Suche senden
Hochladen
Microservices Architectural Maturity Matrix, Token Based Authority, API Gateway Mediation
âą
2 gefÀllt mir
âą
258 views
J
JoAnna Cheshire
Folgen
Presented at InnoTech Austin 2017. All rights reserved.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 21
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and Operators
ArmonDadgar
Â
Accelerating SOA Security and Gov
Accelerating SOA Security and Gov
CA API Management
Â
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
Â
Datapower it sec2019
Datapower it sec2019
Goran Angelov
Â
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
Â
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summits
Â
Blockchain Architecture Design Patterns (GPSCT303) - AWS re:Invent 2018
Blockchain Architecture Design Patterns (GPSCT303) - AWS re:Invent 2018
Amazon Web Services
Â
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
CA API Management
Â
Empfohlen
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and Operators
ArmonDadgar
Â
Accelerating SOA Security and Gov
Accelerating SOA Security and Gov
CA API Management
Â
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
Â
Datapower it sec2019
Datapower it sec2019
Goran Angelov
Â
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
Â
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summits
Â
Blockchain Architecture Design Patterns (GPSCT303) - AWS re:Invent 2018
Blockchain Architecture Design Patterns (GPSCT303) - AWS re:Invent 2018
Amazon Web Services
Â
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
CA API Management
Â
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Puma Security, LLC
Â
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
Amazon Web Services
Â
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
Â
KinomaJS on Microcontroller
KinomaJS on Microcontroller
Ryuji Ishiguro
Â
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
Jean-François LOMBARDO
Â
Incorporating OAuth
Incorporating OAuth
Twobo Technologies
Â
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
Â
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Amazon Web Services
Â
TADHack Oracle Alerant Optare Webinar
TADHack Oracle Alerant Optare Webinar
Alan Quayle
Â
Shmat ccs12
Shmat ccs12
Rahul Sule
Â
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
Gaurav "GP" Pal
Â
Getting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
Â
AWS Espressif Amazon FreeRTOS
AWS Espressif Amazon FreeRTOS
Amazon Web Services
Â
Cwin16 tls-a micro-service deployment - v1.0
Cwin16 tls-a micro-service deployment - v1.0
Capgemini
Â
WSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to Stratos
Afkham Azeez
Â
WSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to Stratos
Afkham Azeez
Â
From Open Source to Open API with Restlet
From Open Source to Open API with Restlet
Restlet
Â
Iot platform supporting million requests per second
Iot platform supporting million requests per second
Abinasha Karana
Â
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWS
Amazon Web Services
Â
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your Services
Alcide
Â
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Amazon Web Services
Â
Role of cloud and analytics in IoT
Role of cloud and analytics in IoT
Selvaraj Kesavan
Â
Weitere Àhnliche Inhalte
Was ist angesagt?
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Puma Security, LLC
Â
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
Amazon Web Services
Â
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
Â
KinomaJS on Microcontroller
KinomaJS on Microcontroller
Ryuji Ishiguro
Â
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
Jean-François LOMBARDO
Â
Incorporating OAuth
Incorporating OAuth
Twobo Technologies
Â
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
Â
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Amazon Web Services
Â
TADHack Oracle Alerant Optare Webinar
TADHack Oracle Alerant Optare Webinar
Alan Quayle
Â
Shmat ccs12
Shmat ccs12
Rahul Sule
Â
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
Gaurav "GP" Pal
Â
Was ist angesagt?
(11)
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Â
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
Â
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Â
KinomaJS on Microcontroller
KinomaJS on Microcontroller
Â
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
Â
Incorporating OAuth
Incorporating OAuth
Â
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Â
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Â
TADHack Oracle Alerant Optare Webinar
TADHack Oracle Alerant Optare Webinar
Â
Shmat ccs12
Shmat ccs12
Â
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
Â
Ăhnlich wie Microservices Architectural Maturity Matrix, Token Based Authority, API Gateway Mediation
Getting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
Â
AWS Espressif Amazon FreeRTOS
AWS Espressif Amazon FreeRTOS
Amazon Web Services
Â
Cwin16 tls-a micro-service deployment - v1.0
Cwin16 tls-a micro-service deployment - v1.0
Capgemini
Â
WSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to Stratos
Afkham Azeez
Â
WSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to Stratos
Afkham Azeez
Â
From Open Source to Open API with Restlet
From Open Source to Open API with Restlet
Restlet
Â
Iot platform supporting million requests per second
Iot platform supporting million requests per second
Abinasha Karana
Â
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWS
Amazon Web Services
Â
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your Services
Alcide
Â
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Amazon Web Services
Â
Role of cloud and analytics in IoT
Role of cloud and analytics in IoT
Selvaraj Kesavan
Â
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authentication
dsapps
Â
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Amazon Web Services
Â
Amazon EKS ê·žëŠŹêł Service Mesh (êčìžíž ì룚ì ìŠ ìí€í íž, AWS) :: Gaming on AWS 2018
Amazon EKS ê·žëŠŹêł Service Mesh (êčìžíž ì룚ì ìŠ ìí€í íž, AWS) :: Gaming on AWS 2018
Amazon Web Services Korea
Â
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
Amazon Web Services
Â
Aerospike Today and Tomorrow Product Roadmap 2023_Lenley Hensarling.pdf
Aerospike Today and Tomorrow Product Roadmap 2023_Lenley Hensarling.pdf
Aerospike, Inc.
Â
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with Envoy
Daniel Hochman
Â
Open APIs - Risks and Rewards (Ăredev 2013)
Open APIs - Risks and Rewards (Ăredev 2013)
Nordic APIs
Â
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
Timothy Spann
Â
3 Software Stacks for IoT Solutions
3 Software Stacks for IoT Solutions
Ian Skerrett
Â
Ăhnlich wie Microservices Architectural Maturity Matrix, Token Based Authority, API Gateway Mediation
(20)
Getting Started with AWS IoT
Getting Started with AWS IoT
Â
AWS Espressif Amazon FreeRTOS
AWS Espressif Amazon FreeRTOS
Â
Cwin16 tls-a micro-service deployment - v1.0
Cwin16 tls-a micro-service deployment - v1.0
Â
WSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to Stratos
Â
WSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to Stratos
Â
From Open Source to Open API with Restlet
From Open Source to Open API with Restlet
Â
Iot platform supporting million requests per second
Iot platform supporting million requests per second
Â
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWS
Â
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your Services
Â
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Â
Role of cloud and analytics in IoT
Role of cloud and analytics in IoT
Â
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authentication
Â
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Â
Amazon EKS ê·žëŠŹêł Service Mesh (êčìžíž ì룚ì ìŠ ìí€í íž, AWS) :: Gaming on AWS 2018
Amazon EKS ê·žëŠŹêł Service Mesh (êčìžíž ì룚ì ìŠ ìí€í íž, AWS) :: Gaming on AWS 2018
Â
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
Â
Aerospike Today and Tomorrow Product Roadmap 2023_Lenley Hensarling.pdf
Aerospike Today and Tomorrow Product Roadmap 2023_Lenley Hensarling.pdf
Â
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with Envoy
Â
Open APIs - Risks and Rewards (Ăredev 2013)
Open APIs - Risks and Rewards (Ăredev 2013)
Â
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
Â
3 Software Stacks for IoT Solutions
3 Software Stacks for IoT Solutions
Â
Mehr von JoAnna Cheshire
The Future of Work
The Future of Work
JoAnna Cheshire
Â
Catching the Next Train
Catching the Next Train
JoAnna Cheshire
Â
The SharePoint Migration Playbook
The SharePoint Migration Playbook
JoAnna Cheshire
Â
Introduction to SharePoint Framework
Introduction to SharePoint Framework
JoAnna Cheshire
Â
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
JoAnna Cheshire
Â
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
JoAnna Cheshire
Â
Modernizing Data Management
Modernizing Data Management
JoAnna Cheshire
Â
Microsoft and Enterprise Search
Microsoft and Enterprise Search
JoAnna Cheshire
Â
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
JoAnna Cheshire
Â
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
JoAnna Cheshire
Â
Accelerate your business with flow
Accelerate your business with flow
JoAnna Cheshire
Â
Building applications for your business using power apps and flow
Building applications for your business using power apps and flow
JoAnna Cheshire
Â
The Decomposition Dilemma
The Decomposition Dilemma
JoAnna Cheshire
Â
Not "If" but "When"
Not "If" but "When"
JoAnna Cheshire
Â
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
JoAnna Cheshire
Â
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
JoAnna Cheshire
Â
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
JoAnna Cheshire
Â
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
JoAnna Cheshire
Â
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
Â
A UX first approach to Office 365 migrations
A UX first approach to Office 365 migrations
JoAnna Cheshire
Â
Mehr von JoAnna Cheshire
(20)
The Future of Work
The Future of Work
Â
Catching the Next Train
Catching the Next Train
Â
The SharePoint Migration Playbook
The SharePoint Migration Playbook
Â
Introduction to SharePoint Framework
Introduction to SharePoint Framework
Â
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
Â
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
Â
Modernizing Data Management
Modernizing Data Management
Â
Microsoft and Enterprise Search
Microsoft and Enterprise Search
Â
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
Â
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
Â
Accelerate your business with flow
Accelerate your business with flow
Â
Building applications for your business using power apps and flow
Building applications for your business using power apps and flow
Â
The Decomposition Dilemma
The Decomposition Dilemma
Â
Not "If" but "When"
Not "If" but "When"
Â
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
Â
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
Â
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
Â
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
Â
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
Â
A UX first approach to Office 365 migrations
A UX first approach to Office 365 migrations
Â
KĂŒrzlich hochgeladen
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Â
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Â
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Â
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Â
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Â
Navi Mumbai Call Girls đ„° 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls đ„° 8617370543 Service Offer VIP Hot Model
Deepika Singh
Â
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Â
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Â
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Â
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Â
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Â
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel AraĂșjo
Â
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Â
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Â
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
Â
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
Â
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Â
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Â
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Â
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Â
KĂŒrzlich hochgeladen
(20)
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Â
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Â
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Â
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Â
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Â
Navi Mumbai Call Girls đ„° 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls đ„° 8617370543 Service Offer VIP Hot Model
Â
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Â
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Â
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Â
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Â
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Â
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Â
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Â
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Â
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Â
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Â
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Â
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Â
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Â
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Â
Microservices Architectural Maturity Matrix, Token Based Authority, API Gateway Mediation
1.
”services ARCHITECTURAL Maturity Matrix,
Token Based Auth/z, API Gateway Mediation {âquipâ:âIf I had more time I would have written less code.â} iryanb@guarden.io FOUNDER & CHIEF GUARDENER GUARDEN.io âGuard Roots Then Growâ © 2017 Ryan Bagnulo All Rights Reserved guarden.io 1
2.
”QA? Remember the
VASA (Virtualization As A Service) The VASA took 2 years to build (1626 to 1628) at the request of The King of Sweden Gustavus Adolphus The ship was ordered to sail before proper QA testing proved the ballasts seaworthy and that day Aug 10 1628 it capsized, sunk and 30 drowned âImprudence and negligenceâ was the Kingâs reply when told of the 1400 yard catastrophic launch witnessed by thousands of spectators The King had approved all measurements and armaments, and the ship was built according to the instructions and loaded as specified. No-one was punished or found guilty for negligence. âOnly God Knowsâ ~ Arendt de Groote 2© 2017 Ryan Bagnulo All Rights Reserved guarden.io
3.
Docker now natively
supports Kubernetes, be aware that anonymous is enabled by default starting in version 1.6+, read this https:// kubernetes.io/docs/admin/authentication/ #x509-client-certs Beware of the side door that the kubelet opens up with a built in http server on the container processes, for example on port 10255/healthz CONSIDER dedicated Bare Metal infrastructure with minimal OS builds for ingress/egress software virtualized API gateway facade runtimes Whilst containers speed deployment perhaps they do NOT belong on shared infrastructure for high risk use cases Design a Balanced Architecture with Resiliency prioritized above Time To Market 3© 2017 Ryan Bagnulo All Rights Reserved guarden.io
4.
”services ARCHITECTURE Perhaps a
few design JIRAs before pushing agile code during the next sprint 4© 2017 Ryan Bagnulo All Rights Reserved guarden.io
5.
Does anyone remember
SCA? SCA > SOA Services Component Architecture How are microservices different from service components? Swagger JSON, no XML no WSDLs A decade ago there was an Apache project called Tuscany, a year ago Apache retired it to the attic http://attic.apache.org/projects/ tuscany.html Apache ServiceMix became JBOSS Fuse and Camel blurred the lines between API Gateway and ESB Apache however is keeping OSGi alive with Felix 5.6.8 (Aug 25 2017) & Jetty 3.4.4 (July 14 2017) http://felix.apache.org/ 5© 2017 Ryan Bagnulo All Rights Reserved guarden.io
6.
WSDLs WADLed, now
YAML Swaggers JSON Yesterdayâs Technology Today With Tomorrowâs Stacks Servlets, CORBA ORBs, DCOM, EJBs, POJOs, Portlets, Widgets, AJAX Message Queues, Multicast Topics WS-*, SOAP, XML, namespaces, XSLT Basic Auth, SAML, XACML, LDAP, AD REST API path & query parameters for GETs, moving apikeys to client ids and OAUTH tokens to the Authorization header OpenID Connect facades to LDAP AD, & JWT / JWE tokens Containerized REST API operations with less code interdependency and more declarative descriptor definitions for greater messaging integration as ”services Distributed Caching, AMQP, Kafka Topics, messaging service meshes 6© 2017 Ryan Bagnulo All Rights Reserved guarden.io
7.
”services Complexity Matrix READ
ONLY GET Verbs that only serve relatively static (cacheable) responses WRITE ONCE POST Verbs that create objects synchronously WRITE MANY PUT or DELETE Verbs that change or remove data asynchronously INTEGRATED GET Verbs that execute a transaction synchronously or read from an IoT sensor or perform an analog or digital write to an IoT device (light on/ off/luminosity, thermostat warmer/cooler, motor on/ off/velocity, haptic feedback devices such as wearables, gaming controllers, car seats to wake the driver, etcâŠ) 7© 2017 Ryan Bagnulo All Rights Reserved guarden.io
8.
”services Security Matrix Basic
Auth and API keys in query or path parameters deprecated and replaced by BEARER Tokens for AUTHENTICATION HMAC Tokens with a nonce and digital signature are used for transactional API operations and tokens are issued with scopes for course grained entitlement AUTHORIZATION Mutual TLS is required to even request authorization code, token and to use the API facade via the gateway, if JSON Web Tokens are used, then protect the PII by using an encrypted JWE token If the microservices application runtime tier does not integrate using an internal API Gateway, ESB, or asynchronous messaging subsystem with an integrated policy enforcement point then âsidecarsâ should minimally only accept connections from mutual TLS connections with certificates and keys that are replaced with each build deployment from QA to Production 8© 2017 Ryan Bagnulo All Rights Reserved guarden.io
9.
”services Mediation Matrix VALIDATE
INPUT: âOpen APIsâ accessible via shared public cloud infrastructures minimally perform content type input validation for path, query, header, and message scheme & fields THROTTLE and FILTER: The mediation tier (API Gateway, Sidecar, ESB) restricts request sizes (Kbytes per message, per field), number of requests per minute, content types 302 TO A HONEYPOT: Either rejects or 302s malicious requests containing well knowns patterns such as escape characters, SQL injections, to a honeypot to build a blacklist of IP Addresses, Client IDs, User IDs, etc. FILTER: To prevent accidental data breaches verify the data in the response is of the expected type, size, and that the client requesting the data is entitled to access the data using decorations on tokens such as an account number, employee id, nonce TRANSFORM: Normalize requests and responses with consistent field names and data types as per Swagger documentation for each query, path, and object and message body field 9© 2017 Ryan Bagnulo All Rights Reserved guarden.io
10.
Pythagorean ”Service Maturity Architectural
Matrix 10 0 Squared = 9 Squared = 16 Squared = 25 3 4 5 API DB Dev SIT UAT ⚠QA LIVE LIVE 2 LIVE 1 SIT UAT QA Development 0 is the SecDevOps System Management subsystem, people and processes (ITIL, CMDB, Registry, Repository, Logs, Telemetry, Reports, Build & Deploy Tools & Honeypots) 1 was Alpha 2 was Beta 3 is for low risk read only GETs from APIs integrating with a ”S that may also be mediated with a distributed object Cache or protocol / message Transformation logic 4 is for GETs and POSTs, a messaging tier may also be implemented for asynchronous PUT & DELETE events and for large volumes of dynamic data, with at least 2 LIVE sites geographically distributed for increased resiliency and lower latency, the database may be a RDBMS and/or a NoSQL distributed system with a query router 5 is for GETs, POSTs, PUTs & DELETEs with increased mediation for requests and responses, low latency messaging, edge caching, and 3 or more LIVE sites CT ”S ”S ”S ”S ”S ”S ”S ”S ”S ”S ”S API DB API DB CT DB ”S ”SAPI API CT ”S DB API API API DB DB DBCT CT CT CT ”S Q Q Q Q Q Q Q Q DB DB DB DB CT CT CT CT API API API API CT ”S ”S Q SIT UAT QA LIVE++ LIVE 1 LIVE 2 © 2017 Ryan Bagnulo All Rights Reserved guarden.io
11.
API Gateway or
Sidecar Proxy DMZ or Message Queue / Topic API Gateways vs the ESB vs âservice meshesâ of sidecar proxies Are sidecars simply adding a hop to publish to queues and to subscribe to topics? Are Sidecars destined to be antiquated like agents or bloated like buses with features to transform protocols (http/tls, protobufs, JMS, AMQP) and to integrate with HSMs etc. 11© 2017 Ryan Bagnulo All Rights Reserved guarden.io
12.
âWith ”services our
performance has gone plaidâ ~ said nobody The speed of the edge of the network will always be out of your control The speed of the core of the network will always be bound by physics and the race condition of update, sign, verify, authenticate & authorize events Mgmt ”Services such as a lazy written logging tier will result in less CPU and IOPS usage, improving performance and security compared to syslog to file then aggregation Do the math, remember Littleâs Law of Queueing Theory when sizing systems Queue Length = Arrival rate * response time of Queue Expected Peak Traffic = 10,000 Requests Per Second Response Time SLA is 150 milliseconds per GET 10000 x 0.150 = a Queue Length of 1,500 Port 443 Socket Events If 1 x 4 CPU Container with 4 GB of Memory supports 300 Concurrent Requests Per Second Then Each Production Site should have traffic load balanced to at least 1500/300 = 5 API Gateways integrating with 5 ”servers 12© 2017 Ryan Bagnulo All Rights Reserved guarden.io
13.
Legacy API Anti-patterns:
The âREST mulletâ Virtual APIs for ACCEPT JSON client apps in front of the gateway & with the gateway mediating protocol and message transformation to content type XML request and or responses from SOAP services The gateway may have custom policies written in JS, XSLT, Python, Jython, Java, or Freemarker to handle field level data mappings and namespaces Be Aware of ns=http://tempuri.org (FACEPALM) Be Aware of SOAP 1.0 vs SOAP 1.1 ns prefixes for inner elements 13© 2017 Ryan Bagnulo All Rights Reserved guarden.io đ±
14.
JWT is not
the logical replacement, albeit they are similar to SAML with user data in XML attributes Perhaps OAuth is appropriate, Bearer tokens < MAC tokens with signatures and a NONCE OpenID / Connect simplifies connectivity to the identity provider and removes connection details and passwords from code and config files Legacy API Anti-patterns: the apikey query param, SAML, NTLM, Kerberos, Basic Auth, LDAP, AD 14© 2017 Ryan Bagnulo All Rights Reserved guarden.io
15.
Legacy API Anti-patterns:
Yearly Pen Tests (Weak Shark Week) Lesson Learned: Before a Jaguar Shark maybe hacks your API there is usually a spike in traffic, often the requests are unusual, for example a florescent fish bot DDOS Minimally look for the CWE Top 25 during the QA code review and Test cases The OWASP Top 10 are similar And Truly, Do Stop checking in code to GitHub with connection details and credentials to prod subsystems in config files Perhaps audit the key rotation credential refresh people, process and tools quarterly so as to ensure it is always expected, scheduled and made a priority rather than a reaction to a surprise 15© 2017 Ryan Bagnulo All Rights Reserved guarden.io
16.
Legacy API Anti-patterns:
Inconsistent HTTP Response Codes 200 OK 201 PUT POST PATCH successful, resource(s) created. See ETAG, Last-Modified Headers and message body with URI(s) 202 Asynchronous Request Accepted, contingent response. 204 No Content. Valid Request with an empty set response. 300 This is SPARTA! 302 FOUND, elsewhere. Redirect (perhaps per policy to honey) 401 Not Authenticated. (Either the client app or user) 403 Not Authorized. (Token with the wrong scope) 404 Resource not found. 418 This device is a tea kettle. Java not found. 500 Server Error. (Probably a Null Pointer Error, or Connection Refused perhaps untrusted Mutual TLS client certificate) 16 IoTea TEA © 2017 Ryan Bagnulo All Rights Reserved guarden.io
17.
Mitigating IoT Controller
APIs with OAuth Entitlement Scopes Private Tokens Signed Nonced HMAC Create New Devices Update Device UUID Delete Device Show Local Devices Claim Control of a Device Get the IP Address of a Device POST Data to a Device 17© 2017 Ryan Bagnulo All Rights Reserved guarden.io
18.
Read Only IoT
Sensor ”services architectural patterns Diamond Meshes (known for their heat conductivity, think Thermostats) are the simplest and hence also the strongest building blocks of ”services Meshes, for example streaming temperature information and are distributed pervasively. Graphite Meshes are very stable ”services distributed across architectural layers with enclaves of sensors segmented on network tiers: public edge, fog edge, fog core, private edge, private core Lonsdaleite Meshes of ”services are integrated honeycombs of Diamond Bots permitted to send and receive data to each other across the layers of âGraphiteâ network enclaves, this is essentially the suggestion regarding the use of sidecars instead of gateways, ESBs, or messaging systems. 18© 2017 Ryan Bagnulo All Rights Reserved guarden.io
19.
Transactional IoT ”services architectural
patterns Buckminsterfullerene âBuckyballâ meshes of ”services are transactional bots that both sense analog and digital input, and also react to analog write or digital write events to a connected device. Each mesh is an autonomous disconnected caged enclave in the fog tier segmented from the public cloud and the private core networks. Fullerite Buckyball meshes of ”services are built on solid state technology and are designed to withstand the harshest physical world conditions with automated node recovery and delegated failover from node to node. Rugbyball meshes of ”services are caged-fused rings of bots with policy enforcement occurring within the cage and outside of the cage. 19© 2017 Ryan Bagnulo All Rights Reserved guarden.io
20.
Integrated IoT ”services architectural
patterns Amorphous meshes of ”services are what happen to ungoverned systems on public networks over time, AKA a âSpaghetti MESShâ that is impossible to manage with chaotic bottlenecks and backdoors. Integrated tubes of ”services connect dimensions of big data globally with near real- time latencies for the best performance consistency, with the security and privacy of a âvacuum zoneâ that also acts as a trap to honeypot malicious activity. 20© 2017 Ryan Bagnulo All Rights Reserved guarden.io
21.
âEverything should be
as simple as possible, no simpler.â Albert Einstein 21 ” ” ””” ” ”” ” ” ” ” ” ” ” ” ” ””” ” ” ” ” ””” ””” © 2017 Ryan Bagnulo All Rights Reserved guarden.io
Jetzt herunterladen