SlideShare una empresa de Scribd logo

Enhanced Security and Visibility for Microservices Applications

Descargar como PPTX, PDF
Akshay Mathur
Akshay Mathur

Unified solution for application load balancing, security and traffic analytics in Kubernetes can do wonders for better user experience.

Tecnología
1 de 28
Reliable Security Always™ Enhanced Security & Visibility for Microservice Applications Akshay Mathur @akshaymathu
2 NEW DE-FACTO STANDARDS: Growing Industry Trend: Containers and Kubernetes APPLICATIONS Moving from Monolith to Micro Services APPLICATION DEPLOYMENTS Moving from Hardware Servers or Virtual Machines to Containers o Adopted by all industry major players – AWS, Azure, Google, VMWare, RedHat. o 10X increase in usage in Azure and GCP last year o 10X increase in deployment last 3 years o Deployment Size increased 75% in a year Growing Kubernetes Adoption
3 Key Requirements of Modern Teams … EFFICIENT OPERATIONS VISIBILITY & CONTROL Application Security SSL Encryption Access Control Attack Protection and Mitigation Analytics Faster troubleshooting Operational intelligence Central Management Multi-services Multi-cloud
4 Real-world Challenges
5 An E-Com Company: Access Control between Microservices • Security and compliance require monitoring traffic between microservices • In absence of policy enforcement, this company isolated clusters Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
6 A FinTech Company: Access Control and Traffic Flow Visibility problem • Separated microservices via namespaces • Controlled traffic flow via application Gateway Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
7 All Companies: Need to keep latency at minimum • Multiple traffic handling layers add its own latency ◦ IPS/IDS ◦ L7 LB ◦ Kube Proxy Kubernetes Node
8 A Media Service Company: Security Increased Cost of Operations • Istio sidecar model was tried for security implementation • Sidecar model increased resource requirement leading to increased cost Kubernetes Node
9 All Companies: Need to Manage Security across Environments • Not all workloads are in Kubernetes • Managing security separately for each env was challenging Public Private Data Center
10 Challenges in Kubernetes Environment Characteristics of K8s Environment Impact Only L3 policy support L7 security rules can’t be created Multiple Layers in traffic flow Increased latency IP addresses of pods keep changing IP based security policy become obsolete No access control between microservices Complicated deployment architecture No application traffic visibility Difficult to fine-tune security policies
11 Shared Security Responsibility Model Source: https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke- container-security-shared-responsibility-model-gke
12 Security & Policy Enforcement
13 Minimizing Cost of Operations vs Kubernetes NodeKubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment Resource intensive Expensive TCO Low overhead Lower TCO
14 Traffic Handling and Security are related Modern Approach Unified solution providing Load Balancing as well as Security Pros: • Operational simplicity • Better application performance Kubernetes Node Fact: • Incoming traffic is to be decrypted and evaluated • When Deny the traffic: Security • When Send traffic to right Application Server: Load Balancing Traditional Approach: Deploy Load Balancing and Security solutions separately Cons: • Operational Complexity • Increased latency
15 For East-West Traffic • Access control between microservices • Transparent encryption for traffic between nodes • Lower resource requirement as compare to sidecar service mesh model • Application layer traffic visibility and analytics Node 1 Node 2 S1 S2
16 For North-South Traffic • Container-native load balancer for L7 traffic routing (with ability to route traffic based on any info in HTTP header) • SSL offload • Reduced application response time • Web Application Firewall • L7 DDoS protection • Central management for load balancer • Application layer traffic visibility and analytics Kubernetes Cluster
17 More about the LB • Deployed as DaemonSet ◦ Image on Docker Hub ◦ Uses host networking • Based on NginX core ◦ 3rd party modules – ModSec, LuaJit etc. ◦ Custom modules • Connection Pooling • Distributed Limit Enforcement • Dynamic Upstream
18 More about the Kubernetes Connector • Deployed as K8s ‘Deployment’ ◦ Image on Docker Hub ◦ One instance in a cluster • Monitors Lifecycle of Containers and Ingress Resource • Calls APIs to update LB
19 Policy Configuration • Infrastructure as code • Kubernetes Service aand Ingress definitions are extended via annotations • Simple annotations to configure policies
20 Application Layer Visibility
21 Descriptive Analytics • Health Status • Logs & Events PERFORMANCE MONITORING Diagnostic Analytics • Per-App metrics • Trend Analysis FASTER TROUBLESHOOTING Predictive Analytics • Anomalies/Threats • Correlation INSIGHTS Prescriptive Analytics • Policy updates • Behavior Analysis ADAPTIVE CONTROLS Visibility, Analytics & Insights
22. Per-Service Visibility, Analytics & Reporting o Comprehensive metrics & logs o View, monitor and analyze o Efficient troubleshooting o Generate custom reports
23 Use Case – Troubleshooting High Response Time LB Only Confidence: Low No direct way to debug Alternate is to collect access logs from all application servers Merge the logs and move them to a log analyzer Get the info about request processing time by server ◦ Time taken in network remains unknown ◦ Geo distribution remains unknown Manually correlate and analyze LB + Application Analytics Confidence: High Harmony Portal displays end-to-end response time for the application Drill-down charts are available for historical analysis with enriched data Breakup of time taken in different portions of request-response cycle is available Segmented data by various aspects is available Access logs of individual transaction may be used for further isolation Customers are complaining about slowness of Application 2days 5mins
24
25. A10 ADC: Per-app Visibility : End-to-End Latency o Distinguish between application, client and infrastructure issues o Quickly identify consistent or one-off glitch o Pinpoint concerns and take corrective action
26 Takeaways: Simplified and Improved Security & Analytics • Simple Architecture • Clear ‘Dev’ and ‘Ops’ separation • ‘Config as code’ for automation • Application Traffic Analytics for efficiency
27 Thank You @akshaymathu amathur@a10networks.com Skype: mathurakshay Sample Config Files @ https://gist.github.com/c-success Steps to try @ http://docs.hc.a10networks.com/IngressController/2.0/a10-ladc-ingress-controller.html
Thank You Reliable Security Always™

Recomendados

Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...Akshay Mathur
 
Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesAkshay Mathur
 
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...DevOps.com
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesRed Gate Software
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Prem Sankar Gopannan
 
5 Ways to use Node in the Network
5 Ways to use Node in the Network5 Ways to use Node in the Network
5 Ways to use Node in the NetworkF5 Networks
 
PLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPROIDEA
 

Recomendados

Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...Akshay Mathur
 
Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesAkshay Mathur
 
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...DevOps.com
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesRed Gate Software
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Prem Sankar Gopannan
 
5 Ways to use Node in the Network
5 Ways to use Node in the Network5 Ways to use Node in the Network
5 Ways to use Node in the NetworkF5 Networks
 
PLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPLNOG14: SteelCentral NPM Solution - Tomasz Winiarski
PLNOG14: SteelCentral NPM Solution - Tomasz WiniarskiPROIDEA
 
UC SDN
UC SDNUC SDN
UC SDNIMTC
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarMaytal Levi
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureDevSecOpsSg
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud StoryMarketingArrowECS_CZ
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)AlgoSec
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value PropositionSteve Jones
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNetFlow Analyzer
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...AlgoSec
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightSai Sundhar Padmanabhan
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016ThousandEyes
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)IMTC
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsIMTC
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesComit Projects Ltd
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesAlgoSec
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirNitin Saxena
 

Más contenido relacionado

La actualidad más candente

UC SDN
UC SDNUC SDN
UC SDNIMTC
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarMaytal Levi
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureDevSecOpsSg
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)AlgoSec
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value PropositionSteve Jones
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNetFlow Analyzer
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...AlgoSec
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightSai Sundhar Padmanabhan
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016ThousandEyes
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)IMTC
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsIMTC
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesComit Projects Ltd
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesAlgoSec
 

La actualidad más candente (20)

UC SDN
UC SDNUC SDN
UC SDN
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud Story
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value Proposition
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An Insight
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP Worlds
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slides
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
 

Similar a Enhanced Security and Visibility for Microservices Applications

Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirNitin Saxena
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...NGINX, Inc.
 
VMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld
 
Kubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechKubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechAkshay Mathur
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Enabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps ModelEnabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps ModelCisco DevNet
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
Driving success in the cloud with NGINX
Driving success in the cloud with NGINXDriving success in the cloud with NGINX
Driving success in the cloud with NGINXNGINX, Inc.
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Docker, Inc.
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 
Transform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOpsTransform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOpsAmazon Web Services
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureGlobalLogic Ukraine
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Codit
 
Visualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven DecisionsVisualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven DecisionsCA Technologies
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 

Similar a Enhanced Security and Visibility for Microservices Applications (20)

Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
 
VMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld 2015: No App is An Island
VMworld 2015: No App is An Island
 
Kubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechKubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTech
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Enabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps ModelEnabling Fast IT using Containers, Microservices and DevOps Model
Enabling Fast IT using Containers, Microservices and DevOps Model
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
 
Driving success in the cloud with NGINX
Driving success in the cloud with NGINXDriving success in the cloud with NGINX
Driving success in the cloud with NGINX
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
Transform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOpsTransform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOps
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of Infrastructure
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
 
Visualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven DecisionsVisualizing Application & Delivery Flows to Make Data-Driven Decisions
Visualizing Application & Delivery Flows to Make Data-Driven Decisions
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 

Más de Akshay Mathur

Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with SphinxAkshay Mathur
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerAkshay Mathur
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSAkshay Mathur
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSAkshay Mathur
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudAkshay Mathur
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node jsAkshay Mathur
 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptAkshay Mathur
 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JSAkshay Mathur
 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing TeamAkshay Mathur
 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQueryAkshay Mathur
 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSAkshay Mathur
 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with WebAkshay Mathur
 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with JavascriptAkshay Mathur
 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine PythonAkshay Mathur
 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page WebappAkshay Mathur
 

Más de Akshay Mathur (18)

Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with Sphinx
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWS
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScript
 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JS
 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing Team
 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQuery
 
CoffeeScript
CoffeeScriptCoffeeScript
CoffeeScript
 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JS
 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with Web
 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with Javascript
 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine Python
 
Working with GIT
Working with GITWorking with GIT
Working with GIT
 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page Webapp
 
Mongo db
Mongo dbMongo db
Mongo db
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Último (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Enhanced Security and Visibility for Microservices Applications

  • 1. Reliable Security Always™ Enhanced Security & Visibility for Microservice Applications Akshay Mathur @akshaymathu
  • 2. 2 NEW DE-FACTO STANDARDS: Growing Industry Trend: Containers and Kubernetes APPLICATIONS Moving from Monolith to Micro Services APPLICATION DEPLOYMENTS Moving from Hardware Servers or Virtual Machines to Containers o Adopted by all industry major players – AWS, Azure, Google, VMWare, RedHat. o 10X increase in usage in Azure and GCP last year o 10X increase in deployment last 3 years o Deployment Size increased 75% in a year Growing Kubernetes Adoption
  • 3. 3 Key Requirements of Modern Teams … EFFICIENT OPERATIONS VISIBILITY & CONTROL Application Security SSL Encryption Access Control Attack Protection and Mitigation Analytics Faster troubleshooting Operational intelligence Central Management Multi-services Multi-cloud
  • 5. 5 An E-Com Company: Access Control between Microservices • Security and compliance require monitoring traffic between microservices • In absence of policy enforcement, this company isolated clusters Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
  • 6. 6 A FinTech Company: Access Control and Traffic Flow Visibility problem • Separated microservices via namespaces • Controlled traffic flow via application Gateway Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
  • 7. 7 All Companies: Need to keep latency at minimum • Multiple traffic handling layers add its own latency ◦ IPS/IDS ◦ L7 LB ◦ Kube Proxy Kubernetes Node
  • 8. 8 A Media Service Company: Security Increased Cost of Operations • Istio sidecar model was tried for security implementation • Sidecar model increased resource requirement leading to increased cost Kubernetes Node
  • 9. 9 All Companies: Need to Manage Security across Environments • Not all workloads are in Kubernetes • Managing security separately for each env was challenging Public Private Data Center
  • 10. 10 Challenges in Kubernetes Environment Characteristics of K8s Environment Impact Only L3 policy support L7 security rules can’t be created Multiple Layers in traffic flow Increased latency IP addresses of pods keep changing IP based security policy become obsolete No access control between microservices Complicated deployment architecture No application traffic visibility Difficult to fine-tune security policies
  • 11. 11 Shared Security Responsibility Model Source: https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke- container-security-shared-responsibility-model-gke
  • 13. 13 Minimizing Cost of Operations vs Kubernetes NodeKubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment Resource intensive Expensive TCO Low overhead Lower TCO
  • 14. 14 Traffic Handling and Security are related Modern Approach Unified solution providing Load Balancing as well as Security Pros: • Operational simplicity • Better application performance Kubernetes Node Fact: • Incoming traffic is to be decrypted and evaluated • When Deny the traffic: Security • When Send traffic to right Application Server: Load Balancing Traditional Approach: Deploy Load Balancing and Security solutions separately Cons: • Operational Complexity • Increased latency
  • 15. 15 For East-West Traffic • Access control between microservices • Transparent encryption for traffic between nodes • Lower resource requirement as compare to sidecar service mesh model • Application layer traffic visibility and analytics Node 1 Node 2 S1 S2
  • 16. 16 For North-South Traffic • Container-native load balancer for L7 traffic routing (with ability to route traffic based on any info in HTTP header) • SSL offload • Reduced application response time • Web Application Firewall • L7 DDoS protection • Central management for load balancer • Application layer traffic visibility and analytics Kubernetes Cluster
  • 17. 17 More about the LB • Deployed as DaemonSet ◦ Image on Docker Hub ◦ Uses host networking • Based on NginX core ◦ 3rd party modules – ModSec, LuaJit etc. ◦ Custom modules • Connection Pooling • Distributed Limit Enforcement • Dynamic Upstream
  • 18. 18 More about the Kubernetes Connector • Deployed as K8s ‘Deployment’ ◦ Image on Docker Hub ◦ One instance in a cluster • Monitors Lifecycle of Containers and Ingress Resource • Calls APIs to update LB
  • 19. 19 Policy Configuration • Infrastructure as code • Kubernetes Service aand Ingress definitions are extended via annotations • Simple annotations to configure policies
  • 21. 21 Descriptive Analytics • Health Status • Logs & Events PERFORMANCE MONITORING Diagnostic Analytics • Per-App metrics • Trend Analysis FASTER TROUBLESHOOTING Predictive Analytics • Anomalies/Threats • Correlation INSIGHTS Prescriptive Analytics • Policy updates • Behavior Analysis ADAPTIVE CONTROLS Visibility, Analytics & Insights
  • 22. 22. Per-Service Visibility, Analytics & Reporting o Comprehensive metrics & logs o View, monitor and analyze o Efficient troubleshooting o Generate custom reports
  • 23. 23 Use Case – Troubleshooting High Response Time LB Only Confidence: Low No direct way to debug Alternate is to collect access logs from all application servers Merge the logs and move them to a log analyzer Get the info about request processing time by server ◦ Time taken in network remains unknown ◦ Geo distribution remains unknown Manually correlate and analyze LB + Application Analytics Confidence: High Harmony Portal displays end-to-end response time for the application Drill-down charts are available for historical analysis with enriched data Breakup of time taken in different portions of request-response cycle is available Segmented data by various aspects is available Access logs of individual transaction may be used for further isolation Customers are complaining about slowness of Application 2days 5mins
  • 24. 24
  • 25. 25. A10 ADC: Per-app Visibility : End-to-End Latency o Distinguish between application, client and infrastructure issues o Quickly identify consistent or one-off glitch o Pinpoint concerns and take corrective action
  • 26. 26 Takeaways: Simplified and Improved Security & Analytics • Simple Architecture • Clear ‘Dev’ and ‘Ops’ separation • ‘Config as code’ for automation • Application Traffic Analytics for efficiency
  • 27. 27 Thank You @akshaymathu amathur@a10networks.com Skype: mathurakshay Sample Config Files @ https://gist.github.com/c-success Steps to try @ http://docs.hc.a10networks.com/IngressController/2.0/a10-ladc-ingress-controller.html