SlideShare una empresa de Scribd logo

Containers demystified webinar detailed

Witekio
Witekio

You have heard about containers? You want to know what’s hiding behind the hype? What are the benefits for embedded systems projects? After looking at an example illustrating how containers can be used to solve the problem of application lifecycle and atomic update, we will discuss how containers work on Linux and how they can be secured. Finally, the audience will learn about how to take advantage of Yocto to generate containers on their own embedded devices. You can watch the full Webinar on our blog page : https://witekio.com/blog/containers-embedded-systems-webinar

Software
1 de 18
Descargar para leer sin conexión
1 Before We Get Started YES! This session is being recorded Questions and comments • You can access the video anytime on Youtube • Enter into the Q&A window • We will answer at the end of the session
Containers Demystified Embedded Systems September 2017 Cedric Vincent cvincent@witekio.com Director of technology
3 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard New version of your Dashboard using Altia?
4 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard Dashboard Altia Containers come packaged up with everything they need.
5 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Atomic update of your container! Dashboard Altia
6 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard Altia The new container is not working properly? Just Rollback to the former version! Dashboard
7 Containers Demystified What is a container? Container Isolation Source: Freedom Penguin File system container File system host system Libraries Application 1 Libraries Linux Kernel Hardware
8 Containers Demystified Virtual Machine versus Container Container Isolation Libraries Application 1 Linux kernel Libraries Application 1 Hypervisor Libraries Linux Kernel Hardware • Performance: • Size: • Security: Container VM Container VM Container VM
9 Containers Demystified Namespace Container 1 Network interface Process ID Cgroup Namespace1 Wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Source: https://lwn.net/Articles/531114/ Container 2 Container 3
10 Containers Demystified Control Groups Container 1 < 20% Process scheduler Memory manager Network interface < 100MB < 10MB/s Fine-grained control over allocating, prioritizing, denying and managing system resources Control Groups
11 Containers Demystified Control Groups Container 1 < 20% Process scheduler Memory manager Network interface < 100MB < 10MB/s Control Groups > 100MB Out Of Memory from Cgroups will kill your container. One container equal one application!
12 Rootless Containers Demystified Security Source: pixabay.com/ Container 1 Host system CGroups MAC Seccomp Namespace • Cgroups limit resource access • Namespace virtualize access to resource • Seccomp limit access to system calls. • Mandatory Access Control policy • Rootless containers
13 Containers Demystified Open Container Initiative Source: DockerCon 2016 + wikipedia ✓ RUNC (used by docker) ✓ RailCar (developed by Oracle) • More than 13 different implementations of container runtimes! • Open industry standards around container format and runtime • 2 independent implementations
14 Containers Demystified Containers on Embedded System Container Runtime App1 App2 Shared Libraries 1 Shared Libraries 2 Container Runtime Shared Libraries 1 App2 Shared Libraries 2 Filesystem App1 Shared Libraries 1 Shared Libraries 2 Filesystem Filesystem
15 Containers Demystified Containers on Embedded System Container Runtime Shared Libraries 1 App2 Shared Libraries 2 Filesystem App1 Shared Libraries 1 Shared Libraries 2 Filesystem Filesystem One file system including the minimum necessary to run your container runtime Your containers
16 Containers Demystified How can we help? Source: pixabay.com/ • Generate your containers. • Secure your containers • Sign your containers • Transfer your containers • Roll back your containers
17 Follow us on our blog www.witek.io
©2017 Witekio & Subsidiaries. All Rights Reserved. This document and the information it contains is confidential and remains the property of our company. It may not be copied or communicated to a third party or used for any purpose other than that for which it is supplied without the prior written consent of our company. Thank you

Recomendados

5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and BeyondBlack Duck by Synopsys
 
Container Security
Container SecurityContainer Security
Container SecurityAmazon Web Services
 
Container Security
Container SecurityContainer Security
Container SecuritySalman Baset
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Containers 101
Containers 101Containers 101
Containers 101Black Duck by Synopsys
 
An In-depth look at application containers
An In-depth look at application containersAn In-depth look at application containers
An In-depth look at application containersJohn Kinsella
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
Container security
Container securityContainer security
Container securityAnthony Chow
 

Recomendados

5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and BeyondBlack Duck by Synopsys
 
Container Security
Container SecurityContainer Security
Container SecurityAmazon Web Services
 
Container Security
Container SecurityContainer Security
Container SecuritySalman Baset
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Containers 101
Containers 101Containers 101
Containers 101Black Duck by Synopsys
 
An In-depth look at application containers
An In-depth look at application containersAn In-depth look at application containers
An In-depth look at application containersJohn Kinsella
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityWhat Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityDocker, Inc.
 
Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Gordon Haff
 
DockerCon 2016 Recap
DockerCon 2016 RecapDockerCon 2016 Recap
DockerCon 2016 Recapehazlett
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017Patrick Chanezon
 
Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Docker, Inc.
 
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Docker, Inc.
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudJohn Kinsella
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dwCloud Security Alliance, UK chapter
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxCon ContainerCon CloudOpen China
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Phil Estes
 
Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Oscar Renalias
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDocker, Inc.
 
Docker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Inc.
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Multicore ware applications of machine learning for video encoding
Multicore ware applications of machine learning for video encodingMulticore ware applications of machine learning for video encoding
Multicore ware applications of machine learning for video encodingGanesan Narayanasamy
 
Drupalcamp cebu 2017 docker and portainer
Drupalcamp cebu 2017 docker and portainerDrupalcamp cebu 2017 docker and portainer
Drupalcamp cebu 2017 docker and portainerAshwini Kumar
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDocker, Inc.
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 

Más contenido relacionado

La actualidad más candente

What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityWhat Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityDocker, Inc.
 
Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Gordon Haff
 
DockerCon 2016 Recap
DockerCon 2016 RecapDockerCon 2016 Recap
DockerCon 2016 Recapehazlett
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017Patrick Chanezon
 
Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Docker, Inc.
 
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Docker, Inc.
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Phil Estes
 
Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Oscar Renalias
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDocker, Inc.
 
Docker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Inc.
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Multicore ware applications of machine learning for video encoding
Multicore ware applications of machine learning for video encodingMulticore ware applications of machine learning for video encoding
Multicore ware applications of machine learning for video encodingGanesan Narayanasamy
 
Drupalcamp cebu 2017 docker and portainer
Drupalcamp cebu 2017 docker and portainerDrupalcamp cebu 2017 docker and portainer
Drupalcamp cebu 2017 docker and portainerAshwini Kumar
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDocker, Inc.
 

La actualidad más candente (20)

What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityWhat Have Namespaces Done for you Lately? Liz Rice, Aqua Security
What Have Namespaces Done for you Lately? Liz Rice, Aqua Security
 
Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017Ten layers of container security for CloudCamp Nov 2017
Ten layers of container security for CloudCamp Nov 2017
 
DockerCon 2016 Recap
DockerCon 2016 RecapDockerCon 2016 Recap
DockerCon 2016 Recap
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
 
Container security
Container securityContainer security
Container security
 
Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017
 
Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment
 
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dw
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharbor
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
 
Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
 
Docker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Innovation Accelerator
Docker, Innovation Accelerator
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
Multicore ware applications of machine learning for video encoding
Multicore ware applications of machine learning for video encodingMulticore ware applications of machine learning for video encoding
Multicore ware applications of machine learning for video encoding
 
Drupalcamp cebu 2017 docker and portainer
Drupalcamp cebu 2017 docker and portainerDrupalcamp cebu 2017 docker and portainer
Drupalcamp cebu 2017 docker and portainer
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTR
 

Similar a Containers demystified webinar detailed

Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDr Ganesh Iyer
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source John Willis
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...NETWAYS
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetesDr Ganesh Iyer
 
Scaling your Automated Tests: Docker and Kubernetes
Scaling your Automated Tests: Docker and KubernetesScaling your Automated Tests: Docker and Kubernetes
Scaling your Automated Tests: Docker and KubernetesManoj Kumar Kumar
 
Hands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestrationHands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestrationAmir Hossein Sorouri
 
Containers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesContainers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesNEXTtour
 
State of the Container Ecosystem
State of the Container EcosystemState of the Container Ecosystem
State of the Container EcosystemVinay Rao
 
Introduction to SQL Server in Containers
Introduction to SQL Server in ContainersIntroduction to SQL Server in Containers
Introduction to SQL Server in ContainersGrant Fritchey
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftYusuf Hadiwinata Sutandar
 
DevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarDevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarCodefresh
 
Make for docker
Make for dockerMake for docker
Make for dockermat f.
 

Similar a Containers demystified webinar detailed (20)

Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data Scientists
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetes
 
Scaling your Automated Tests: Docker and Kubernetes
Scaling your Automated Tests: Docker and KubernetesScaling your Automated Tests: Docker and Kubernetes
Scaling your Automated Tests: Docker and Kubernetes
 
Hands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestrationHands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestration
 
Docker
DockerDocker
Docker
 
Containers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesContainers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container Services
 
State of the Container Ecosystem
State of the Container EcosystemState of the Container Ecosystem
State of the Container Ecosystem
 
Introduction to SQL Server in Containers
Introduction to SQL Server in ContainersIntroduction to SQL Server in Containers
Introduction to SQL Server in Containers
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshift
 
OpenStack Summit
OpenStack SummitOpenStack Summit
OpenStack Summit
 
DevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarDevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm Webinar
 
Docker-Intro
Docker-IntroDocker-Intro
Docker-Intro
 
Make for docker
Make for dockerMake for docker
Make for docker
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
 

Más de Witekio

IoT & Embedded systems development
IoT & Embedded systems developmentIoT & Embedded systems development
IoT & Embedded systems developmentWitekio
 
IoT Device Security
IoT Device SecurityIoT Device Security
IoT Device SecurityWitekio
 
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...Witekio
 
Conference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoTConference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoTWitekio
 
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...Witekio
 
Machine learning - AI
Machine learning - AIMachine learning - AI
Machine learning - AIWitekio
 
Evoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machineEvoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machineWitekio
 
Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017Witekio
 
Why you should join Witekio
Why you should join WitekioWhy you should join Witekio
Why you should join WitekioWitekio
 
Witekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenanceWitekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenanceWitekio
 
System Software Integration, Witekio
System Software Integration, WitekioSystem Software Integration, Witekio
System Software Integration, WitekioWitekio
 
Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016Witekio
 
Continuous Integration for BSP
Continuous Integration for BSPContinuous Integration for BSP
Continuous Integration for BSPWitekio
 
Witekio Qt and Android
Witekio Qt and AndroidWitekio Qt and Android
Witekio Qt and AndroidWitekio
 
Witekio custom modern qt quick components
Witekio custom modern qt quick componentsWitekio custom modern qt quick components
Witekio custom modern qt quick componentsWitekio
 
Witekio IoT presentation
Witekio IoT presentation Witekio IoT presentation
Witekio IoT presentation Witekio
 
Adeneo Embedded stay tuned
Adeneo Embedded stay tuned Adeneo Embedded stay tuned
Adeneo Embedded stay tuned Witekio
 

Más de Witekio (17)

IoT & Embedded systems development
IoT & Embedded systems developmentIoT & Embedded systems development
IoT & Embedded systems development
 
IoT Device Security
IoT Device SecurityIoT Device Security
IoT Device Security
 
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
 
Conference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoTConference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoT
 
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
 
Machine learning - AI
Machine learning - AIMachine learning - AI
Machine learning - AI
 
Evoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machineEvoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machine
 
Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017
 
Why you should join Witekio
Why you should join WitekioWhy you should join Witekio
Why you should join Witekio
 
Witekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenanceWitekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenance
 
System Software Integration, Witekio
System Software Integration, WitekioSystem Software Integration, Witekio
System Software Integration, Witekio
 
Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016
 
Continuous Integration for BSP
Continuous Integration for BSPContinuous Integration for BSP
Continuous Integration for BSP
 
Witekio Qt and Android
Witekio Qt and AndroidWitekio Qt and Android
Witekio Qt and Android
 
Witekio custom modern qt quick components
Witekio custom modern qt quick componentsWitekio custom modern qt quick components
Witekio custom modern qt quick components
 
Witekio IoT presentation
Witekio IoT presentation Witekio IoT presentation
Witekio IoT presentation
 
Adeneo Embedded stay tuned
Adeneo Embedded stay tuned Adeneo Embedded stay tuned
Adeneo Embedded stay tuned
 

Último

Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durbanmasabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburgmasabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 

Último (20)

Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 

Containers demystified webinar detailed

  • 1. 1 Before We Get Started YES! This session is being recorded Questions and comments • You can access the video anytime on Youtube • Enter into the Q&A window • We will answer at the end of the session
  • 2. Containers Demystified Embedded Systems September 2017 Cedric Vincent cvincent@witekio.com Director of technology
  • 3. 3 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard New version of your Dashboard using Altia?
  • 4. 4 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard Dashboard Altia Containers come packaged up with everything they need.
  • 5. 5 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Atomic update of your container! Dashboard Altia
  • 6. 6 Containers Demystified Life cycle of your applications and security Phone System librairiesUI framework Host System Navigation Dashboard Altia The new container is not working properly? Just Rollback to the former version! Dashboard
  • 7. 7 Containers Demystified What is a container? Container Isolation Source: Freedom Penguin File system container File system host system Libraries Application 1 Libraries Linux Kernel Hardware
  • 8. 8 Containers Demystified Virtual Machine versus Container Container Isolation Libraries Application 1 Linux kernel Libraries Application 1 Hypervisor Libraries Linux Kernel Hardware • Performance: • Size: • Security: Container VM Container VM Container VM
  • 9. 9 Containers Demystified Namespace Container 1 Network interface Process ID Cgroup Namespace1 Wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Source: https://lwn.net/Articles/531114/ Container 2 Container 3
  • 10. 10 Containers Demystified Control Groups Container 1 < 20% Process scheduler Memory manager Network interface < 100MB < 10MB/s Fine-grained control over allocating, prioritizing, denying and managing system resources Control Groups
  • 11. 11 Containers Demystified Control Groups Container 1 < 20% Process scheduler Memory manager Network interface < 100MB < 10MB/s Control Groups > 100MB Out Of Memory from Cgroups will kill your container. One container equal one application!
  • 12. 12 Rootless Containers Demystified Security Source: pixabay.com/ Container 1 Host system CGroups MAC Seccomp Namespace • Cgroups limit resource access • Namespace virtualize access to resource • Seccomp limit access to system calls. • Mandatory Access Control policy • Rootless containers
  • 13. 13 Containers Demystified Open Container Initiative Source: DockerCon 2016 + wikipedia ✓ RUNC (used by docker) ✓ RailCar (developed by Oracle) • More than 13 different implementations of container runtimes! • Open industry standards around container format and runtime • 2 independent implementations
  • 14. 14 Containers Demystified Containers on Embedded System Container Runtime App1 App2 Shared Libraries 1 Shared Libraries 2 Container Runtime Shared Libraries 1 App2 Shared Libraries 2 Filesystem App1 Shared Libraries 1 Shared Libraries 2 Filesystem Filesystem
  • 15. 15 Containers Demystified Containers on Embedded System Container Runtime Shared Libraries 1 App2 Shared Libraries 2 Filesystem App1 Shared Libraries 1 Shared Libraries 2 Filesystem Filesystem One file system including the minimum necessary to run your container runtime Your containers
  • 16. 16 Containers Demystified How can we help? Source: pixabay.com/ • Generate your containers. • Secure your containers • Sign your containers • Transfer your containers • Roll back your containers
  • 17. 17 Follow us on our blog www.witek.io
  • 18. ©2017 Witekio & Subsidiaries. All Rights Reserved. This document and the information it contains is confidential and remains the property of our company. It may not be copied or communicated to a third party or used for any purpose other than that for which it is supplied without the prior written consent of our company. Thank you