Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,
|
|
- Derick Phillips
- 8 years ago
- Views:
Transcription
1 Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,
2 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization Behind The Scenes: Docker Behind The Scenes: Warden Let s Talk Security Conclusion Q&A
3 What are Containers? chroot.
4 What are Containers? Containerization aka OS-Level Virtualization kernel allows multiple isolated user-space instances each instance = a Container One way to implement PaaS Containers: Virtualization Engines (VE) or Virtual Private Servers (VPS) or Jails encapsulate applications + act as interface to the surrounding system chroot on steroids kernel provided resource-management limits impact of a container s activities on others
5 What are Containers? Uses: useful for allocating finite hardware resources separation of several applications for improved hardware independence and added resource management common in virtual hosting security? Modern implementations make containers easier to use (e.g. Docker, Warden)
6 Containers and The Cloud Cloud Computing requires an isolation mechanism: Physical separation Hardware Virtualization (aka virtualization) Containerization (aka OS-level virtualization) Multi-user accounts Containerization provides an isolation mechanism required for cloud computing
7 Containerization vs. H/W Virtualization Containers share the same OS kernel faster, more portable, scale more efficiently Single OS kernels provide file-system access, application process controls, and networking (no H/W emulation) + (use of cgroups and namespaces) = lightweight
8 Containerization vs. H/W Virtualization Containers use namespaces to separate resources PID namespaces Mount namespaces Network namespaces UTS namespaces: nodename & domainname IPC namespaces User namespaces Virtualization: Mature with an extensive ecosystem Allows for mixed kernels on the same platform More secure
9 Containerization vs. H/W Virtualization Containers share OS kernel and (possibly) binaries and libraries
10 Behind The Scenes: Docker Open-source, written in Go Automates deployment of applications Can package an app and its dependencies in a container Accesses the Linux Kernel virtualization in many ways
11 Behind The Scenes: Docker Docker Architecture Docker Architecture
12 Behind The Scenes: Warden Container technology used by Cloud Foundry Provides a service for managing a set of containers Written in C (core) and Ruby Direct use of kernel primitives for containerization previously used LXC wshd (Warden Shell Daemon) root process for managing the container and launching apps streams standard output and error back to client Garden = Warden re-written in Go separates server and protocol buffer handling from a Garden Linux backend (can have a specific backend for each OS)
13 Behind The Scenes: Warden Warden and Garden Architectures
14 Let s Talk Security File-system isolation is implemented typically network and process list isolation as well Lack of user namespace support same user ID across all containers processes running as root have root access everywhere Imperfect design and code increases attack surface namespace leaks present in many containers many containers have had little security analysis
15 Let s Talk Security Shared Kernel = any vulnerability in Kernel can impact all containers OS Kernels provide much more functionality than Hypervisors: larger attack surface Kernels will always have vulnerabilities and containers directly expose it to programs Containers were not designed to contain security issues
16 Conclusion Containers are very useful help ease software management Work is being done to address security e.g. implementation of user namespaces Should be used with caution processes in the container should not be given privileged access good for deploying apps that are trusted (e.g. same vendor) other mechanisms such as SELinux, seccomp, and separate user accounts should be used in conjunction
17 Q&A Q&A
Docker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou
Docker : devops, shared registries, HPC and emerging use cases François Moreews & Olivier Sallou Presentation Docker is an open-source engine to easily create lightweight, portable, self-sufficient containers
More informationUse Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc.
Use Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc. 1 2 Containerize! 3 Use Cases for Docker in the Enterprise Linux
More informationWHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security
Introduction to Container Security Table of Contents Executive Summary 3 The Docker Platform 3 Linux Best Practices and Default Docker Security 3 Process Restrictions 4 File & Device Restrictions 4 Application
More informationCisco Application-Centric Infrastructure (ACI) and Linux Containers
White Paper Cisco Application-Centric Infrastructure (ACI) and Linux Containers What You Will Learn Linux containers are quickly gaining traction as a new way of building, deploying, and managing applications
More informationVirtual Hosting & Virtual Machines
& Virtual Machines Coleman Kane Coleman.Kane@ge.com September 2, 2014 Cyber Defense Overview / Machines 1 / 17 Similar to the network partitioning schemes described previously, there exist a menu of options
More informationCloud Security with Stackato
Cloud Security with Stackato 1 Survey after survey identifies security as the primary concern potential users have with respect to cloud computing. Use of an external computing environment raises issues
More informationCloud Simulator for Scalability Testing
Cloud Simulator for Scalability Testing Nitin Singhvi (nitin.singhvi@calsoftinc.com) 1 Introduction Nitin Singhvi 11+ Years of experience in technology, especially in Networking QA. Currently playing roles
More informationPlatform as a Service and Container Clouds
John Rofrano Senior Technical Staff Member, Cloud Automation Services, IBM Research jjr12@nyu.edu or rofrano@us.ibm.com Platform as a Service and Container Clouds using IBM Bluemix and Docker for Cloud
More informationBuilding Docker Cloud Services with Virtuozzo
Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are
More informationRED HAT CONTAINER STRATEGY
RED HAT CONTAINER STRATEGY An introduction to Atomic Enterprise Platform and OpenShift 3 Gavin McDougall Senior Solution Architect AGENDA Software disrupts business What are Containers? Misconceptions
More informationThe Software Container pattern
The Software Container pattern Madiha H. Syed and Eduardo B. Fernandez Dept. of Computer and Elect. Eng. and Computer Science Florida Atlantic University, Boca Raton, FL 33431, USA msyed2014@fau.edu, ed@cse.fau.edu
More informationIntro to Docker and Containers
Contain Yourself Intro to Docker and Containers Nicola Kabar @nicolakabar nicola@docker.com Solutions Architect at Docker Help Customers Design Solutions based on Docker
More informationWhat new with Informix Software as a Service and Bluemix? Brian Hughes IBM
What new with Informix Software as a Service and Bluemix? Brian Hughes IBM 1 Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not
More informationThe Definitive Guide To Docker Containers
The Definitive Guide To Docker Containers EXECUTIVE SUMMARY THE DEFINITIVE GUIDE TO DOCKER CONTAINERS Executive Summary We are in a new technology age software is dramatically changing. The era of off
More informationDevops n the Operating System! John Willis Director of Ecosystem Development! Docker, Inc.
Devops n the Operating System!! John Willis Director of Ecosystem Development! Docker, Inc. @botchagalupe a.k.a. John Willis 35 Years in IT Operations Exxon, Canonical, Chef, Enstratius, Socketplane Devopsdays
More informationLinstantiation of applications. Docker accelerate
Industrial Science Impact Factor : 1.5015(UIF) ISSN 2347-5420 Volume - 1 Issue - 12 Aug - 2015 DOCKER CONTAINER 1 2 3 Sawale Bharati Shankar, Dhoble Manoj Ramchandra and Sawale Nitin Shankar images. ABSTRACT
More informationThe Bro Network Security Monitor
The Bro Network Security Monitor Bro Live!: Training for the Future Jon Schipp NCSA jschipp@illinois.edu BroCon14 NCSA, Champaign-Urbana, IL Issues Motivations Users: Too much time is spent passing around,
More informationlxc and cgroups in practice sesja linuksowa 2012 wojciech wirkijowski wojciech /at/ wirkijowski /dot/ pl
lxc and cgroups in practice sesja linuksowa 2012 wojciech wirkijowski wojciech /at/ wirkijowski /dot/ pl agenda introducion cgroups lxc examples about me sysadmin at tieto home page: reconlab.com in spare
More informationWhy Does CA Platform Use OpenShift?
Why Does CA Platform Use OpenShift? The Problem Let s consider an application with a back-end web service. HTTP The service could be Tomcat serving HTML, Jetty serving OData, Node.js serving plain REST
More informationNetwork Virtualization Tools in Linux PRESENTED BY: QUAMAR NIYAZ & AHMAD JAVAID
Network Virtualization Tools in Linux PRESENTED BY: QUAMAR NIYAZ & AHMAD JAVAID Contents Introduction Types of Virtualization Network Virtualization OS Virtualization OS Level Virtualization Some Virtualization
More informationProtecting the Cloud from Inside
Protecting the Cloud from Inside Intra-cloud security intelligence Protection of Linux containers Mitigation of NoSQL injections Alexandra Shulman-Peleg, PhD Cloud Security Researcher, IBM Cyber Security
More informationVirtualization analysis
Page 1 of 15 Virtualization analysis CSD Fall 2011 Project owner Björn Pehrson Project Coaches Bruce Zamaere Erik Eliasson HervéNtareme SirajRathore Team members Bowei Dai daib@kth.se 15 credits Elis Kullberg
More informationBuilding a cloud with Openstack. Iqbal Mohomed iqbal@us.ibm.com March 25 th 2015
Building a cloud with Openstack Iqbal Mohomed iqbal@us.ibm.com March 25 th 2015 About me EducaDon University of Toronto x 3 B.Sc. Hons 2000 (SoOware Engineering, Economics, Math) MSc 2004 PhD 2008 SoOware
More informationToday, thanks to a variety of converging trends, there is huge interest
OPERATING S JAMES BOTTOMLEY AND PAVEL EMELYANOV James Bottomley is CTO of server virtualization at Parallels where he works on container technology and is Linux kernel maintainer of the SCSI subsystem.
More informationDeciphering The Buzzwords. Duncan Winn @duncwinn
Deciphering The Buzzwords Duncan Winn @duncwinn Business Problem: Shipping with Velocity Underlying Problem: Buzzwords Buzzwords Release Engineering Cloud Computing Containers Automation Anything As A
More informationThe Art of Virtualization with Free Software
Master on Free Software 2009/2010 {mvidal,jfcastro}@libresoft.es GSyC/Libresoft URJC April 24th, 2010 (cc) 2010. Some rights reserved. This work is licensed under a Creative Commons Attribution-Share Alike
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationVirtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationBuilding a Kubernetes Cluster with Ansible. Patrick Galbraith, ATG Cloud Computing Expo, NYC, May 2016
Building a Kubernetes Cluster with Ansible Patrick Galbraith, ATG Cloud Computing Expo, NYC, May 2016 HPE ATG HPE's (HP Enterprise) Advanced Technology Group for Open Source and Cloud embraces a vision
More informationThe Virtualization Practice
The Virtualization Practice White Paper: Managing Applications in Docker Containers Bernd Harzog Analyst Virtualization and Cloud Performance Management October 2014 Abstract Docker has captured the attention
More informationAn Analysis of Container-based Platforms for NFV
An Analysis of Container-based Platforms for NFV Sriram Natarajan, Deutsche Telekom Inc. Ramki Krishnan, Dell Inc. Anoop Ghanwani, Dell Inc. Dilip Krishnaswamy, IBM Research Peter Willis, BT Plc Ashay
More informationSTRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape
STRATEGIC WHITE PAPER The next step in server virtualization: How containers are changing the cloud and application landscape Abstract Container-based server virtualization is gaining in popularity, due
More informationIMPLEMENTING YOUR BYOD MOBILITY STRATEGY
IMPLEMENTING YOUR BYOD MOBILITY STRATEGY An IT Checklist and Guide 1.0 Overview In early 2013 Dell Quest Software announced the results of a global survey of IT executives that was conducted to gauge the
More informationOpenShift. OpenShift platform features. Benefits Document. openshift. Feature Benefit OpenShift. Enterprise
openshift Benefits Document platform features Feature Benefit FOR APPLICATIO DEVELOPMET Self-Service and On-Demand Application Stacks By enabling Developers with the ability to quickly and easily deploy
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationThe State of Containers and the Docker Ecosystem: 2015. Anna Gerber
The State of Containers and the Docker Ecosystem: 2015 Anna Gerber The State of Containers and the Docker Ecosystem: 2015 by Anna Gerber Copyright 2015 O Reilly Media, Inc. All rights reserved. Printed
More informationVirtualization in Linux
Virtualization in Linux Kirill Kolyshkin September 1, 2006 Abstract Three main virtualization approaches emulation, paravirtualization, and operating system-level virtualization are covered,
More informationCopyright. Robert Sandoval
Copyright by Robert Sandoval 2015 The Report Committee for Robert Sandoval Certifies that this is the approved version of the following report: A Case Study in Enabling DevOps Using Docker APPROVED BY
More informationNext Generation Now: Red Hat Enterprise Linux 6 Virtualization A Unique Cloud Approach. Jeff Ruby Channel Manager jruby@redhat.com
Next Generation Now: Virtualization A Unique Cloud Approach Jeff Ruby Channel Manager jruby@redhat.com Introducing Extensive improvements in every dimension Efficiency, scalability and reliability Unprecedented
More informationISLET: Jon Schipp, Ohio Linux Fest 2015. jonschipp@gmail.com. An Attempt to Improve Linux-based Software Training
ISLET: An Attempt to Improve Linux-based Software Training Jon Schipp, Ohio Linux Fest 2015 jonschipp@gmail.com Project Contributions The Netsniff-NG Toolkit SecurityOnion Bro Team www.open-nsm.net The
More informationPractical Applications of Virtualization. Mike Phillips <mpp@mit.edu> IAP 2008 SIPB IAP Series http://stuff.mit.edu/iap/ http://stuff.mit.
Practical Applications of Virtualization Mike Phillips IAP 2008 SIPB IAP Series http://stuff.mit.edu/iap/ http://stuff.mit.edu/sipb/ Some Guy Rambling About Virtualization Stuff He's Read
More informationA lap around Team Foundation Server 2015 en Visual Studio 2015
A lap around Team Foundation Server 2015 en Visual Studio 2015 René van Osnabrugge ALM Consultant, Xpirit rvanosnabrugge@xpirit.com http://roadtoalm.com @renevo About me Also Scrum Master rvanosnabrugge@xpirit.com
More informationUsing Chroot to Bring Linux Applications to Android
Using Chroot to Bring Linux Applications to Android Mike Anderson Chief Scientist The PTR Group, Inc. mike@theptrgroup.com Copyright 2013, The PTR Group, Inc. Why mix Android and Linux? Android under Linux
More informationRed Hat Enterprise Linux The original cloud operating system
Whitepaper Red Hat Enterprise Linux The original cloud operating system Mark Coggin, Senior Director of Product Marketing, Red Hat Executive summary Linux is twice as popular as Windows on Amazon Web Services.
More informationLinux OS-Level Security Nikitas Angelinas MSST 2015
Linux OS-Level Security Nikitas Angelinas MSST 2015 Agenda SELinux SELinux issues Audit subsystem Audit issues Further OS hardening 2 SELinux Security-Enhanced Linux Is NOT a Linux distribution A kernel
More informationComputer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk
About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures
More informationPractical Guide to Platform as a Service. http://cloud-council.org/resource-hub.htm#practical-guide-to-paas
Practical Guide to Platform as a Service http://cloud-council.org/resource-hub.htm#practical-guide-to-paas October, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide
More informationArchitecture (SOSP 2011) 11/11/2011 Minsung Jang
Cells: A Virtual Mobile Smartphone Architecture (SOSP 2011) Lunch TimeReading Group 11/11/2011 Minsung Jang Summary Novel Architecture for a Virtual Phone How to do away with overhead New way to virtualize
More informationLinux Kernel Namespaces (an intro to soft-virtualization) kargig [at] void.gr @kargig GPG: 79B1 9198 B8F6 803B EC37 5638 897C 0317 7011 E02C
Linux Kernel Namespaces (an intro to soft-virtualization) kargig [at] void.gr @kargig GPG: 79B1 9198 B8F6 803B EC37 5638 897C 0317 7011 E02C whoami System & services engineer @ GRNET Messing with Linux,
More informationMicroservices a security nightmare? GOTO Berlin - Dec 2, 2015 Maximilian Schöfmann Container Solutions Switzerland
Microservices a security nightmare? GOTO Berlin - Dec 2, 2015 Maximilian Schöfmann Container Solutions Switzerland container-solutions.com @containersoluti Autonomy Security microservices small, hence
More informationEnhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista
Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista Setting the Stage This presentation will discuss the usage of Linux as a base component of hypervisor components
More informationContainers, Docker, and Security: State of the Union
Containers, Docker, and Security: State of the Union 1 / Who am I? Jérôme Petazzoni (@jpetazzo) French software engineer living in California Joined Docker (dotcloud) more than 4 years ago (I was at Docker
More informationVirtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
More informationHow Bigtop Leveraged Docker for Build Automation and One-Click Hadoop Provisioning
How Bigtop Leveraged Docker for Build Automation and One-Click Hadoop Provisioning Evans Ye Apache Big Data 2015 Budapest Who am I Apache Bigtop PMC member Software Engineer at Trend Micro Develop Big
More informationOpenStack in the Enterprise: From Strategy to Real Life. Radhesh Balakrishnan General Manager OpenStack radhesh@redhat.com
OpenStack in the Enterprise: From Strategy to Real Life Radhesh Balakrishnan General Manager OpenStack radhesh@redhat.com Enterprise IT Challenges Seismic Shift in Enterprise IT EXISTING EMERGING Applications
More informationSoheil Mazaheri, B.S.C.S. A Thesis COMPUTER SCIENCE
Cloud Benchmarking in Bare-metal, Virtualized, and Containerized Execution Environments by Soheil Mazaheri, B.S.C.S. A Thesis In COMPUTER SCIENCE Submitted to the Graduate Faculty of Texas Tech University
More informationType-C Hypervisors. @DustinKirkland Ubuntu Product & Strategy Canonical Ltd.
Type-C Hypervisors @DustinKirkland Ubuntu Product & Strategy Canonical Ltd. Canonical is the company behind Ubuntu 2004 600+ FOUNDATION EMPLOYEES 30+ COUNTRIES London Beijing Boston Shanghai Taipei What
More informationScaling the S in SDN at Azure. Albert Greenberg Distinguished Engineer & Director of Engineering Microsoft Azure Networking
Scaling the S in SDN at Azure Albert Greenberg Distinguished Engineer & Director of Engineering Microsoft Azure Networking ExpressRoute Partners Coming 2014: 2015: Host soon: Contoller SDN Containers and
More informationA Complete Open Cloud Storage, Virt, IaaS, PaaS. Dave Neary Open Source and Standards, Red Hat
A Complete Open Cloud Storage, Virt, IaaS, PaaS Dave Neary Open Source and Standards, Red Hat 1 Agenda 1. Traditional virtualization 2. The move to IaaS 3. Storage 4. PaaS, application encapsulation and
More informationWayland Full-Screen Shell
Intel Corporation Open-Source 3D Driver Team October 6, 2014 About Me Ph.D. student in mathematics at Iowa State University Involved in Wayland since early 2013 Working for Intel on the i965 driver since
More informationCloud Computing #6 - Virtualization
Cloud Computing #6 - Virtualization Main source: Smith & Nair, Virtual Machines, Morgan Kaufmann, 2005 Today What do we mean by virtualization? Why is it important to cloud? What is the penalty? Current
More informationRPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY
RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY Syamsul Anuar Abd Nasir Fedora Ambassador Malaysia 1 ABOUT ME Technical Consultant for Warix Technologies - www.warix.my Warix is a Red Hat partner Offers
More informationPrivate Cloud Management
Private Cloud Management Speaker Systems Engineer Unified Data Center & Cloud Team Germany Juni 2016 Agenda Cisco Enterprise Cloud Suite Two Speeds of Applications DevOps Starting Point into PaaS Cloud
More informationKVM, OpenStack, and the Open Cloud
KVM, OpenStack, and the Open Cloud Adam Jollans, IBM & Mike Kadera, Intel CloudOpen Europe - October 13, 2014 13Oct14 Open VirtualizaGon Alliance 1 Agenda A Brief History of VirtualizaGon KVM Architecture
More informationREDEFINING THE ENTERPRISE OS RED HAT ENTERPRISE LINUX 7
REDEFINING THE ENTERPRISE OS RED HAT ENTERPRISE LINUX 7 Rodrigo Freire Sr. Technical Account Manager May 2014 1 Roadmap At A Glance CY2010 CY2011 CY2012 CY2013 CY2014.0 RHEL 7 RHEL 5 Production 1.1.0 RHEL
More informationDistributed and Cloud Computing
Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March
More informationAbstract. Cloud Computing: The Future is Containers. Larry Gene Hastings Jr. hastingsl14@students.ecu.edu
Running Head: CLOUD COMPUTING: THE FUTURE IS CONTAINERS Abstract Cloud Computing: The Future is Containers by Larry Gene Hastings Jr. hastingsl14@students.ecu.edu Term Paper for Fulfillment of ICTN 6875
More informationVIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS
VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables
More informationLightweight Virtualization with Linux Containers (LXC)
Lightweight Virtualization with Linux Containers (LXC) The 5th China Cloud Computing Conference June 7th, 2013 China National Convention Center, Beijing Outline Introduction : who, what, why? Linux Containers
More informationFROM LXC TO DOCKER: Containers Get Portable. Hongchuan Li, Xuewei Zhang, Xiang Li
FROM LXC TO DOCKER: Containers Get Portable Hongchuan Li, Xuewei Zhang, Xiang Li Virtualization on Linux Full Virtualization Complete simulation of the actual hardware to allow guest OS to run unmodified
More informationContainerization and the PaaS Cloud
VIRTUALIZATION ization and the PaaS Cloud Claus Pahl, Irish Centre for Cloud Computing and Commerce Platform-as-a-service clouds can use containers to manage and orchestrate applications. This article
More informationHow Linux distros became boring
How Linux distros became boring...and Fedora's plan to put boring in its place Presented by Matthew Miller Fedora Project Leader Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
More informationAPPLICATION VIRTUALIZATION TECHNOLOGIES WHITEPAPER
APPLICATION VIRTUALIZATION TECHNOLOGIES WHITEPAPER Oct 2013 INTRODUCTION TWO TECHNOLOGY CATEGORIES Application virtualization technologies can be divided into two main categories: those that require an
More informationSafety measures in Linux
S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel
More informationGetting Started Using Project Photon on VMware Fusion/Workstation
Getting Started Using Project Photon on VMware Fusion/Workstation What is Project Photon? Project Photon is a tech preview of an open source, Linux container host runtime optimized for vsphere. Photon
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationContainer Clusters on OpenStack
Container Clusters on OpenStack 和 信 雲 端 首 席 技 術 顧 問 孔 祥 嵐 / Brian Kung brian.kung@gigacloud.com.tw Outlines VMs vs. Containers N-tier Architecture & Microservices Two Trends Emerging Ecosystem VMs vs.
More informationOPEN CLOUD INFRASTRUCTURE BUILT FOR THE ENTERPRISE
RED HAT ENTERPRISE LINUX OPENSTACK PLATFORM OPEN CLOUD INFRASTRUCTURE BUILT FOR THE ENTERPRISE Arthur Enright Principal Product Manager Virtulization Business Unit I.T. CHALLENGES WORKLOADS ARE EVOLVING
More informationBuild & Manage Clouds with Red Hat Cloud Infrastructure Products. TONI WILLBERG Solution Architect Red Hat toni@redhat.com
Build & Manage Clouds with Red Hat Cloud Infrastructure Products TONI WILLBERG Solution Architect Red Hat toni@redhat.com AGENDA Cloud Concepts Market Overview Evolution to Cloud Workloads Evolution to
More informationData Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center
Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises
More informationDockerCon Day 1 Welcome
DockerCon Day 1 Welcome Our mission is to build tools of mass innovation Billions of creative people Incredible technology Mass innovation What is the biggest innovation multiplier today? What is the
More informationSatish Mohan. Head Engineering. AMD Developer Conference, Bangalore
Satish Mohan Head Engineering AMD Developer Conference, Bangalore Open source software Allows developers worldwide to collaborate and benefit. Strategic elimination of vendor lock in OSS naturally creates
More informationSecurity in Hybrid Clouds
Security in Hybrid Clouds Executive Summary... 3 Commonly Accepted Security Practices and Philosophies... 4 Defense- in- Depth... 4 Principal of Least Privileges... 4 Hybrid Cloud Security Issues and Threats...
More informationA Security Assessment of Virtualized Residential Gateways:
Department of Communication Systems (CoS) School of Information and Communication Technology (ICT) Royal Institute of Technology (KTH) Stockholm, Sweden A Security Assessment of Virtualized Residential
More informationRED HAT CLOUD SUITE FOR APPLICATIONS
RED HAT CLOUD SUITE FOR APPLICATIONS DATASHEET AT A GLANCE Red Hat Cloud Suite: Provides a single platform to deploy and manage applications. Offers choice and interoperability without vendor lock-in.
More informationCOM 444 Cloud Computing
COM 444 Cloud Computing Lec 3: Virtual Machines and Virtualization of Clusters and Datacenters Prof. Dr. Halûk Gümüşkaya haluk.gumuskaya@gediz.edu.tr haluk@gumuskaya.com http://www.gumuskaya.com Virtual
More informationCPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers
CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,
More informationOpenShift and Cloud Foundry PaaS: High-level Overview of Features and Architectures
OpenShift and Cloud Foundry PaaS: High-level Overview of Features and Architectures by Alexander Lomov, R&D Engineer at Altoros 2 Table of Contents: 1. Executive Summary... 3 2. The History of OpenShift
More informationSecure Containers. Jan 2015 www.imgtec.com. Imagination Technologies HGI Dec, 2014 p1
Secure Containers Jan 2015 www.imgtec.com Imagination Technologies HGI Dec, 2014 p1 What are we protecting? Sensitive assets belonging to the user and the service provider Network Monitor unauthorized
More informationAnh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh
Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh Introduction History, Advantages, Common Uses OS-Level Virtualization Hypervisors Type 1 vs. type 2 hypervisors
More informationRed Hat Enterprise Linux 7 Platform without Boundaries
Red Hat Enterprise Linux 7 Platform without Boundaries James Read Solution Architect Daniel Messer Solution Architect Dirk Kissinger Fujitsu
More informationStackato PaaS Architecture: How it works and why.
Stackato PaaS Architecture: How it works and why. White Paper Published in 2012 Stackato PaaS Architecture: How it works and why. Stackato is software for creating a private Platform-as-a-Service (PaaS).
More informationData Centers and Cloud Computing. Data Centers
Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises
More informationUsing Docker in Cloud Networks
Using Docker in Cloud Networks Chris Swan, CTO @cpswan the original cloud networking company 1 Agenda Docker Overview Dockerfile and DevOps Docker in Cloud Networks Some Trip Hazards My Docker Wish List
More informationMontaVista Linux Carrier Grade Edition
MontaVista Linux Carrier Grade Edition WHITE PAPER Beyond Virtualization: The MontaVista Approach to Multi-core SoC Resource Allocation and Control ABSTRACT: MontaVista Linux Carrier Grade Edition (CGE)
More informationThe Road To enterprise paas
WhiTepapeR The Road To enterprise paas Gordon Haff ExEcutivE summary Platform-as-a-Service (PaaS) provides an abstraction that makes developers more productive by helping them focus on creating applications
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationKVM, OpenStack, and the Open Cloud
KVM, OpenStack, and the Open Cloud Adam Jollans, IBM Southern California Linux Expo February 2015 1 Agenda A Brief History of VirtualizaJon KVM Architecture OpenStack Architecture KVM and OpenStack Case
More information