Rootconf 2019

Rootconf 2019

On infrastructure security, DevOps and distributed systems.

About Rootconf 2019:

The seventh edition of Rootconf is a two-track conference with:

  1. Security talks and tutorials in audi 1 and 2 on 21 June.
  2. Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.

Topics and schedule:

View full schedule here: https://hasgeek.com/rootconf/2019/schedule

Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:

  1. OSINT and its applications
  2. Key management, encryption and its costs
  3. Running a bug bounty programme in your organization
  4. PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
  5. Vitess
  6. SRE and running distributed teams
  7. Routing security
  8. Log analytics
  9. Enabling SRE via automated feedback loops
  10. TOR for DevOps

Who should attend Rootconf?

  1. DevOps programmers
  2. DevOps leads
  3. Systems engineers
  4. Infrastructure security professionals and experts
  5. DevSecOps teams
  6. Cloud service providers
  7. Companies with heavy cloud usage
  8. Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
  9. Organizations dealing with large network systems where data must be protected
  10. VPs of engineering
  11. Engineering managers looking to optimize infrastructure and teams

For information about Rootconf and bulk ticket purchases, contact info@hasgeek.com or call 7676332020. Only community sponsorships available.

Rootconf 2019 sponsors:

Platinum Sponsor

CRED

Gold Sponsors

Atlassian Endurance Trusting Social

Silver Sponsors

Digital Ocean GO-JEK Paytm

Bronze Sponsors

MySQL sumo logic upcloud
platform sh nilenso CloudSEK

Exhibition Sponsor

FreeBSD Foundation

Community Sponsors

Ansible PlanetScale

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Akshay Mathur

@akshaymathur

Considerations for East-West Traffic Security and Analytics for Kubernetes Environment

Submitted Feb 27, 2019

Organizations are moving towards microservice-based architectures across public and private cloud, as well as data centres. As traditional tools are not suitable in containerized environment, there is a need to come up with a new-generation load balancing solution with the ability to address the following pain points:

  • East-West traffic security policy enforcement
  • Visibility and analytics for East-West as well as North-South Traffic
  • Advanced application-layer load balancing
  • Keeping the configuration of the load balancer always synchronized with dynamic container environment

In this session, we will discuss both the technical challenges in Kubernetes environment, as well as certain business challenges faced by enterprises while moving to Kubernetes.

Outline

Following is the detailed list of challenges to be covered in the session:

A. Technical Challenges for organizations deploying applications in Kubernetes:

Although Kubernetes addresses challenges relating to application build and deployment, organizations still face the tough and often time-consuming challenge of reliably delivering runtime security and performance assurance in containerized microservices environments. It is also important to note that this issue will only become more complex as organisations grow in scale and data.

  • As Kubernetes internal and external networks are isolated and Kube-proxy has limited capability, advance load balancer is needed as replacement
  • Constantly changing Pods (and IP addresses) pose a challenge for configuring any traffic management and security tool that works on IP address
  • There is no simple way in Kubernetes to implement access control between microservices
  • Visibility (at application layer) into traffic flowing through microservices is absent
  • Implementing side-car proxy significantly increases the resource requirement
  • The absence of a container-native enterprise grade solution for application delivery

B. Business Challenges faced by enterprises

With the overwhelming amounts of data being handled by organisations, it makes sense to use a centralized policy management tool. There also exists the need for comprehensive metrics, logs and analytics to provide actionable insights for each microservice. The goal of these analytics is to provide end-to-end transaction response time, throughput, request rate, and other real-time and historical metrics. But, in the process of adopting a solution to tackle these problems, the following issues need resolution.

  • A lot of customers don’t want to move to public cloud but want to modernize their infrastructure and potentially adopt a multi-cloud strategy.
  • various choices of load balancers (traditional hardware, virtual applinces, cloud native, container-native etc.) confuses the customer in the decision-making process

C. Market Education Challenges in the industry

As the wave of digital transformation takes over every aspect of businesses, organizations are turning to containers for their production applications to become agile and scalable in meeting digital demands that they face. In this journey, what cannot be compromised is the security for both modern multi-cloud and traditional infrastructure.

  • With the buzz around containers and Kubernetes, every company has started working in Kubernetes but they are not sure of the architecture and migration plan
  • With a lot of marketing of Service Mesh by Google, many think that service mesh can be deploy in only one way and get overwhelmed by the resource requirements
  • The approach to tackle all these challenges in one go is selecting a tool for applications deployed in Kubernetes environment, that provides teams deploying microservices applications with an easy, automated way to integrate enterprise-grade security and load-balancing with comprehensive application visibility and analytics – all without changing application code or deployment architecture – and also suites to the use case.

Requirements

N/A

Speaker bio

Akshay Mathur serves as Senior Product Manager at A10 Networks. His two-decade experience spans in both technical as well as business sides and in various domains, including wi-fi security, social networking, online retail, cloud applications and application delivery. He is a startup enthusiast and have been founding team member of multiple companies. He loves blogging and teaching on technical as well as non-technical topics via meetups and other platforms.

Links

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more