SlideShare ist ein Scribd-Unternehmen logo

Compute Security - Container Security

Eng Teong Cheah
Eng Teong Cheah

Implement container security strategies including Azure Container Instances, Azure Container Registry, and Azure Kubernetes.

Ingenieurwesen
1 von 19
Downloaden Sie, um offline zu lesen
Compute Security Container Security
Hello! I am Eng Teong Cheah Microsoft MVP 2
Container Security 3
Containers 4 A container is an isolated, lightweight silo for running an application on the host operating system. Containers build on top of the host operating system’s kernel (which can be thought as the buried plumbing of the operating system), and contain only apps and some lightweight operating system APIs and services that run in user mode.
Container 5
Azure Container Instances (ACI) Security 6 ◎ Continuously scan registry images ◎ Use approved images – chain of custody, signing ◎ Run with least privileges ◎ Whitelist files the container can access ◎ Maintain network segmentation ◎ Monitor and log activities
Azure Container Instances (ACI) 7 ◎ PaaS Service ◎ Custom sizes – fast startup times ◎ Public IP connectivity and DNS name ◎ Hypervisor-level security ◎ Isolation features ◎ Co-scheduled groups ◎ Persistent storage ◎ Linux and Windows containers ◎ Virtual network deployments
Azure Container Registry (ACR) 8 ◎ Docker registry service ◎ Private and hosted in Azure ◎ Build, store, and manage images ◎ Push and pull with the Docker CLI or the Azure CLI ◎ Access with Azure AD ◎ RBAC to assign permissions ◎ Automate using DevOps
Azure Container Registry (ACR) Authentication 9 Require authentication for all operations – unauthenticated access is not supported. Identity Usage Scenario Details Azure AD identities including user and service principals Unattended push from DevOps, Unattended pull to Azure or external services Role-based access – Read, Contributor, Owner Individual AD identity Interactive push/pull by developers and testers Admin user Interactive push/pull by individual developer or tester By default, disabled.
Azure Kubernetes Service (AKS) 10 Portable, extensible open-source platform for automating deployment, scaling, and the management of containerized workloads. ◎ Fully managed ◎ Public IP and FQDN (Private IP option) ◎ Accessed with RBAC or Azure AD ◎ Dynamic scale containers ◎ Automation of rolling updates and rollbacks of containers ◎ Management of storage, network traffic, and sensitive information
AKS Terminology 11 Term Description Pools Groups of nodes with identical configurations. Nodes Individual VM running containerized applications. Pods Single instance of an application. A pod can contain multiple containers. Deployme nt One or more identical pods managed by Kubernetes. Manifest YAML file describing a deployment
AKS Architecture 12
AKS Architecture 13
AKS Networking 14
AKS Storage 15 ◎ Local storage on the node is fast and simple to use ◎ Local storage might not be available after the pod is deleted ◎ Multiple pods may share data volumes ◎ Storage could potentially be reattached to another pod
AKS and Azure Active Directory 16
Demostrations Configuring and Securing ACR and AKS 17
Thanks! Any questions? You can find me at: @walkercet 18
References ◎ https://docs.microsoft.com/en-us/ 19

Empfohlen

Consolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes ServiceConsolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes Service
Eng Teong Cheah
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
Eng Teong Cheah
 
Implementing a Container Strategy
Implementing a Container StrategyImplementing a Container Strategy
Implementing a Container Strategy
Eng Teong Cheah
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
Eng Teong Cheah
 
Implementing a Build Strategy
Implementing a Build StrategyImplementing a Build Strategy
Implementing a Build Strategy
Eng Teong Cheah
 
Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0
Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0
Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0
Afkham Azeez
 
What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3
Nuxeo
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 

Empfohlen

Consolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes ServiceConsolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes Service
Eng Teong Cheah
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
Eng Teong Cheah
 
Implementing a Container Strategy
Implementing a Container StrategyImplementing a Container Strategy
Implementing a Container Strategy
Eng Teong Cheah
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
Eng Teong Cheah
 
Implementing a Build Strategy
Implementing a Build StrategyImplementing a Build Strategy
Implementing a Build Strategy
Eng Teong Cheah
 
Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0
Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0
Introduction to WSO2 Microservices Framework for Java (MSF4J) 2.0
Afkham Azeez
 
What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3
Nuxeo
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Tom Kerkhove
 
From Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple StepsFrom Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple Steps
DevOps.com
 
Игорь Леонтьев "Azure Container Service: not only Docker"
Игорь Леонтьев "Azure Container Service: not only Docker"Игорь Леонтьев "Azure Container Service: not only Docker"
Игорь Леонтьев "Azure Container Service: not only Docker"
Fwdays
 
Enforce Your Application Security
Enforce Your Application SecurityEnforce Your Application Security
Enforce Your Application Security
Nuxeo
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
Tom Kerkhove
 
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
Afkham Azeez
 
WSO2Con 2015-us-introduction-to-mss-v2
WSO2Con 2015-us-introduction-to-mss-v2WSO2Con 2015-us-introduction-to-mss-v2
WSO2Con 2015-us-introduction-to-mss-v2
Afkham Azeez
 
Adjusting carbon topology to match high availability scenario requirements
Adjusting carbon topology to match high availability scenario requirements Adjusting carbon topology to match high availability scenario requirements
Adjusting carbon topology to match high availability scenario requirements
Afkham Azeez
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for Elasticsearch
Jochen Kressin
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
Rahul Nath
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containers
Aqua Security
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
An Nguyen
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
SRE & Kubernetes
SRE & KubernetesSRE & Kubernetes
SRE & Kubernetes
Afkham Azeez
 
Best ofmms scsm - iaas
Best ofmms scsm - iaasBest ofmms scsm - iaas
Best ofmms scsm - iaas
Dieter Wijckmans
 
WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)
WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)
WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)
Afkham Azeez
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
vivekbhat
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key Vault
Alberto Diaz Martin
 
WSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices Server
WSO2
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...
Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...
Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...
{code} by Dell EMC
 
AWS CSA Associate 06-07
AWS CSA Associate 06-07AWS CSA Associate 06-07
AWS CSA Associate 06-07
Heitor Vital
 

Weitere ähnliche Inhalte

Was ist angesagt?

ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
Tom Kerkhove
 
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
Afkham Azeez
 
Adjusting carbon topology to match high availability scenario requirements
Adjusting carbon topology to match high availability scenario requirements Adjusting carbon topology to match high availability scenario requirements
Adjusting carbon topology to match high availability scenario requirements
Afkham Azeez
 

Was ist angesagt? (19)

Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
 
From Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple StepsFrom Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple Steps
 
Игорь Леонтьев "Azure Container Service: not only Docker"
Игорь Леонтьев "Azure Container Service: not only Docker"Игорь Леонтьев "Azure Container Service: not only Docker"
Игорь Леонтьев "Azure Container Service: not only Docker"
 
Enforce Your Application Security
Enforce Your Application SecurityEnforce Your Application Security
Enforce Your Application Security
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
[WSO2Con Asia 2014] Accelerating Mobile App Development with MBaaS
 
WSO2Con 2015-us-introduction-to-mss-v2
WSO2Con 2015-us-introduction-to-mss-v2WSO2Con 2015-us-introduction-to-mss-v2
WSO2Con 2015-us-introduction-to-mss-v2
 
Adjusting carbon topology to match high availability scenario requirements
Adjusting carbon topology to match high availability scenario requirements Adjusting carbon topology to match high availability scenario requirements
Adjusting carbon topology to match high availability scenario requirements
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for Elasticsearch
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containers
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
SRE & Kubernetes
SRE & KubernetesSRE & Kubernetes
SRE & Kubernetes
 
Best ofmms scsm - iaas
Best ofmms scsm - iaasBest ofmms scsm - iaas
Best ofmms scsm - iaas
 
WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)
WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)
WSO2ConUS 2015 - Introduction to WSO2 Microservices Server (MSS)
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key Vault
 
WSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices Server
 

Ähnlich wie Compute Security - Container Security

Training AWS: Module 8 - RDS, Aurora, ElastiCache
Training AWS: Module 8 - RDS, Aurora, ElastiCacheTraining AWS: Module 8 - RDS, Aurora, ElastiCache
Training AWS: Module 8 - RDS, Aurora, ElastiCache
Bùi Quang Lâm
 

Ähnlich wie Compute Security - Container Security (20)

Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
 
Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...
Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...
Deep Dive on REX-Ray, libStorage and the Container Storage Interface - Clinto...
 
AWS CSA Associate 06-07
AWS CSA Associate 06-07AWS CSA Associate 06-07
AWS CSA Associate 06-07
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stackHybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stack
 
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Amazon Web Services (AWS) Case study
Amazon Web Services (AWS) Case studyAmazon Web Services (AWS) Case study
Amazon Web Services (AWS) Case study
 
Docker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. ServerlessDocker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. Serverless
 
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciContainers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aci
 
Kubernetes security with AWS
Kubernetes security with AWSKubernetes security with AWS
Kubernetes security with AWS
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
 
Azure bootcamp (1)
Azure bootcamp (1)Azure bootcamp (1)
Azure bootcamp (1)
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
 
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UKStorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
 
2020-02-10 Java on Azure Solution Briefing
2020-02-10 Java on Azure Solution Briefing2020-02-10 Java on Azure Solution Briefing
2020-02-10 Java on Azure Solution Briefing
 
Training AWS: Module 8 - RDS, Aurora, ElastiCache
Training AWS: Module 8 - RDS, Aurora, ElastiCacheTraining AWS: Module 8 - RDS, Aurora, ElastiCache
Training AWS: Module 8 - RDS, Aurora, ElastiCache
 
Container on azure
Container on azureContainer on azure
Container on azure
 

Mehr von Eng Teong Cheah

Mehr von Eng Teong Cheah (20)

Monitoring Models
Monitoring ModelsMonitoring Models
Monitoring Models
 
Responsible Machine Learning
Responsible Machine LearningResponsible Machine Learning
Responsible Machine Learning
 
Training Optimal Models
Training Optimal ModelsTraining Optimal Models
Training Optimal Models
 
Deploying Models
Deploying ModelsDeploying Models
Deploying Models
 
Machine Learning Workflows
Machine Learning WorkflowsMachine Learning Workflows
Machine Learning Workflows
 
Working with Compute
Working with ComputeWorking with Compute
Working with Compute
 
Working with Data
Working with DataWorking with Data
Working with Data
 
Experiments & TrainingModels
Experiments & TrainingModelsExperiments & TrainingModels
Experiments & TrainingModels
 
Automated Machine Learning
Automated Machine LearningAutomated Machine Learning
Automated Machine Learning
 
Getting Started with Azure Machine Learning
Getting Started with Azure Machine LearningGetting Started with Azure Machine Learning
Getting Started with Azure Machine Learning
 
Hacking Containers - Container Storage
Hacking Containers - Container StorageHacking Containers - Container Storage
Hacking Containers - Container Storage
 
Hacking Containers - Looking at Cgroups
Hacking Containers - Looking at CgroupsHacking Containers - Looking at Cgroups
Hacking Containers - Looking at Cgroups
 
Hacking Containers - Linux Containers
Hacking Containers - Linux ContainersHacking Containers - Linux Containers
Hacking Containers - Linux Containers
 
Data Security - Storage Security
Data Security - Storage SecurityData Security - Storage Security
Data Security - Storage Security
 
Application Security- App security
Application Security- App securityApplication Security- App security
Application Security- App security
 
Application Security - Key Vault
Application Security - Key VaultApplication Security - Key Vault
Application Security - Key Vault
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host Security
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network Security
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter Security
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity Management
 

Kürzlich hochgeladen

Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
jaanualu31
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
chumtiyababu
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 

Kürzlich hochgeladen (20)

kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 

Compute Security - Container Security

  • 2. Hello! I am Eng Teong Cheah Microsoft MVP 2
  • 4. Containers 4 A container is an isolated, lightweight silo for running an application on the host operating system. Containers build on top of the host operating system’s kernel (which can be thought as the buried plumbing of the operating system), and contain only apps and some lightweight operating system APIs and services that run in user mode.
  • 6. Azure Container Instances (ACI) Security 6 ◎ Continuously scan registry images ◎ Use approved images – chain of custody, signing ◎ Run with least privileges ◎ Whitelist files the container can access ◎ Maintain network segmentation ◎ Monitor and log activities
  • 7. Azure Container Instances (ACI) 7 ◎ PaaS Service ◎ Custom sizes – fast startup times ◎ Public IP connectivity and DNS name ◎ Hypervisor-level security ◎ Isolation features ◎ Co-scheduled groups ◎ Persistent storage ◎ Linux and Windows containers ◎ Virtual network deployments
  • 8. Azure Container Registry (ACR) 8 ◎ Docker registry service ◎ Private and hosted in Azure ◎ Build, store, and manage images ◎ Push and pull with the Docker CLI or the Azure CLI ◎ Access with Azure AD ◎ RBAC to assign permissions ◎ Automate using DevOps
  • 9. Azure Container Registry (ACR) Authentication 9 Require authentication for all operations – unauthenticated access is not supported. Identity Usage Scenario Details Azure AD identities including user and service principals Unattended push from DevOps, Unattended pull to Azure or external services Role-based access – Read, Contributor, Owner Individual AD identity Interactive push/pull by developers and testers Admin user Interactive push/pull by individual developer or tester By default, disabled.
  • 10. Azure Kubernetes Service (AKS) 10 Portable, extensible open-source platform for automating deployment, scaling, and the management of containerized workloads. ◎ Fully managed ◎ Public IP and FQDN (Private IP option) ◎ Accessed with RBAC or Azure AD ◎ Dynamic scale containers ◎ Automation of rolling updates and rollbacks of containers ◎ Management of storage, network traffic, and sensitive information
  • 11. AKS Terminology 11 Term Description Pools Groups of nodes with identical configurations. Nodes Individual VM running containerized applications. Pods Single instance of an application. A pod can contain multiple containers. Deployme nt One or more identical pods managed by Kubernetes. Manifest YAML file describing a deployment
  • 15. AKS Storage 15 ◎ Local storage on the node is fast and simple to use ◎ Local storage might not be available after the pod is deleted ◎ Multiple pods may share data volumes ◎ Storage could potentially be reattached to another pod
  • 16. AKS and Azure Active Directory 16
  • 18. Thanks! Any questions? You can find me at: @walkercet 18