SlideShare ist ein Scribd-Unternehmen logo

Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)

VMware Tanzu
VMware Tanzu

Speakers: Hay­don Ryan, Piv­otal; Dun­can Winn, Piv­otal To learn more about Pivotal Cloud Foundry, visit http://www.pivotal.io/platform-as-a-service/pivotal-cloud-foundry.

Technologie
1 von 49
Downloaden Sie, um offline zu lesen
Building a Robust Cloud Foundry HA, Security and DR Haydon Ryan | Duncan Winn
This Talk • High Availability (HA) • Security • Backing Up to Mitigate Disasters
© Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. HA
High Availability Focus Keep apps and services running in a performant, reliable and recoverable manner with timely error detection 1. Application Instances 2. Platform Processes 3. Platform VMs 4. Availability Zones Keep Cloud Foundry running in a performant, reliable and recoverable manner with timely error detection
HA Deployments Data Center Data Center vs Single Foundation Deployment Dual Foundation Deployment Data Center AZ AZ RDS
WHAT IF I TOLD YOU IT’S POSSIBLE TO SANELY STREACH LAYER 2
User Targets myapp.mycf.com DNS Resolution NSX Boundary NSX Boundary VIP VIP SSL Termination SSL Termination DNS Global Traffic Management (GTM) HA ProxyHA Proxy LTM ApplianceLTM Appliance HA ProxyHA Proxy LTM Appliance LTM Appliance
Domains System Application myapp.mycf.comtargetsClient cf1.comcf push myappDeveloperapi.runtime-cf1.comcf apiDeveloper CF1 cf2.comcf push myappDeveloperapi.runtime-cf2.comcf apiDeveloper CF2 myapp.mycf.comtargetsClient myapp.mycf.comtargetsClient myapp.mycf.comtargetsClient
Services
Services AppApp
Services Service Service AppApp
Services
HA Deployments Data Center Data Center vs Single Foundation Deployment Dual Foundation Deployment Data Center AZ AZ RDS
Customer Requirements • AWS with One VPC • Specific IP Ranges • Using their internal corporate DNS • no ELBs or Route 53 due to security setup • Multiple Deployments of Cloud Foundry • Availability Requirements: • App uptime • Failure matrix for downtime situations 15
16 HA Proxy HA Proxy Bind DNS CF Router CF Router HA Proxy HA ProxySSL Termination
Who does the deployment need to be highly available for? • Users 17 • Developers • Operations
Any non-critical jobs? • clock_global • used to clean up cc jobs. • Rely on Resurrector? • Redeploy to a different AZ by changing the resource_pool 18
Critical Jobs & VMs • haproxy • router • nats • cloud controller • uaa/login? • doppler? 19
Any less-critical jobs? • loggregator / doppler • loggregator traffic controller • etcd • Jumpbox? • bosh? 20
Caveats with this design • Single points of failure? • DNS • Bosh • Jumpbox • Human interaction required in outage • Bind DNS does not do health monitoring. Monitoring scripts were outside the scope of the engagement. 21
22 AZ 2 Private Subnet Customer Managed Interstate Data Center VPC 10.202.64.0/19 AZ 1 Private Subnet Bosh Subnet jumpbox CF SG Direct connect Bosh SG login uaa bosh router dea cc natshealth etcd doppler cc worker loggregator traffic controller clock RDS Subnet RDS SG boshdb uaadb ccdb apps manager router bind dns Customer Managed NAT bastion ha Proxy ha Proxy ha Proxy ha Proxy router router login uaadea cc natshealth etcd doppler cc worker loggregator traffic controller AZ 1 AZ 2
How We Deployed Services • Proxy is a Single Point of Failure • No Load Balancer to use • Acceptable by customer in failure matrix 23 Proxy Server Server App Proxy Proxy
Best Practices for Services 24 • By Default the service binding uses the first proxy address only Proxy Proxy Server Server Server App Load  Balancer
Which Deployment 25 Data Center Data Center Dual Foundation Deployment Single Foundation Dual AZs Data Center Single Foundation Single DC Data Center AZ AZ RDS
© Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. Security and Networking (on AWS)
Security • Security is Hard • Three main concepts • Restrict • Limit scope if Compromised • Mitigate • Feedback Loop
Restrict Users • Individual Multi Factor Authentication • IaaS Console/Hypervisor • Jumpbox • Separate accounts • jumpbox • bosh • github 28
Restrict Packets • IaaS • Security Groups (Instance Level) (better) • ACLs (Subnet Level) • Routes 29
Restrict Containers • Cloud Foundry • Application Security Groups • dea network properties • (allow_networks, deny_networks) 30
Pivotal Cloud Foundry for AWS 1.4 31 VPC 10.0.0.0/16 RDS Subnet Private Subnet Public Subnet Ops Manager Elastic Runtime SG ELB Internet Gateway NAT SG Ops Manager SG RDS SG login uaa micro router vpc all NAT restricted ip 80, 443, 22* dea Common traffic flow sg allow rules cc natshealth etcd doppler cc worker loggregator traffic controller clock boshdbuaadb ccdb apps manager db autoscaling ELB SG 80?,443 vpc all vpc all was it just DEAs that used NAT?
Limit Scope if Compromised • Different user/pass for each component • Strong passwords (and usernames) • 20 Characters Long • RANDOM • Both Cases • best avoid special characters • eg: YxLIodYrUBQJrvMRYSQL • Avoid cloud cow 32 http://vanmethod.deviantart.com/art/Purple-­‐Cow-­‐on-­‐a-­‐Cloud-­‐146265642
Limit Scope if Compromised 33 Runner UAA Login uaadb mySql App  Data
Post Breach Security Measures • Roll • AWS Credentials • Username and password (Manifest) • PEMs • Investigate: • Vm Logs (stored in Splunk / CloudWatch Logs) • Bosh and Login Audit Trail • Isolate the VM for investigation • Resurrector will resurrect a non compromised VM • Feedback: • Incident Reports and Management Support 34
Paranoid Level Security for AWS • Cloudtrail • Alerts • Audit Logs • Rollback’ • Remove ability to delete • s3 buckets • subnets / vpc • backups • Everything else can be recovered from a backup… 35
© Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. Disaster Recovery
Backing Up Cloud Foundry Configuration CCDB UAADB Apps Man DB BOSH DB BlobstoreNFS Server
SCENARIO ONE LOSE PCF OPS-MGR OR CF DEPLOYMENT
Restoring Ops Manager Export Configuration Create New Ops Manager Import Configuration
Configuration Backup Ops Manager scp ubuntu@<OPS MRG HOST>:/var/tempest/workspaces/default/deployments/*yml . Backup Deployment Manifests
Deployment Manifests in BOSH ~$ bosh deployments bosh download manifest cf-c700aee17d9f801eb152 cfmanifest.yml
SCENARIO TWO LOSE BOSH
Restoring Bosh With PCF Export Configuration Import Configuration :/var/tempest/workspaces/default/deployments/micro BOSH   Director + bosh.yml
Restoring Bosh Manually BOSH BOSH DB bosh.yml pg_dump /var/vcap/store /dev/xvda /dev/sdb /dev/sdf Volume: BOSH DB External MySQL Blobstore
Critical Databases Backup Cloud Controller DB Encryption Credentials Locate Databases Info From Deployment Manifest bosh download manifest cf-c700aee17d9f801eb152 cfmanifest.yml
NFS / Blobstore ✦ Managing Access with ACLs ✦ Create Group Bucket Policy for “Deny DeleteBucket” ✦ Turn on versioning { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "s3:DeleteBucket", "s3:DeleteObjectVersion" ], "Resource": [ "*" ] } ] }
© Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. Takeaway
Takeaways ✦ Tradeoffs: No “One Size Fits All” ✦ Service Layer ✦ Existing: Environmental Security and Networking Constraints ✦ Backup: Configuration, Databases, Blobstore (This is your CF).
KEEP CALM AND CF PUSH

Empfohlen

How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...VMware Tanzu
 
Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)
Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)
Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)VMware Tanzu
 
Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly - Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly - Giulio Vian
 
OpenSlava 2014 - CloudFoundry inside-out
OpenSlava 2014 - CloudFoundry inside-outOpenSlava 2014 - CloudFoundry inside-out
OpenSlava 2014 - CloudFoundry inside-outAntons Kranga
 
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)VMware Tanzu
 
Introduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anyninesIntroduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anyninesanynines GmbH
 
DevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as codeDevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as codesriram_rajan
 
Choosing a dev ops paas platform svccd presentation v2 for slideshare
Choosing a dev ops paas platform svccd presentation v2 for slideshareChoosing a dev ops paas platform svccd presentation v2 for slideshare
Choosing a dev ops paas platform svccd presentation v2 for slideshareJohn Mathon
 

Empfohlen

How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...VMware Tanzu
 
Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)
Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)
Four Levels of High Availability in Cloud Foundry (Cloud Foundry Summit 2014)VMware Tanzu
 
Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly - Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly - Giulio Vian
 
OpenSlava 2014 - CloudFoundry inside-out
OpenSlava 2014 - CloudFoundry inside-outOpenSlava 2014 - CloudFoundry inside-out
OpenSlava 2014 - CloudFoundry inside-outAntons Kranga
 
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)VMware Tanzu
 
Introduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anyninesIntroduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anyninesanynines GmbH
 
DevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as codeDevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as codesriram_rajan
 
Choosing a dev ops paas platform svccd presentation v2 for slideshare
Choosing a dev ops paas platform svccd presentation v2 for slideshareChoosing a dev ops paas platform svccd presentation v2 for slideshare
Choosing a dev ops paas platform svccd presentation v2 for slideshareJohn Mathon
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Katherine Golovinova
 
Building Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudBuilding Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudGeekNightHyderabad
 
How Cloudify uses Chef as a Foundation for PaaS
How Cloudify uses Chef as a Foundation for PaaSHow Cloudify uses Chef as a Foundation for PaaS
How Cloudify uses Chef as a Foundation for PaaSNati Shalom
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesAlexander Penev
 
Comparison of Several PaaS Cloud Computing Platforms
Comparison of Several PaaS Cloud Computing PlatformsComparison of Several PaaS Cloud Computing Platforms
Comparison of Several PaaS Cloud Computing Platformsijsrd.com
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014Amazon Web Services
 
Becoming the master of disaster... with asr
Becoming the master of disaster... with asrBecoming the master of disaster... with asr
Becoming the master of disaster... with asrnj-azure
 
Rover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerRover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerSujay Pillai
 
Run your Java code on Cloud Foundry
Run your Java code on Cloud FoundryRun your Java code on Cloud Foundry
Run your Java code on Cloud FoundryAndy Piper
 
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...DataStax
 
Single tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SSingle tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SCloudLinux
 
Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherAzure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherKarim Vaes
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT RightScale
 
analytic engine - a common big data computation service on the aws
analytic engine - a common big data computation service on the awsanalytic engine - a common big data computation service on the aws
analytic engine - a common big data computation service on the awsScott Miao
 
Java in the Cloud : PaaS Platforms in Comparison
Java in the Cloud : PaaS Platforms in Comparison Java in the Cloud : PaaS Platforms in Comparison
Java in the Cloud : PaaS Platforms in Comparison Eberhard Wolff
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodeRobert Greiner
 
SRE & Kubernetes
SRE & KubernetesSRE & Kubernetes
SRE & KubernetesAfkham Azeez
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native SoftwarePaul Fremantle
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefAll Things Open
 
Svc 202-netflix-open-source
Svc 202-netflix-open-sourceSvc 202-netflix-open-source
Svc 202-netflix-open-sourceRuslan Meshenberg
 
AWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsAWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsRightScale
 
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)DOCOMO Innovations, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Katherine Golovinova
 
Building Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudBuilding Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudGeekNightHyderabad
 
How Cloudify uses Chef as a Foundation for PaaS
How Cloudify uses Chef as a Foundation for PaaSHow Cloudify uses Chef as a Foundation for PaaS
How Cloudify uses Chef as a Foundation for PaaSNati Shalom
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesAlexander Penev
 
Comparison of Several PaaS Cloud Computing Platforms
Comparison of Several PaaS Cloud Computing PlatformsComparison of Several PaaS Cloud Computing Platforms
Comparison of Several PaaS Cloud Computing Platformsijsrd.com
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014Amazon Web Services
 
Becoming the master of disaster... with asr
Becoming the master of disaster... with asrBecoming the master of disaster... with asr
Becoming the master of disaster... with asrnj-azure
 
Rover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerRover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerSujay Pillai
 
Run your Java code on Cloud Foundry
Run your Java code on Cloud FoundryRun your Java code on Cloud Foundry
Run your Java code on Cloud FoundryAndy Piper
 
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...DataStax
 
Single tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SSingle tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SCloudLinux
 
Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherAzure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherKarim Vaes
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT RightScale
 
analytic engine - a common big data computation service on the aws
analytic engine - a common big data computation service on the awsanalytic engine - a common big data computation service on the aws
analytic engine - a common big data computation service on the awsScott Miao
 
Java in the Cloud : PaaS Platforms in Comparison
Java in the Cloud : PaaS Platforms in Comparison Java in the Cloud : PaaS Platforms in Comparison
Java in the Cloud : PaaS Platforms in Comparison Eberhard Wolff
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodeRobert Greiner
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native SoftwarePaul Fremantle
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefAll Things Open
 

Was ist angesagt? (20)

Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
 
Building Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudBuilding Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring Cloud
 
How Cloudify uses Chef as a Foundation for PaaS
How Cloudify uses Chef as a Foundation for PaaSHow Cloudify uses Chef as a Foundation for PaaS
How Cloudify uses Chef as a Foundation for PaaS
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
 
Comparison of Several PaaS Cloud Computing Platforms
Comparison of Several PaaS Cloud Computing PlatformsComparison of Several PaaS Cloud Computing Platforms
Comparison of Several PaaS Cloud Computing Platforms
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
 
Becoming the master of disaster... with asr
Becoming the master of disaster... with asrBecoming the master of disaster... with asr
Becoming the master of disaster... with asr
 
Rover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerRover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker Container
 
Run your Java code on Cloud Foundry
Run your Java code on Cloud FoundryRun your Java code on Cloud Foundry
Run your Java code on Cloud Foundry
 
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...
DataStax | DSE Production-Certified Cassandra on Pivotal Cloud Foundry (Ben L...
 
Single tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SSingle tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8S
 
Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with RancherAzure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT
 
analytic engine - a common big data computation service on the aws
analytic engine - a common big data computation service on the awsanalytic engine - a common big data computation service on the aws
analytic engine - a common big data computation service on the aws
 
Java in the Cloud : PaaS Platforms in Comparison
Java in the Cloud : PaaS Platforms in Comparison Java in the Cloud : PaaS Platforms in Comparison
Java in the Cloud : PaaS Platforms in Comparison
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
SRE & Kubernetes
SRE & KubernetesSRE & Kubernetes
SRE & Kubernetes
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
 
Svc 202-netflix-open-source
Svc 202-netflix-open-sourceSvc 202-netflix-open-source
Svc 202-netflix-open-source
 

Ähnlich wie Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)

AWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsAWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsRightScale
 
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)DOCOMO Innovations, Inc.
 
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld
 
RightScale: Single Pane of Glass at Computerworld 2013
RightScale: Single Pane of Glass at Computerworld 2013RightScale: Single Pane of Glass at Computerworld 2013
RightScale: Single Pane of Glass at Computerworld 2013RightScale
 
Updates to Apache CloudStack and LINBIT SDS
Updates to Apache CloudStack and LINBIT SDSUpdates to Apache CloudStack and LINBIT SDS
Updates to Apache CloudStack and LINBIT SDSShapeBlue
 
Tokyo azure meetup #12 service fabric internals
Tokyo azure meetup #12 service fabric internalsTokyo azure meetup #12 service fabric internals
Tokyo azure meetup #12 service fabric internalsTokyo Azure Meetup
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesAmazon Web Services
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAmazon Web Services
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with DockerMariaDB plc
 
12-factor-jruby
12-factor-jruby12-factor-jruby
12-factor-jrubyJoe Kutner
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...Kai Wähner
 
Varrow VMworld Update and vCHS Lunch and Learn Presentation
Varrow VMworld Update and vCHS Lunch and Learn PresentationVarrow VMworld Update and vCHS Lunch and Learn Presentation
Varrow VMworld Update and vCHS Lunch and Learn PresentationVarrow Inc.
 
Designing High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWSDesigning High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWS☁ Bryan Krausen
 
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASSECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASSEuropean Collaboration Summit
 
Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5BusinesstoVirtual
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudICT-Partners
 
Getting Started with MariaDB with Docker
Getting Started with MariaDB with DockerGetting Started with MariaDB with Docker
Getting Started with MariaDB with DockerMariaDB plc
 

Ähnlich wie Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR) (20)

AWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsAWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid Environments
 
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)
How to Manage Your Cloud by Drupal (DrupalCon CPH 2010)
 
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
 
RightScale: Single Pane of Glass at Computerworld 2013
RightScale: Single Pane of Glass at Computerworld 2013RightScale: Single Pane of Glass at Computerworld 2013
RightScale: Single Pane of Glass at Computerworld 2013
 
Updates to Apache CloudStack and LINBIT SDS
Updates to Apache CloudStack and LINBIT SDSUpdates to Apache CloudStack and LINBIT SDS
Updates to Apache CloudStack and LINBIT SDS
 
Tokyo azure meetup #12 service fabric internals
Tokyo azure meetup #12 service fabric internalsTokyo azure meetup #12 service fabric internals
Tokyo azure meetup #12 service fabric internals
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon Workspaces
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with Docker
 
12-factor-jruby
12-factor-jruby12-factor-jruby
12-factor-jruby
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
Architecture patterns for distributed, hybrid, edge and global Apache Kafka d...
 
Varrow VMworld Update and vCHS Lunch and Learn Presentation
Varrow VMworld Update and vCHS Lunch and Learn PresentationVarrow VMworld Update and vCHS Lunch and Learn Presentation
Varrow VMworld Update and vCHS Lunch and Learn Presentation
 
Designing High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWSDesigning High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWS
 
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASSECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS
 
Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloud
 
Getting Started with MariaDB with Docker
Getting Started with MariaDB with DockerGetting Started with MariaDB with Docker
Getting Started with MariaDB with Docker
 

Mehr von VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

Mehr von VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Kürzlich hochgeladen

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)

  • 1.
  • 2. Building a Robust Cloud Foundry HA, Security and DR Haydon Ryan | Duncan Winn
  • 3. This Talk • High Availability (HA) • Security • Backing Up to Mitigate Disasters
  • 4. © Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. HA
  • 5. High Availability Focus Keep apps and services running in a performant, reliable and recoverable manner with timely error detection 1. Application Instances 2. Platform Processes 3. Platform VMs 4. Availability Zones Keep Cloud Foundry running in a performant, reliable and recoverable manner with timely error detection
  • 6. HA Deployments Data Center Data Center vs Single Foundation Deployment Dual Foundation Deployment Data Center AZ AZ RDS
  • 7. WHAT IF I TOLD YOU IT’S POSSIBLE TO SANELY STREACH LAYER 2
  • 8. User Targets myapp.mycf.com DNS Resolution NSX Boundary NSX Boundary VIP VIP SSL Termination SSL Termination DNS Global Traffic Management (GTM) HA ProxyHA Proxy LTM ApplianceLTM Appliance HA ProxyHA Proxy LTM Appliance LTM Appliance
  • 9. Domains System Application myapp.mycf.comtargetsClient cf1.comcf push myappDeveloperapi.runtime-cf1.comcf apiDeveloper CF1 cf2.comcf push myappDeveloperapi.runtime-cf2.comcf apiDeveloper CF2 myapp.mycf.comtargetsClient myapp.mycf.comtargetsClient myapp.mycf.comtargetsClient
  • 14. HA Deployments Data Center Data Center vs Single Foundation Deployment Dual Foundation Deployment Data Center AZ AZ RDS
  • 15. Customer Requirements • AWS with One VPC • Specific IP Ranges • Using their internal corporate DNS • no ELBs or Route 53 due to security setup • Multiple Deployments of Cloud Foundry • Availability Requirements: • App uptime • Failure matrix for downtime situations 15
  • 16. 16 HA Proxy HA Proxy Bind DNS CF Router CF Router HA Proxy HA ProxySSL Termination
  • 17. Who does the deployment need to be highly available for? • Users 17 • Developers • Operations
  • 18. Any non-critical jobs? • clock_global • used to clean up cc jobs. • Rely on Resurrector? • Redeploy to a different AZ by changing the resource_pool 18
  • 19. Critical Jobs & VMs • haproxy • router • nats • cloud controller • uaa/login? • doppler? 19
  • 20. Any less-critical jobs? • loggregator / doppler • loggregator traffic controller • etcd • Jumpbox? • bosh? 20
  • 21. Caveats with this design • Single points of failure? • DNS • Bosh • Jumpbox • Human interaction required in outage • Bind DNS does not do health monitoring. Monitoring scripts were outside the scope of the engagement. 21
  • 22. 22 AZ 2 Private Subnet Customer Managed Interstate Data Center VPC 10.202.64.0/19 AZ 1 Private Subnet Bosh Subnet jumpbox CF SG Direct connect Bosh SG login uaa bosh router dea cc natshealth etcd doppler cc worker loggregator traffic controller clock RDS Subnet RDS SG boshdb uaadb ccdb apps manager router bind dns Customer Managed NAT bastion ha Proxy ha Proxy ha Proxy ha Proxy router router login uaadea cc natshealth etcd doppler cc worker loggregator traffic controller AZ 1 AZ 2
  • 23. How We Deployed Services • Proxy is a Single Point of Failure • No Load Balancer to use • Acceptable by customer in failure matrix 23 Proxy Server Server App Proxy Proxy
  • 24. Best Practices for Services 24 • By Default the service binding uses the first proxy address only Proxy Proxy Server Server Server App Load  Balancer
  • 25. Which Deployment 25 Data Center Data Center Dual Foundation Deployment Single Foundation Dual AZs Data Center Single Foundation Single DC Data Center AZ AZ RDS
  • 26. © Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. Security and Networking (on AWS)
  • 27. Security • Security is Hard • Three main concepts • Restrict • Limit scope if Compromised • Mitigate • Feedback Loop
  • 28. Restrict Users • Individual Multi Factor Authentication • IaaS Console/Hypervisor • Jumpbox • Separate accounts • jumpbox • bosh • github 28
  • 29. Restrict Packets • IaaS • Security Groups (Instance Level) (better) • ACLs (Subnet Level) • Routes 29
  • 30. Restrict Containers • Cloud Foundry • Application Security Groups • dea network properties • (allow_networks, deny_networks) 30
  • 31. Pivotal Cloud Foundry for AWS 1.4 31 VPC 10.0.0.0/16 RDS Subnet Private Subnet Public Subnet Ops Manager Elastic Runtime SG ELB Internet Gateway NAT SG Ops Manager SG RDS SG login uaa micro router vpc all NAT restricted ip 80, 443, 22* dea Common traffic flow sg allow rules cc natshealth etcd doppler cc worker loggregator traffic controller clock boshdbuaadb ccdb apps manager db autoscaling ELB SG 80?,443 vpc all vpc all was it just DEAs that used NAT?
  • 32. Limit Scope if Compromised • Different user/pass for each component • Strong passwords (and usernames) • 20 Characters Long • RANDOM • Both Cases • best avoid special characters • eg: YxLIodYrUBQJrvMRYSQL • Avoid cloud cow 32 http://vanmethod.deviantart.com/art/Purple-­‐Cow-­‐on-­‐a-­‐Cloud-­‐146265642
  • 33. Limit Scope if Compromised 33 Runner UAA Login uaadb mySql App  Data
  • 34. Post Breach Security Measures • Roll • AWS Credentials • Username and password (Manifest) • PEMs • Investigate: • Vm Logs (stored in Splunk / CloudWatch Logs) • Bosh and Login Audit Trail • Isolate the VM for investigation • Resurrector will resurrect a non compromised VM • Feedback: • Incident Reports and Management Support 34
  • 35. Paranoid Level Security for AWS • Cloudtrail • Alerts • Audit Logs • Rollback’ • Remove ability to delete • s3 buckets • subnets / vpc • backups • Everything else can be recovered from a backup… 35
  • 36. © Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. Disaster Recovery
  • 37. Backing Up Cloud Foundry Configuration CCDB UAADB Apps Man DB BOSH DB BlobstoreNFS Server
  • 38. SCENARIO ONE LOSE PCF OPS-MGR OR CF DEPLOYMENT
  • 39. Restoring Ops Manager Export Configuration Create New Ops Manager Import Configuration
  • 40. Configuration Backup Ops Manager scp ubuntu@<OPS MRG HOST>:/var/tempest/workspaces/default/deployments/*yml . Backup Deployment Manifests
  • 41. Deployment Manifests in BOSH ~$ bosh deployments bosh download manifest cf-c700aee17d9f801eb152 cfmanifest.yml
  • 43. Restoring Bosh With PCF Export Configuration Import Configuration :/var/tempest/workspaces/default/deployments/micro BOSH   Director + bosh.yml
  • 44. Restoring Bosh Manually BOSH BOSH DB bosh.yml pg_dump /var/vcap/store /dev/xvda /dev/sdb /dev/sdf Volume: BOSH DB External MySQL Blobstore
  • 45. Critical Databases Backup Cloud Controller DB Encryption Credentials Locate Databases Info From Deployment Manifest bosh download manifest cf-c700aee17d9f801eb152 cfmanifest.yml
  • 46. NFS / Blobstore ✦ Managing Access with ACLs ✦ Create Group Bucket Policy for “Deny DeleteBucket” ✦ Turn on versioning { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "s3:DeleteBucket", "s3:DeleteObjectVersion" ], "Resource": [ "*" ] } ] }
  • 47. © Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. Takeaway
  • 48. Takeaways ✦ Tradeoffs: No “One Size Fits All” ✦ Service Layer ✦ Existing: Environmental Security and Networking Constraints ✦ Backup: Configuration, Databases, Blobstore (This is your CF).