the topics: - the OpenStack cloud platform, - the Open Source community, - OpenStack architecture and its main elements, - overview of the compute, networking, block-storage e object-storage services. If you want to know more about OpenStack, visit our website http://www.create-net.org/community/openstack-training.

This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.

Red Hat OpenShift Container Platform 4 Overview Different Application Deployment methodologies on OpenShift though Web-console

This document provides an overview of OpenShift Container Platform. It describes OpenShift's architecture including containers, pods, services, routes and the master control plane. It also covers key OpenShift features like self-service administration, automation, security, logging, monitoring, networking and integration with external services.

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery called pods. Kubernetes can manage pods across a cluster of machines, providing scheduling, deployment, scaling, load balancing, volume mounting and networking. It is widely used by companies like Google, CERN and in large projects like processing images and analyzing particle interactions. Kubernetes is portable, can span multiple cloud providers, and continues growing to support new workloads and use cases.

This document discusses upgrading an Openstack network to SDN with Tungsten Fabric. It evaluates three solutions: 1) using the same database across regions, 2) hot-swapping Open vSwitch and virtual routers, and 3) using an ML2 plugin. The recommended solution is #3 as it provides minimum downtime. Key steps include installing the OpenContrail driver, synchronizing network resources between Openstack and Tungsten, and live migrating VMs. Topology 2 is also recommended as it requires minimum changes. The upgrade migrated 80 VMs and 16 compute nodes to the SDN network without downtime. Issues discussed include synchronizing resources and migrating VMs between Open vSwitch and virtual routers.

OpenStack Ceph & Neutron에 대한 설명을 담고 있습니다. 1. OpenStack 2. How to create instance 3. Ceph - Ceph - OpenStack with Ceph 4. Neutron - Neutron - How neutron works 5. OpenStack HA- controller- l3 agent 6. OpenStack multi-region

This document provides an overview of Kubernetes including: 1) Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides container-centric infrastructure and allows for quickly deploying and scaling applications. 2) The main components of Kubernetes include Pods (groups of containers), Services (abstract access to pods), ReplicationControllers (maintain pod replicas), and a master node running key components like etcd, API server, scheduler, and controller manager. 3) The document demonstrates getting started with Kubernetes by enabling the master on one node and a worker on another node, then deploying and exposing a sample nginx application across the cluster.

I gave this presentation on 5/17 to the New Mexico VMUG in Santa Fe. The presentation provides an overview of OpenStack, what it is (and isn't), and some things you might learn to get started with OpenStack.

This document discusses issues with running OpenStack in a multi-region mode and proposes Tricircle as a solution. It notes that in a multi-region OpenStack deployment, each region runs independently with separate instances of services like Nova, Cinder, Neutron, etc. Tricircle aims to integrate multiple OpenStack regions into a unified cloud by acting as a central API gateway and providing global views and replication of resources, tenants, and metering data across regions. It discusses how Tricircle could address issues around networking, quotas, resource utilization monitoring and more in a multi-region OpenStack deployment.

변상욱 부장 / HPE

The document discusses infrastructure as code best practices on AWS. It provides an overview of using AWS CloudFormation to define infrastructure in code. AWS CloudFormation allows infrastructure to be provisioned in an automated and repeatable way using templates that are version controlled like code. The document outlines the key components of a CloudFormation template including parameters, mappings, resources, outputs and conditionals. It also discusses using CloudFormation to bootstrap applications on EC2 instances.

Slide was presented at Dr. Dobb's Conference in Bangalore. Talks about Openstack Introduction in general Projects under Openstack. Contributing to Openstack. This was presented jointly by CB Ananth and Rahul at Dr. Dobb's Conference Bangalore on 12th Apr 2014.

西脇 雄基（LINE)/Rancher 2.0 Technical Deep Dive 2018/7/28 LINE Developer Meetup in Tokyo #40 -Kubernetes- https://line.connpass.com/event/92049/

The document provides an overview of Red Hat OpenShift Container Platform, including: - OpenShift provides a fully automated Kubernetes container platform for any infrastructure. - It offers integrated services like monitoring, logging, routing, and a container registry out of the box. - The architecture runs everything in pods on worker nodes, with masters managing the control plane using Kubernetes APIs and OpenShift services. - Key concepts include pods, services, routes, projects, configs and secrets that enable application deployment and management.

CloudStack is an open source cloud computing platform that allows users to manage their infrastructure as an automated system. It provides self-service access to computing resources like servers, storage, and networking via a web interface. CloudStack supports multiple hypervisors and public/private cloud deployment strategies. The core components include hosts, primary storage, clusters, pods, networks, secondary storage, and zones which are managed by CloudStack servers.

Red Hat is a leading provider of open source solutions, founded in 1993. It was acquired by IBM in 2019 for $34 billion. Red Hat's flagship products are Red Hat Enterprise Linux and OpenShift, an enterprise Kubernetes platform. OpenShift provides a full platform for developing, hosting, and managing containerized applications, and includes additional services beyond just Kubernetes. It offers advantages for security, automation, and developer experience compared to managing raw Kubernetes. Operators are an innovative approach in OpenShift to package and automate application logic using Kubernetes as the automation engine.

OpenStack 2016: Boom or Bust? - Adrian Ionel | CEO, Mirantis OpenStack is on a tear. Or so it seems. Yet critics are quick to point out the run-away success of public clouds and the small number of OpenStack deployments running big workloads. And how do application developers feel about OpenStack anyway? The talk offers a different way to look at OpenStack, along with a few ideas how to increase the odds for a landslide win.

This document provides an overview of moving workloads from AWS to OpenStack. It discusses that the easiest approach is to design applications to be stateless and horizontally scalable so they can easily move between clouds. It also describes using orchestration tools like Heat, Cloudify and StackStorm to automate deploying applications across OpenStack and AWS. More complex migrations involve manually installing drivers and converting disk images, such as moving a Windows VM. Migrating Linux VMs involves listing packages, services and disk usage and recreating them in a new OpenStack instance. The document aims to help AWS users understand options for migrating applications to OpenStack.

Agenda: ------------------------------------------------------------------ OpenStack 101: a Quick introduction to OpenStack & how it operates Paul Roberts, Principal Solutions Architect at Mirantis Abstract: Are you new to OpenStack? Are you looking to get a quick introduction to OpenStack and how it operates - then our session is a do not miss event! Mirantis will do a walk thru of OpenStack for those with little to no experience with OpenStack. Join us if you want to understand the purpose of OpenStack and its ecosystem, as well as if you want to learn more about the OpenStack architecture. Bio: Paul Roberts, lead speaker, has spent the last decade engineering and implementing large scale infrastructure and security architectures for organizations of all sizes - ranging from startup to Fortune 500. In the past, he was instrumental in architecting Carpathia Hosting's federal and commercial cloud offerings, while also playing a key role in the on–boarding of customer's applications. Today, Paul is a Principal Solutions Architect at Mirantis helping customers navigate through the cloud ecosystem by designing and architecting various OpenStack powered initiatives.

The document provides an overview of OpenStack, including its definition, history and initiatives. It describes OpenStack as an open source cloud computing platform that aims to be simple to implement and massively scalable. The overview outlines the core components of OpenStack including compute, networking, storage, identity management and a dashboard. It also discusses related programs in incubation and how the different components communicate and relate to each other.

Lightning Talk by Jennifer Lin, VP, Product Management/Marketing, Juniper, OpenContrail at OpenStack Silicon Valley (OpenStackSV) - 9/16/14

The document discusses how the economy is becoming "software defined" as technology decisions are moving to the edges of businesses. It contrasts the old model where IT departments controlled technology with the new model where individuals want more choice and control over the technologies they use. It argues that virtualization was driven by IT departments while cloud computing is being driven by individual workers and businesses seeking more flexibility and control over their IT environments.

The document discusses four ways for companies to create customer value: information excellence, solution leadership, collective intimacy, and accelerated innovation. It provides examples of companies that exemplify each approach, such as how Ford achieves information excellence through digital-physical fusion, and how Netflix fosters collective intimacy by engaging customers to improve recommendations. The document advocates that companies can accelerate innovation by utilizing cloud-based networks and challenges to crowdsource solutions from customers.

The document discusses whether OpenStack will boom or bust in 2016. It notes that while OpenStack's mindshare has grown, AWS remains the runaway leader in cloud infrastructure. Alternative providers like Digital Ocean have seen meteoric rises in popularity among developers due to their ease of use and competitive pricing. The document suggests OpenStack needs to focus on API quality and usability, enable workload portability across platforms, and partner rather than attempt to control the entire stack in order to foster greater adoption among developers.

OpenStack Silicon Valley (OpenStackSV) - Lightning Talk by Christopher Kemp, Founder, Nebula -. 9/16/2014

Lightning Talk by Harshal Pimpalkhute, Sr. Product Marketing Manager, A10 Networks, at OpenStack Silicon Valley (OpenStackSV), 9/16/14

Lightning Talk by Ken Ross, Director Product Management, NMS & Orchestration, Brocade, at OpenStack Silicon Valley (OpenStackSV) - 9/16/14

The document discusses policy in OpenStack and introduces Congress, an open policy framework for automated IT infrastructure. It describes how Congress allows humans to define policy declarations that are then compiled and enforced on systems. Congress stores all infrastructure data in tables and allows queries and policy declarations on that data. The document provides an example use case where an application developer, cloud operator, and compliance officer each provide policy ideas that are combined into a single policy enforced by Congress.

The document discusses the need for product leadership in OpenStack. Currently, OpenStack lacks a clear strategic product vision and direction. While it has governance structures like a Board and Technical Committee, no single entity is responsible for the overall product strategy. The document suggests establishing an Architecture Review Board and appointing Product Managers to fill this gap. The Board would provide architectural guidance and help prioritize work, while Product Managers would own setting priorities and negotiating requirements across stakeholders. This would give OpenStack stronger leadership without requiring a "dictator," maintaining its democratic meritocracy approach.

OpenStack Austin discussion from Spring, 2016, with Sean Collins, Niki Acosta, Nick Chase, Xiaoping Chen, Alexander Adamov discussing issues such as security, architecture, and other technical and social issues.

Keynote by Diane Bryant, SVP and GM of the Data Center Group at Intel, at OpenStack Silicon Valley 2015. Cloud computing provides tremendous agility and efficiency to organizations are the driver of the digital service economy. In her keynote, Diane Bryant will discuss how Intel was an early leader in adoption of cloud computing under her tenure as CIO and how this experience has shaped broader strategy to deliver tens of thousands of new clouds across the enterprise with Intel’s new Cloud for All Initiative. Attendees can expect to learn about OpenStack’s critical role in shaping the future of the enterprise data center and learn more about key industry efforts to drive enterprise readiness to the OpenStack platform.

Keynote by Lachlan Evenson, Team Lead of Cloud Platform Engineering at Lithium Technologies, at OpenStack Silicon Valley 2015. Application developers are rapidly moving to container-based models for dynamic service delivery and efficient cluster management. In this session, we will discuss a OpenStack production environment that is rapidly evolving to leverage a hybrid cloud platform to deliver containerized micro services in a SaaS Development/Continuous Integration environment. Kubernetes is being used to simplify and automate the service delivery model across the public/private (OpenStack, AWS, GCE) environments and is being introduced in a way that eliminates extra overhead and engineering effort. Lithium is actively contributing to key open source upstream projects and working closely with its engineering/development teams to optimize software efficiency with an elastic cloud architecture that delivers on the benefits of cloud automation.

Keynote by Lew Tucker, VP and CTO of Cloud Computing at Cisco, at OpenStack Silicon Valley 2015. As more companies move to software-driven infrastructures, OpenStack opens up new possibilities for traditional network service providers, media production, and content providers. Micro-services, and carrier-grade service delivery become the new watchwords for those companies looking to disrupt traditional players with virtualized services running on OpenStack.

Keynote by Alex Polvi, CEO of CoreOS, at OpenStack Silicon Valley 2015. Containers are rapidly finding their way into enterprise data centers. But enterprises like to consume complete products. How do technologies like containers make their way from hyperscale ubiquity to enterprise nirvana? Alex offers some clues.

Keynote by OpenStack Foundation Executive Director Jonathan Bryce at OpenStack Silicon Valley 2015. Hundreds of companies are running millions of cores in production with OpenStack. The work continues, but the platform is mature. Now, the community is evolving OpenStack into a platform for innovation—a reliable environment in which to test, try and adopt new technologies as they prove themselves. Amit Tank of DIRECTV will join Jonathan Bryce to discuss his organization's plans for using OpenStack as the one platform for integration of VMs, containers and emergent technologies down the road.

We tend to split the cloud world today into just two paradigms - public and private. Public works. Private doesn’t…. Or so says Gartner. Let’s compare side by side.

This document provides an introduction to APIs, including an overview of REST, authentication, authorization, and OpenAPI specifications. It discusses how REST uses HTTP verbs like GET, POST, PUT, and DELETE to represent actions on resources. URLs represent endpoints and collections in a hierarchical structure. JSON is commonly used as the data format. Authentication uses access tokens obtained from API keys or credentials. Authorization verifies access to resources using scopes and user levels. OpenAPI documentation specifies how to interact with an API.

This document discusses KeyRock and Wilma, which provide identity management and authorization in FIWARE. KeyRock is based on OpenStack's Horizon and Keystone and provides user registration, authentication, and authorization. Wilma acts as a PEP proxy, enforcing access policies defined in AuthZForce. Together, they allow secure authentication of users and authorization of access to FIWARE services and applications.

This document discusses factors for building production-ready applications on Kubernetes. It describes the original 12 factors for building scalable apps and identifies 7 additional missing factors. The missing factors are: XIII) Observable, XIV) Schedulable, XV) Upgradable, XVI) Least Privileged, XVII) Auditable, XVIII) Access Control (Identity, Network, Scope, Certificates), and XIX) Measurable. Addressing all factors throughout the development and deployment process is key to building truly production-grade applications.

CA Single Sign-On (CA SSO) is constantly evolving, incorporating the latest technologies in secure Web access management. In order to stay secure and competitive, CA SSO makes greater use of the CA Access Gateway (formerly CA SiteMinder Secure Proxy Server). This presentation provides a comprehensive overview of the new features in CA Single Sign On. For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm

How to Debug IoT Agents Webinar - 17th April 2019 Corresponding webinar recording: https://youtu.be/FRqJsywi9e8 Chapter: IoT Agents Difficulty: 3 Audience: Any Technical Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation) How to debug IoT Agents - investigating what goes wrong and how to fix it.

Understanding how emerging standards like OAuth and OpenID Connect impact federation Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience. This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards. You Will Learn Best practices for federating identity across mobile and cloud How emerging identity federation standards will impact your infrastructure How to implement an identity-centric API security and management infrastructure Presenters Ehud Amiri Director, Product Management, CA Technologies Francois Lascelles Chief Architect, Layer 7

Building IAM for OpenStack, presented at CIS (Cloud Identity Summit) 2015. Discuss Identity Sources, Authentication, Managing Access and Federating Identities

Novell Access Manager provides many different levels of authentication beyond a simple user name and password. In this session, you will learn about its more advanced methods of authentication—from emerging standard like OpenID and CardSpace to tokens and certificates. Attendees will also see a demonstration of FreeRADIUS and the Vasco Digipass with Novell eDirectory, the Vasco NMAS method and an Access Manager plug-in that provides SSO to Web applications that expect a static password.

OAuth 2.0 (RFC 6749/50) is a delegated authorization framework that makes requesting access for and authenticating as a client to an API as easy as getting a token and using a token. This session will explore the different OAuth flows in the spec as will as discuss extensions such as the JWT assertion flow and SAML bearer extension, and will also discuss security mitigations needed to use the protocol safely.

The document provides an overview of Agile, DevOps and Cloud Management from a security, risk management and audit compliance perspective. It discusses how the IT industry paradigm is shifting towards microservices, containers, continuous delivery and cloud platforms. DevOps is described as development and operations engineers participating together in the entire service lifecycle. Key differences in DevOps include changes to configuration management, release and change management, and event monitoring. Factors for DevOps success include culture, collaboration, eliminating waste, unified processes, tooling and automation.

#Codemotion Rome 2018 - Containers provide a consistent environment to run services. Kubernetes help us to manage and scale our container cluster. Good start for a loosely coupled microservices architecture but not enough. How do you control the flow of traffic & enforce policies between services? How do you visualize service dependencies & identify issues? How can you provide verifiable service identities, test for failures? You can implement your own custom solutions or you can rely on Istio, an open platform to connect, manage and secure microservices.

Adding Identity Management and Access Control to your App presentation, by Alvaro Alonso & Cyril Dangerville. Security Chapter. 1st FIWARE Summit, Málaga Dec. 13-15, 2016.

This document discusses token based authentication in ASP.NET Web API 2 projects. It covers the basic concepts of token authentication including the roles in OAuth 2.0 of resource owners, clients, authorization servers and resource servers. It also summarizes the different OAuth 2.0 client types, authorization grant types, and development options for implementing token authentication using OWIN middleware or DotNetOpenAuth.

The document discusses OAuth 2.0 and authorization. It describes OAuth 2.0 as a mechanism for applications to access restricted resources without sharing credentials. It outlines the roles in OAuth 2.0 including resource owner, resource server, client, and authorization server. It also describes the different OAuth 2.0 grant types including authorization code, implicit, resource owner password credentials, and client credentials. The document then discusses using OAuth 2.0 and PEP proxies to secure web applications and backends as well as authenticating IoT devices. It also provides an overview of key FIWARE security generic enablers for identity management, authorization, and PEP proxy functionality.

Cloud Foundry is a platform as a service that provides structure and opinions for software deployment. It uses BOSH to automate infrastructure provisioning and deployment. Applications are deployed through buildpacks that combine code with dependencies. Services can also be provisioned through service brokers and bound to applications. Logging and routing are standardized through components like Loggregator and the router.

A set of Tips & Tricks in the resolution of the typical problems that you can find and the reason of them when you work with FIWARE IoT Agents and FIWARE Orion Context Broker

This document discusses the IETF's work on Proof-of-Possession (PoP) for OAuth tokens. It provides an overview of the PoP architecture and key variants involving key distribution at access token issuance or client registration. It also describes building blocks for PoP like message integrity and channel binding. Open issues include authentication of the server to the client and handling intermediaries when clients interact with resource servers.

The document describes a session from the KubeCon EU 2023 conference on Keycloak, an open-source identity and access management solution. It provides an overview of the session which was presented by Alexander Schwartz from Red Hat and Yuuichi Nakamura from Hitachi and demonstrated how Keycloak can be used to securely authenticate users to applications like Grafana. It also discusses Keycloak's support for advanced security specifications like FAPI and efforts by the FAPI-SIG working group to promote features needed for compliance.

The document discusses Hyperledger Fabric and the Hyperledger Fabric SDK. It provides an overview of the Fabric SDK and demonstrates how to use it to interact with a Hyperledger Fabric network, including enrollment, invoking chaincode to read and write to the ledger, and submitting transactions. It also discusses an IBM Food Trust use case for tracking food supply chains using Hyperledger Fabric.

OpenStack Identity Service (Keystone) seminar. Distributed Systems course at Engineering and Computer Science (ECS), University of Messina. By Lorenzo Carnevale and Silvio Tavilla. Seminar’s topics ❖ OpenStack Identity - Keystone (kilo) ❖ Installation and first configuration of Keystone ❖ Workshop ❖ Identity service configuration ➢ Identity API protection with RBAC ➢ Use Trusts ➢ Certificates for PKI ❖ Hierarchical Projects ❖ Identity API v3 client example

Learn how to ease the burden of Kubernetes operational challenges with DevOpsCare, powered by Lens. Get seamless visibility into monitoring, managing and security your cloud native apps. Automate in CI/CD and find out policy-based best practices so developers can go back to building applications.

This document summarizes a workshop on Kubernetes security presented by Avinash Desireddy and Anoop Kumar. The workshop covered Role-Based Access Control (RBAC) to grant users access to Kubernetes resources, using Open Policy Agent (OPA) and Gatekeeper to enforce cluster-wide policies, and network policies to control traffic between pods. It provided demonstrations of creating RBAC roles, restricting node port usage and enforcing resource limits with OPA policies, and allowing traffic between applications with network policies. The key takeaways were to enforce policies, build an RBAC strategy, start with a zero-trust approach, and use network policies.

Use case of Kubernetes based NFV infrastructure used in production to run an open source evolved packet core. Presented by Facebook Connectivity and Mirantis at KubeCon + CloudNativeCon Europe 2020.

Slides from webinar by Mirantis about how to build a basic edge cloud using surveillance cameras. Watch the webinar recording at: https://bit.ly/mirantis-edge-cloud

Slides from webinar by Mirantis and Zettaset about how to encrypt containerized data. Watch the recording at: https://bit.ly/container-data-encryption

Slides from webinar about the latest Kubernetes release. Watch the webinar recording: https://bit.ly/k8s-1-18-slide-deck

Learn the differences between Envoy, Istio, Conduit, Linkerd and other service meshes and their components. Watch the recording including demo at: https://info.mirantis.com/service-mesh-webinar

Learn the difference between Kubernetes Ingress and Istio Ingress Gateway. Watch demos of both at: https://info.mirantis.com/istio-ingress

Mirantis webinar about cloud security compliance. Watch the recording at https://info.mirantis.com/cloud-security-recording