Containers Topics of Interest

Slides:

Advertisements

Similar presentations

Bringing Together Linux-based Switches and Neutron

Advertisements

B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.

All rights reserved © 2006, Alcatel Benefits of Distributed Access Border Gateway in the Access  Benoît De Vos Alcatel, May 29 th 2006.

Server Virtualization Gina Myers. Definition Creating virtual machines (VMs) “VMs are software entities that emulate a real machine’s functionality” ◦

Build Test Integrat e Deploy Develop Languages Frameworks Cloud and Infra Data platforms.

Operating systems design philosophy ESMAIL ASYABI- FEBRUARY 2015.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.

Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.

Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network  perf overhead.

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.

Operating Systems Structure what is the organizational principle?

Security fundamentals Topic 10 Securing the network perimeter.

1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

VIRTUALIZATION TECHNOLOGIES BY COLLIN DONALDSON. PHYSICAL COMPUTING Install Hardware Load Operating System and other software Deploy either manually or.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

Packet processed storage in a software defined world Ash Young fd.io Foundation1.

COMPUTER NETWORKS Quizzes 5% First practical exam 5% Final practical exam 10% LANGUAGE.

@projectcalico Sponsored by Simple, Secure, Scalable networking for the virtualized datacentre UKNOF 33 Ed 19 th January 2016.

Network Virtualization Ben Pfaff Nicira Networks, Inc.

Central Management of 300 Firewalls and Access-Lists Fabian Mauchle TNC 2012 Reykjavík, 21-May-2012.

Computer System Structures

Security fundamentals

Using Virtualization in the Classroom

Shaopeng, Ho Architect of Chinac Group

Mohit Aron Peter Druschel Presenter: Christopher Head

Dibyajit Computer Security Hacking dibyajit

Let's talk about Linux and Virtualization in 'vLAMP'

Stop Cyber Threats With Adaptive Micro-Segmentation

Operating System Structures

Processes and threads.

HTTP and Abstraction on the Internet

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Dag Toppe Larsen UiB/CERN CERN,

Software Mr. Singh.

Containers: The new network endpoint

Dag Toppe Larsen UiB/CERN CERN,

Application Layer Security Mike Pajevski (NASA/JPL) April 2009

Operating Systems Design (CS 423)

Securing the Network Perimeter with ISA 2004

Distributed Systems (Section B)

>> Introduction to Web Applications

Storage Virtualization

Tips to pass your Check Point CCSA exam Pass your exam successfully html.

ONOS Drake Release September 2015.

Tech Inside Extended Document Management System (EDMS)

Software Defined Networking (SDN)

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

8 Reasons You Need a Security Penetration Test

Shadow: Scalable and Deterministic Network Experimentation

Operating Systems Lecture 4.

Lecture Topics: 11/1 General Operating System Concepts Processes

Openstack-alapú privát felhő üzemeltetés

All or Nothing The Challenge of Hardware Offload

Chapter 2: Operating-System Structures

Linux Architecture Overview.

Towards Distributed Test-Lab for Planetary-Scale Services

Outline Chapter 2 (cont) OS Design OS structure

Application Performance & Availability with vCloud Hybrid Service and KEMP Technologies New York: • Limerick: • Hannover:

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

System calls….. C-program->POSIX call

Chapter-1 Computer is an advanced electronic device that takes raw data as an input from the user and processes it under the control of a set of instructions.

Chapter 2: Operating-System Structures

Load balancing of a wireless network

NetWarden: Mitigating Network Covert Channels without Performance Loss

Presentation transcript:

Containers Topics of Interest Jerome Tollet CTAO - PIRL Sept 5th, 2016

Container fast communications Container placement Container Security Agenda Container fast communications Container placement Container Security Container (Reactive) Policies

Container fast communications Current status Today, containers communication rely on Linux kernel Can be a significant bottleneck for apps Very complex model including NAT (ip6 is not first class citizen) TCP is used even for “in server” communication Questions How can we bring user space networking for containers (DPDK, VPP,…) ? Can we reach 40Gbps for intercontainer communications ? Does that require applications changes ? What can be done at layer 2, layer 3, layer 4 and above Can we bypass useless and slow code for “in server” communications ?

Container placement Current status Containers are placed when launched where there is enough free resources This strategy is not always optimal in terms of security, performance or energy saving Examples Performance: two containers working together could be co-located Security: It might be interesting to physically isolate containers belonging to different entities Energy Saving: might be interesting to switch off servers and group all running containers Questions How do we migrate containers ? What is the real benefit of grouping containers (switching off some CPU) ? How do we put in place an “optimal topology”

Container Security Current status Containers are not simply light VMs, they are about application disaggregation into micro services Current security modelis very weak and looks more as an adaptation of VMs and Phy World security Topics of interest How can we better protect East-West communications at all level (2-3-4 above) How can we distribute in depth Security functions that used to be done at the Edge with minimal performance penalty ? How can we safely download signed Container Images from public repos

Container Policies Current status Tens is not hundreds of container technologies Existing policies (GBP, etc) come from Virtualization/Phy world Existing policies are very static and mainly focus on ACL kind of rules Topic of interest How can we model high level policies taking into account performance, security and energy saving ? How there model deals with incompatibilities (eg. energy vs performance) ? How do we bring reactive policies in these models (eg container 1 and 2 suddenly talking together) ? Can we extend existing languages or do we have to define new ones ?