SlideShare uma empresa Scribd logo

Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and Evans Ye

‱Transferir como PPTX, PDF‱
‱
Docker, Inc.
Docker, Inc.

The SDACK architecture stands for Spark, Docker, Akka, Cassandra, and Kafka. At TrendMicro, we adopted the SDACK architecture to implement a security event inspection platform for APT attack analysis. In this talk, we will introduce SDACK stack with Spark lambda architecture, Akka and Kafka for streaming data pipeline, Cassandra for time series data, and Docker for microservices. Specifically, we will show you how we Dockerize each SDACK component to facilitate the RD team of algorithms development, help the QA team test the product easily, and use the Docker as a Service strategy to ship our products to customers. Next, we will show you how we monitor each Docker container and adjust the resource usage based on monitoring metrics. And then, we will share our Docker security policy which ensures our products are safety before shipping to customers. After that, we'll show you how we develop an all-in-one Docker based data product and scale it out to multi-host Docker cluster to solve the big data problem. Finally, we will share some challenges we faced during the product development and some lesson learned.

Tecnologia
1 de 82
Using the SDACK Architecture on Security Event Inspection Darren Chen Evans Ye Sr. Software Engineer @ Trend Micro Sr. Software Engineer @ Trend Micro 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
About Darren ‱ Darren Chen (Yu-Lun Chen) ‱ Sr. Software Engineer @ Trend Micro ‱ Enthusiast in big data and cloud computing technologies ‱ Docker experience – 1.5 years 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
About Evans ‱ Evans Ye (Yu-Hsin Yeh) ‱ Sr. Software Engineer @ Trend Micro ‱ Apache Bigtop PMC member ‱ Develop big data apps & infra ‱ Docker experience – 2.5 years 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
How to make a software product ? 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
How to make a Dockerize software product ? 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Before Motivation What is SDACK Agenda During Why Dockerize Security Monitor After Lessons Learned Conclusions Q&A 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Motivation 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Target Scenario 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Problems ‱ Too many log to investigate ‱ Lack of actionable, prioritized recommendations 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
AD Windows Event DNS Proxy Web server 
.. Threat Analytic System 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
But we faced Twoproblems

. 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
How to deal with Customers’ Private data ? 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Cloud On Premises
How to deal with Big Volume logs ? 2,000,000,000per day 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
We need to build an On-Premisesproduct which can deal with Big Data 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
How to deal with Big Data? 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Toolbox for building wide variety of big data product SDACK Architecture
What is SDACK 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
SDACK Source: http://www.slideshare.net/akirillov/data-processing-platforms-architectures-with-spark-mesos-akka-cassandra-and-kafka fast and general engine for large-scale data processing deployment and resource management toolkit and runtime for building highly concurrent, distributed, and resilient message-driven applications distributed, highly available database designed to handle large amounts of data across datacenters high-throughput, low-latency distributed pub-sub messaging system for real-time data feeds 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Data Storage Data Analysis Data Preprocessing Data PipelinePackage 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Threat Analytic System Architecture 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Log API Server Web Server 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Medium-sized Enterprises 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Large Enterprises 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Fortune 500 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
With Docker ‱ Easy to scale ‱ Test once, run anywhere ‱ Widely supported by many platforms 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Why Dockerize 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Dockerize – Benefit 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale Dockerize – Benefit 1
2016 DockerCon | Copyright© 2016 Trend Micro Inc. APIWeb Challenge ‱ Setup ‱ Operate ‱ Update
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dockerize Software Technologies
Docker Compose for Operation 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Docker Compose kafka: build: . ports: - “9092:9092” spark: image: spark port: - “8080:8080” 


Docker Hub for Updating 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Docker Hub
Dockerize – Benefit 2 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
Benefit for Development ‱ Docker provides two benefits in our Spark jobs development – Reproducibility – Flexibility 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Reproducibility in Spark Streaming Job Development
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Spark Streaming Job Development Data Streams
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Local Spark Streaming Job Development Data Streams Snapshot Data Set (Date : Jan. 04 ~ Jan. 08) Freq. : 1 min Batch size : 1000
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Local Spark Streaming Job Development Data Streams Snapshot Data Set (Date : Jan. 04 ~ Jan. 08) Freq. : 1 min Batch size : 1000 Freq. : 0.5 min Batch size : 5000 Freq. : 1 min Batch size : 50000 1 2 3
Quick Development Iteration Local LocalData Streams Snapshot Data Set 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Local Deploy Test Destroy Modify Job Job
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Flexibility in Hybrid Architecture
Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev ClusterData scientists submit spark jobs Job
Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Job Result Data scientists submit spark jobs
Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev ClusterData scientists submit spark jobs
Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Job Other members submit spark jobs
Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Job Wrong Result Other members submit spark jobs
Hybrid Architecture 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev ClusterSubmit Spark Job Job Result Local
What’s More 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Web Service Development Local
Dockerize – Benefit 3 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
‱ Test case 1 ‱ sub-test 1a ‱ sub-test 1b ‱ Test case 2 ‱ sub-test 2a ‱ sub-test 2b ‱ Test case n ‱ sub-test na ‱ sub-test nb 2016 DockerCon | Copyright© 2016 Trend Micro Inc. 
 Clean & Consistent Environment
Dockerize – Benefit 4 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
Distributed Software Components 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Akka ‱ High performance concurrency framework ‱ Clustering mechanism available ‱ Leverage on Akka, we build up our Akka cluster system 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Our Akka Cluster System 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Client Master LDAP Server 1 2 3 4 Query account information Send the job Query LDAP ServerReturn the result LDAP Service
Our Akka Cluster System 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Master LDAP Host Name DB Data ProcessEndpoint JobJobJob
Dockerize for Each Micro-service 2016 DockerCon | Copyright© 2016 Trend Micro Inc. LDAP DB Data Process Endpoint Host Name Master
Dockerize for Scale Out 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Data Process Host Name DB LDAP Endpoint Data Process Data Process
Security 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Docker Vulnerabilities since 1st release 2016 DockerCon | Copyright© 2016 Trend Micro Inc. The only high severity vulnerability was fixed within 2 days.
Misconfiguration 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Open it without ACL ?
Open Docker Registry 2016 DockerCon | Copyright© 2016 Trend Micro Inc. AU BE CA CN DE FI FR GB HK HR IE IR IT JP KR NL PL RU SE SG TW US ZA 0 10 20 30 40 50 60 70 80 90 Open Docker Registry w/o Access Control
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Some tools can make your Dockerize product more secure
Docker Bench for Security ‱ Check – Host configuration – Docker daemon configuration – Docker daemon configuration files – Container images and build files – Container runtime 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
CoreOS Clair ‱ Static analysis of vulnerabilities – Debian security bug tracker – Ubuntu CVE tracker – Red Hat security data 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Docker Cloud 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Monitor 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Monitor stack 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Grafana CPU, Memory, Network Metrics
Monitor stack 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Grafana Metrics APP Metrics
Issue on cAdvisor ‱ cAdvisor can not send network usage correctly to InfuxDB – when the container use host network on a multiple network cards machine ‱ Use Telegraf to fix this problem 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Before Motivation What is SDACK Agenda During Why Dockerize Security Monitor After Lessons Learned Conclusions Q&A 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Lessons Learned 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Lessons Learned ‱ Mount the stuff you may change it frequently to your Docker containers – For example, on PoC, mount your configuration files into Docker containers directly 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
On PoC 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Change Settings Re-build Images Deploy
Mount configuration files 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Host machine Conf Kafka container Conf Conf Spark container Conf Conf Conf Conf Conf Conf Kafka Configurations Conf Conf Conf Spark Configurations
Conclusions 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Summary 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dockerize ‱ Deploy ‱ Develop ‱ Test ‱ Scale Security ‱ Misconfiguration ‱ Docker Bench ‱ CoreOS Clair ‱ Docker Cloud Monitor ‱ Visibility ‱ cAdvisor ‱ InfluxDB ‱ Grafana for Security
2016 DockerCon | Copyright© 2016 Trend Micro Inc. We Need To build an On-Premises product which can deal with Big Data In the beginning 

2016 DockerCon | Copyright© 2016 Trend Micro Inc. We Need To build an On-Premises product which can deal with Big Data Have Now Build Ship Run Conclusions
2016 DockerCon | Copyright© 2016 Trend Micro Inc. Go ahead Dockerize your product
Thank you! 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Q & A 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
Thank you! 2016 DockerCon | Copyright© 2016 Trend Micro Inc.

Recomendados

Docker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott CoultonDocker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
Docker, Inc.
 
Docker Meetup at Docker HQ: Docker Cloud
Docker Meetup at Docker HQ: Docker CloudDocker Meetup at Docker HQ: Docker Cloud
Docker Meetup at Docker HQ: Docker Cloud
Docker, Inc.
 
Docker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker Federal Summit 2017 General Session
Docker Federal Summit 2017 General Session
Docker, Inc.
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
Abhinandan P.b
 
Immutable Awesomeness by John Willis and Josh Corman
Immutable Awesomeness by John Willis and Josh CormanImmutable Awesomeness by John Willis and Josh Corman
Immutable Awesomeness by John Willis and Josh Corman
Docker, Inc.
 
DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1
Docker, Inc.
 
Don’t have a Meltdown! Practical Steps for Defending Your Apps
Don’t have a Meltdown! Practical Steps for Defending Your AppsDon’t have a Meltdown! Practical Steps for Defending Your Apps
Don’t have a Meltdown! Practical Steps for Defending Your Apps
Docker, Inc.
 

Recomendados

Docker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott CoultonDocker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
Docker, Inc.
 
Docker Meetup at Docker HQ: Docker Cloud
Docker Meetup at Docker HQ: Docker CloudDocker Meetup at Docker HQ: Docker Cloud
Docker Meetup at Docker HQ: Docker Cloud
Docker, Inc.
 
Docker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker Federal Summit 2017 General Session
Docker Federal Summit 2017 General Session
Docker, Inc.
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
Abhinandan P.b
 
Immutable Awesomeness by John Willis and Josh Corman
Immutable Awesomeness by John Willis and Josh CormanImmutable Awesomeness by John Willis and Josh Corman
Immutable Awesomeness by John Willis and Josh Corman
Docker, Inc.
 
DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1
Docker, Inc.
 
Don’t have a Meltdown! Practical Steps for Defending Your Apps
Don’t have a Meltdown! Practical Steps for Defending Your AppsDon’t have a Meltdown! Practical Steps for Defending Your Apps
Don’t have a Meltdown! Practical Steps for Defending Your Apps
Docker, Inc.
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
Docker, Inc.
 
DockerCon 16 General Session Day 2
DockerCon 16 General Session Day 2 DockerCon 16 General Session Day 2
DockerCon 16 General Session Day 2
Docker, Inc.
 
Becoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkBecoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to Work
Docker, Inc.
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Docker, Inc.
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experience
Docker, Inc.
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
Docker, Inc.
 
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
Docker, Inc.
 
Troubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineersTroubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineers
Docker, Inc.
 
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Docker, Inc.
 
DockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks: solo.ioDockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks: solo.io
Docker, Inc.
 
Docker for the Enterprise with Containers as a Service by Banjot Chanana
Docker for the Enterprise with Containers as a Service by Banjot ChananaDocker for the Enterprise with Containers as a Service by Banjot Chanana
Docker for the Enterprise with Containers as a Service by Banjot Chanana
Docker, Inc.
 
Building your production tech stack for docker container platform
Building your production tech stack for docker container platformBuilding your production tech stack for docker container platform
Building your production tech stack for docker container platform
Docker, Inc.
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Docker, Inc.
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
Docker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
Docker, Inc.
 
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker, Inc.
 
DockerCon 2017: Docker in China
DockerCon 2017: Docker in ChinaDockerCon 2017: Docker in China
DockerCon 2017: Docker in China
Zhimin Tang
 
Demystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in dockerDemystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in docker
Docker, Inc.
 
Using the SDACK Architecture on Security Event Inspection
Using the SDACK Architecture on Security Event InspectionUsing the SDACK Architecture on Security Event Inspection
Using the SDACK Architecture on Security Event Inspection
Yu-Lun Chen
 
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“šćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
Yu-Lun Chen
 

Mais conteĂșdo relacionado

Mais procurados

DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
Docker, Inc.
 
Becoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkBecoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to Work
Docker, Inc.
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experience
Docker, Inc.
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
Docker, Inc.
 
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Docker, Inc.
 
DockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks: solo.ioDockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks: solo.io
Docker, Inc.
 
Building your production tech stack for docker container platform
Building your production tech stack for docker container platformBuilding your production tech stack for docker container platform
Building your production tech stack for docker container platform
Docker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
Docker, Inc.
 
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker, Inc.
 
Demystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in dockerDemystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in docker
Docker, Inc.
 

Mais procurados (20)

DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
 
DockerCon 16 General Session Day 2
DockerCon 16 General Session Day 2 DockerCon 16 General Session Day 2
DockerCon 16 General Session Day 2
 
Becoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to WorkBecoming the Docker Champion: Bringing Docker Back to Work
Becoming the Docker Champion: Bringing Docker Back to Work
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experience
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and Architecture
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
 
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...
 
Troubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineersTroubleshooting tips from docker support engineers
Troubleshooting tips from docker support engineers
 
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
 
DockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks: solo.ioDockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks: solo.io
 
Docker for the Enterprise with Containers as a Service by Banjot Chanana
Docker for the Enterprise with Containers as a Service by Banjot ChananaDocker for the Enterprise with Containers as a Service by Banjot Chanana
Docker for the Enterprise with Containers as a Service by Banjot Chanana
 
Building your production tech stack for docker container platform
Building your production tech stack for docker container platformBuilding your production tech stack for docker container platform
Building your production tech stack for docker container platform
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
 
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
 
DockerCon 2017: Docker in China
DockerCon 2017: Docker in ChinaDockerCon 2017: Docker in China
DockerCon 2017: Docker in China
 
Demystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in dockerDemystifying container connectivity with kubernetes in docker
Demystifying container connectivity with kubernetes in docker
 

Semelhante a Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and Evans Ye

Using the SDACK Architecture on Security Event Inspection
Using the SDACK Architecture on Security Event InspectionUsing the SDACK Architecture on Security Event Inspection
Using the SDACK Architecture on Security Event Inspection
Yu-Lun Chen
 
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“šćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
Yu-Lun Chen
 
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
Amazon Web Services
 

Semelhante a Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and Evans Ye (20)

Using the SDACK Architecture on Security Event Inspection
Using the SDACK Architecture on Security Event InspectionUsing the SDACK Architecture on Security Event Inspection
Using the SDACK Architecture on Security Event Inspection
 
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“šćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
ćˆ©ç”š SDACK æž¶æ§‹ćˆ†æžèł‡ćź‰äș‹ä»¶ć€§æ•žæ“š
 
Top 5 benefits of docker
Top 5 benefits of dockerTop 5 benefits of docker
Top 5 benefits of docker
 
Programming the world with Docker
Programming the world with DockerProgramming the world with Docker
Programming the world with Docker
 
Tampere Docker meetup - Happy 5th Birthday Docker
Tampere Docker meetup - Happy 5th Birthday DockerTampere Docker meetup - Happy 5th Birthday Docker
Tampere Docker meetup - Happy 5th Birthday Docker
 
The Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian CockcroftThe Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian Cockcroft
 
Javantura v4 - Support SpringBoot application development lifecycle using Ora...
Javantura v4 - Support SpringBoot application development lifecycle using Ora...Javantura v4 - Support SpringBoot application development lifecycle using Ora...
Javantura v4 - Support SpringBoot application development lifecycle using Ora...
 
Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015
 
Documentum Spring Data
Documentum Spring DataDocumentum Spring Data
Documentum Spring Data
 
Bahrain ch9 introduction to docker 5th birthday
Bahrain ch9 introduction to docker 5th birthday Bahrain ch9 introduction to docker 5th birthday
Bahrain ch9 introduction to docker 5th birthday
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
 
Microservices: State of the Union
Microservices: State of the UnionMicroservices: State of the Union
Microservices: State of the Union
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - Presentation
 
56K.cloud Docker Training
56K.cloud Docker Training56K.cloud Docker Training
56K.cloud Docker Training
 
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
Enrich Your DevOps Environment: Tools for Accelerating and Integrating Your A...
 
Modern Software Development
Modern Software DevelopmentModern Software Development
Modern Software Development
 
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
 
Application Modernisation with PKS
Application Modernisation with PKSApplication Modernisation with PKS
Application Modernisation with PKS
 
Application Modernisation with PKS
Application Modernisation with PKSApplication Modernisation with PKS
Application Modernisation with PKS
 

Mais de Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
Sharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at ConferencesSharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at Conferences
Docker, Inc.
 

Mais de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 
Sharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at ConferencesSharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at Conferences
 

Último

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel AraĂșjo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and Evans Ye

  • 1. Using the SDACK Architecture on Security Event Inspection Darren Chen Evans Ye Sr. Software Engineer @ Trend Micro Sr. Software Engineer @ Trend Micro 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 2. About Darren ‱ Darren Chen (Yu-Lun Chen) ‱ Sr. Software Engineer @ Trend Micro ‱ Enthusiast in big data and cloud computing technologies ‱ Docker experience – 1.5 years 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 3. About Evans ‱ Evans Ye (Yu-Hsin Yeh) ‱ Sr. Software Engineer @ Trend Micro ‱ Apache Bigtop PMC member ‱ Develop big data apps & infra ‱ Docker experience – 2.5 years 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 4. How to make a software product ? 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 5. How to make a Dockerize software product ? 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 6. Before Motivation What is SDACK Agenda During Why Dockerize Security Monitor After Lessons Learned Conclusions Q&A 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 7. Motivation 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 8. Target Scenario 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 9. Problems ‱ Too many log to investigate ‱ Lack of actionable, prioritized recommendations 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 10. AD Windows Event DNS Proxy Web server 
.. Threat Analytic System 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 11. But we faced Twoproblems

. 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 12. How to deal with Customers’ Private data ? 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Cloud On Premises
  • 13. How to deal with Big Volume logs ? 2,000,000,000per day 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 14. We need to build an On-Premisesproduct which can deal with Big Data 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 15. How to deal with Big Data? 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 16. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Toolbox for building wide variety of big data product SDACK Architecture
  • 17. What is SDACK 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 18. SDACK Source: http://www.slideshare.net/akirillov/data-processing-platforms-architectures-with-spark-mesos-akka-cassandra-and-kafka fast and general engine for large-scale data processing deployment and resource management toolkit and runtime for building highly concurrent, distributed, and resilient message-driven applications distributed, highly available database designed to handle large amounts of data across datacenters high-throughput, low-latency distributed pub-sub messaging system for real-time data feeds 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 19. Data Storage Data Analysis Data Preprocessing Data PipelinePackage 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 20. Threat Analytic System Architecture 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 21. Log API Server Web Server 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 22. 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 23. Medium-sized Enterprises 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 24. Large Enterprises 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 25. Fortune 500 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 26. With Docker ‱ Easy to scale ‱ Test once, run anywhere ‱ Widely supported by many platforms 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 27. Why Dockerize 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 28. Dockerize – Benefit 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
  • 29. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale Dockerize – Benefit 1
  • 30. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. APIWeb Challenge ‱ Setup ‱ Operate ‱ Update
  • 31. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dockerize Software Technologies
  • 32. Docker Compose for Operation 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Docker Compose kafka: build: . ports: - “9092:9092” spark: image: spark port: - “8080:8080” 


  • 33. Docker Hub for Updating 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Docker Hub
  • 34. Dockerize – Benefit 2 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
  • 35. Benefit for Development ‱ Docker provides two benefits in our Spark jobs development – Reproducibility – Flexibility 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 36. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Reproducibility in Spark Streaming Job Development
  • 37. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Spark Streaming Job Development Data Streams
  • 38. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Local Spark Streaming Job Development Data Streams Snapshot Data Set (Date : Jan. 04 ~ Jan. 08) Freq. : 1 min Batch size : 1000
  • 39. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Local Spark Streaming Job Development Data Streams Snapshot Data Set (Date : Jan. 04 ~ Jan. 08) Freq. : 1 min Batch size : 1000 Freq. : 0.5 min Batch size : 5000 Freq. : 1 min Batch size : 50000 1 2 3
  • 40. Quick Development Iteration Local LocalData Streams Snapshot Data Set 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Local Deploy Test Destroy Modify Job Job
  • 41. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Flexibility in Hybrid Architecture
  • 42. Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev ClusterData scientists submit spark jobs Job
  • 43. Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Job Result Data scientists submit spark jobs
  • 44. Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev ClusterData scientists submit spark jobs
  • 45. Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Job Other members submit spark jobs
  • 46. Data Research in Dev Cluster 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Job Wrong Result Other members submit spark jobs
  • 47. Hybrid Architecture 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev ClusterSubmit Spark Job Job Result Local
  • 48. What’s More 2016 DockerCon | Copyright© 2016 Trend Micro Inc.2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dev Cluster Web Service Development Local
  • 49. Dockerize – Benefit 3 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
  • 50. ‱ Test case 1 ‱ sub-test 1a ‱ sub-test 1b ‱ Test case 2 ‱ sub-test 2a ‱ sub-test 2b ‱ Test case n ‱ sub-test na ‱ sub-test nb 2016 DockerCon | Copyright© 2016 Trend Micro Inc. 
 Clean & Consistent Environment
  • 51. Dockerize – Benefit 4 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Deploy Develop Test Scale
  • 52. Distributed Software Components 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 53. Akka ‱ High performance concurrency framework ‱ Clustering mechanism available ‱ Leverage on Akka, we build up our Akka cluster system 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 54. Our Akka Cluster System 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Client Master LDAP Server 1 2 3 4 Query account information Send the job Query LDAP ServerReturn the result LDAP Service
  • 55. Our Akka Cluster System 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Master LDAP Host Name DB Data ProcessEndpoint JobJobJob
  • 56. Dockerize for Each Micro-service 2016 DockerCon | Copyright© 2016 Trend Micro Inc. LDAP DB Data Process Endpoint Host Name Master
  • 57. Dockerize for Scale Out 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Data Process Host Name DB LDAP Endpoint Data Process Data Process
  • 58. Security 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 59. Docker Vulnerabilities since 1st release 2016 DockerCon | Copyright© 2016 Trend Micro Inc. The only high severity vulnerability was fixed within 2 days.
  • 60. Misconfiguration 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Open it without ACL ?
  • 61. Open Docker Registry 2016 DockerCon | Copyright© 2016 Trend Micro Inc. AU BE CA CN DE FI FR GB HK HR IE IR IT JP KR NL PL RU SE SG TW US ZA 0 10 20 30 40 50 60 70 80 90 Open Docker Registry w/o Access Control
  • 62. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Some tools can make your Dockerize product more secure
  • 63. Docker Bench for Security ‱ Check – Host configuration – Docker daemon configuration – Docker daemon configuration files – Container images and build files – Container runtime 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 64. CoreOS Clair ‱ Static analysis of vulnerabilities – Debian security bug tracker – Ubuntu CVE tracker – Red Hat security data 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 65. Docker Cloud 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 66. Monitor 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 67. Monitor stack 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Grafana CPU, Memory, Network Metrics
  • 68. Monitor stack 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Grafana Metrics APP Metrics
  • 69. Issue on cAdvisor ‱ cAdvisor can not send network usage correctly to InfuxDB – when the container use host network on a multiple network cards machine ‱ Use Telegraf to fix this problem 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 70. Before Motivation What is SDACK Agenda During Why Dockerize Security Monitor After Lessons Learned Conclusions Q&A 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 71. Lessons Learned 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 72. Lessons Learned ‱ Mount the stuff you may change it frequently to your Docker containers – For example, on PoC, mount your configuration files into Docker containers directly 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 73. On PoC 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Change Settings Re-build Images Deploy
  • 74. Mount configuration files 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Host machine Conf Kafka container Conf Conf Spark container Conf Conf Conf Conf Conf Conf Kafka Configurations Conf Conf Conf Spark Configurations
  • 75. Conclusions 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 76. Summary 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Dockerize ‱ Deploy ‱ Develop ‱ Test ‱ Scale Security ‱ Misconfiguration ‱ Docker Bench ‱ CoreOS Clair ‱ Docker Cloud Monitor ‱ Visibility ‱ cAdvisor ‱ InfluxDB ‱ Grafana for Security
  • 77. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. We Need To build an On-Premises product which can deal with Big Data In the beginning 

  • 78. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. We Need To build an On-Premises product which can deal with Big Data Have Now Build Ship Run Conclusions
  • 79. 2016 DockerCon | Copyright© 2016 Trend Micro Inc. Go ahead Dockerize your product
  • 80. Thank you! 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 81. Q & A 2016 DockerCon | Copyright© 2016 Trend Micro Inc.
  • 82. Thank you! 2016 DockerCon | Copyright© 2016 Trend Micro Inc.

Notas do Editor

  1. Hi everyone, thank you all for being here I am very happy and thanks DockerCon gives me the chance to share you our ideas and what we have done Our topic today is using the SDACK architecture on security event inspection And We are from Trend Micro. Trend Micro is a IT security company, we develop innovative security solutions that make the world safe for businesses and consumers to exchange digital information
  2. Ok this is me. I am Darren chen, a software engineer at Trend Micro My experience in docker is more than one (about one and a half) years and I also interested in big data stack, such like spark kafka and hadoop
  3. And by my side is my colleague Evans Ye. He is also a software engineer at Trend Micro And now he is apache Bigtop project PMC member His docker experience is more than two years (two and a half years) Before we start the topic today, I would like to ask some questions.
  4. If you have experience on making a software product, please raise your hand ? [äșșć€šæ™‚] Great, looks like a lot of people have experience on making a software product. But that’s not the topic we are going to talk about today. [äșșć°‘æ™‚] Oh~, there are a few people know about how to make a software product. But that’s OK. It doesn’t matter. Because we will not discus it today
  5. Today we will focus on how to make a Dockerize software product We will share our experience on using Docker in our security inspection platform
  6. This is our agenda today. We separate the presentation into three parts. First, before we make a product, we must have a problem need to solve. So we will explain our motivation about our product and talk about what is S.D.A.C.K. SDACK and how we use SDACK to address the problem we faced. In the Second part, we will introduce how Docker makes our product development progress more efficient. And we also bring some knowledge about security and monitor of dockerize product. Finally, we will talk about our experience on using Docker and make a conclusion. Our presentation will take 35 minutes. And I’ll be happy to answer all of your questions in the last Q&A section. Ok. I’d like to hand this presentation over to my colleague. Let’s welcome Evans Ye to talk about the background of our product.
  7. What’s the problem we’re trying to solve? To be more specifically, what’s our target scenario? In most of the enterprises, they have InfoSec teams to oversight cyber security events happened inside the companies. And typically they’ll have Security Information and Event Management platform, which is so called SIEM, to collect large amount of logs for them to do further investigations. Spunk and ArcSight are two solutions for that. What’s the problem we’re trying to solve? To be more specifically, what’s our target scenario? In most of the enterprises, they have InfoSec teams to oversight cyber security events happened inside the companies. And typically they’ll have Security Information and Event Management platform, which is so called SIEM, to collect large amount of logs for them to do further investigations.
  8. But, the problem is there’re just too many log to investigate. And those SIEM platfroms is lack of actionable, prioritized recommendations
  9. So, we’d like to build a threat analytic system that has security intelligence built inside. It can collect large amount of log and do prioritization, filtering and anomaly detection. With that, we can only output valuable information to the infoSec team, which can significantly reduce the load for them. The system’s goal is to ease infoSec people’s life and help them quickly respond to high priority threats.
  10. The first problem is how do we deal with customer’s private data? Apparently, customers many have concern if we put them in the cloud because there’re too many PII data. So for this system, we design it to be an on-premises solution. The first problem is how do we deal with customer’s private data? Apparently, put them in the cloud is not a good idea because customers won’t like to see that happened. There’re too many PII in there logs. So for this system, we design it to be an on-premises solution.
  11. The second problem is how do we deal with big volume? For example, one of our customer has 2 billion of log per day that should be consumed and handled properly in our system.
  12. Therefore
  13. Here comes the SDACK architecture It’s a toolbox for building wide variety of big data products.
  14. So what exactly is SDACK? Let me describe it with more details
  15. SDACK, S, D, A, C, K, stands for Spark, Docker, Akka, Cassandra, and Kafka. Spark is a fast and general purpose engine for large-scale data processing scenarios. It supports traditional batch processing as well as micro batch streaming. Docker, which you should be already familiar about it, is a great tool for shipping software, doing deployment, and it also has the ability to do resource management. Akka is a toolkit and runtime for building highly concurrent distributed and resilient message-driven applications. To me any business logic related code you’re going to write, you can use Akka to develop it. Cassandra is a distributed, highly available database designed to handle large amount of data across datacenters. The nice thing about it is because of the masterless clustering mechanism, It’s very stable. We don’t need to pay much attention on it when running in customer’s environment. Kafka is a high-throughput low-latency distributed pub-sub messaging system for dealing with real-time data feeds. It’s a best choice to handle streaming data pipelines when building a big data product. S, D, A, C, K, SDACK, stands for Spark, Docker, Cassandra, and Kafka. Spark is a fast and general purpose engine for large-scale data processing scenarios. It supports micro batch streaming as well as traditional batch processing Docker, which you should be already familiar about it, is a great tool for shipping software, doing deployment, and it also has the ability to do resource management. Akka is a toolkit and runtime for building highly concurrent distributed and resilient message-driven applications. To me any business logic related code you’re going to write, you can use Akka. Cassandra is a distributed, highly available database designed to handle large amount of data across datacenters. The nice thing about it is because of the masterless clustering mechanism, It’s very stable. We don’t need to pay much attention on it when running in customer’s environment. Kafka is a high-throughput low-latency distributed pub-sub messaging system for real-time data feeds. It’s a best choice to handle streaming data pipelines when building a big data product.
  16. Briefly speaking, we use docker for packaging.
  17. Now with the SDACK architecture, how exactly the system architecture will be looked like?
  18. This is our system architecture, starting from the top-left corner, we collect logs using some well-know tools and feeds them into Fluentd, which is an universal interface to receive arbitrary type of log. Fluentd then passes the log down to Kafka immediately to store the data on to the disk. Then we’ll have Akka to do the log transformation. The processed log will be stored into Kafka and Cassandra. Spark them fetches data from Kafka or Cassandra and produce valuable insights into a traditional relational database. An API server works together with web portal and database to serve the investigation need to the infoSec team.
  19. Since we’ve adopted the SDACK architecture, we can containerize every software technologies we used using the micro service strategy. The deployment and management of the system become super easy!
  20. Now, by adopting the SDACK architecture, every micro services can be scalable. we can build a product that is suitable for medium-sized enterprises
  21. As well as large enterprieses
  22. For those very large companies, our product can also be deployed on an existing IaaS or PaaS services such as Mesos, or kubernaties With that, I’ve finished my section talking about the background and the architecture of our system. Next I’ll hand over to Darren, who’ll describe you our system with more details.
  23. To conclude my part, with docker our system is easy to scale, can test once run anywhere, and is widely supported by many platforms.
  24. [é€ŁæŽ„evanséƒšćˆ†èź“æ•Žé«”æž¶æ§‹æ›ŽćźŒæ•Ž] Ok, thanks Evans for talking about our system background And next we will move on why we need to Dockerize our system.
  25. In fact, we got a lot of advantages in our product development after we ado(a)pt docker So the following I will use four phases deploy, develop, test, and sale to explain how will Docker benefit our product
  26. Ok, let’s get started with the first one, deploy
  27. As mentioned before, our architecture is complex. There are many components in our system. If you want to setup this kind of environment. You will waste a lot of time on installing components such like kafka, spark, Cassandra and after installed you also need to configure each component. So the long process of installation makes developers and users suffered In addition, such a complex system is very hard to operate and update
  28. However, when we dockerize each component, previous problems are gone Each component can be properly installed and configured into an image It will reduce a lot of time on installation and let’s be easier to setup our threat analytic system
  29. We can illustrate our threat analytic system layout by a easy to read yaml file And use docker compose to operate our system in one command.
  30. And leverage on Docker Hub, we can quickly and easily update customer side threat analytic system’s component For example , as trend micor (we) publish the new version of apiserver to Docker Hub(from trend micro), our customers can pull and update the latest apiserver directly (without complicated updating process)
  31. Since we dockerized our system, the deployment becomes easier And it will help our team members to develop their applications or algorithms in a more efficient way. So, next, let’s look at how will Docker benefit our development process
  32. Docker provides two key features to make our daily development become more efficient One is reproducibility Another is Flexibility In the following, I will introduce more details
  33. First, I will explain reproducibility in spark streaming job development
  34. Internal beta environment We have setup a dev cluster which provide our team members an environment to test their algorithms. In the dev environment, the data is streaming from our company data source and it never stop.[æ€Șæ€Ș的] Now if you run your spark streaming job in the dev cluster and after a while you find your job failed(æ€Șæ€Ș的), it will be hard to troubleshoot . Because the data is streaming, you can not reproduce the problem again.
  35. However, this problem could be solved by Docker. Because developer can easily setup the threat analytic system in their local machine. In addition, they can use (leverage on) the same snapshot data set, so they test their algorithms locally, then when their job fail, they will be able to reproduce the environment quickly and troubleshot their algorithms easily
  36. More over, they can control the speed and the amount of steaming in, so they will be able to simulate multiple scenarios in their local machine to improve the quality of their algorithms For example, we can increase our data input rate to test if our algorithms can deal with them in time or not
  37. So when we do the spark streaming job development, we can quick deploy the threat analytic system in our local environment(the new local environment) and test our job with the same snapshot data set. Once we found our jobs failed(some problems in our algorithms), we can quickly reconstruct another new local environment for testing after we fix the problem(issue). Therefore, leverage on Docker, we can reproduce the problem easily and speed up the development iteration.
  38. Next, I will explain how will Docker Flexibility help us achieve hybrid architecture and make the Data research more flexible.
  39. Let me talk about the background first. In our team, there are some Data Scientists doing data research on our dev cluster, because they need the real data But the result of their algorithms may not be stable enough during PoC stage So it might pollute our dev cluster database content, then affect other team members' job accuracy For example, when a data scientist submits a spark job into our dev cluster
  40. The result will be stored into our database
  41. Once the result is incorrect. It will pollute our dev cluster database
  42. After that, if someone submits another spark job and use the database content as data source
  43. He or she will base on polluted database content and generate the wrong result.
  44. Leverage on Docker, we can construct more flexible architecture to solve the previous problem. Our team member can setup their own threat analytic system locally. And then, they can still submit their spark jobs to dev cluster and utilize its computing power and real data, 「æ€Șæ€Ș的」 Finally the result can be wrote(send push) back to their local system [directly]. It means that Developers can use real data and system computing power on dev cluster, but no need to worry about the(li) incorrect result will mess up the dev environment.
  45. What’s more, we can construct any architecture based on the same concept. Which means developer can have different combination with dev cluster and local environment. For example, the front end engineer can do web development in their local machine with our dev cluster apiserver and database content So they can test with real world data without maintenance effort on other components
  46. I have mentioned about the deployment and development, Next, let’s move on to the Testing part (can add something)
  47. [For QA team, there are two important things, The first is clean environment for testing The second is consistent with production environment.] By using Docker, we can meet these two requirement easily. Becasue we dockerize our system, so QA team can setup a brand new testing environment for each integration test quickly. And no need to worry about other possible environmental factors may impact on the testing result In addition, all the dependencies are wrapped into docker images, so we make sure each integration test environment is the same as production environment
  48. The last part of why dockerize section is scale. I will talk about how will Docker benefit on scalability
  49. First, In our threat analytic system, there are many components which are distributed software (and designed to solve the big data problem) such like Kafka, Spark and Cassandra. [Using docker, we can quickly compose cluster with these components. Because all the settings are packaged into docker images.]
  50. Another case is we leverage on akka toolkits to achieve (other) micro-service scalability Akka is a high performance concurrency framework which help us to construct a distributed cluster easily.
  51. Let’s take a look on the work flow of our akka cluster system In our akka cluster system we adopt master slave architecture. //All queries will be sent to master and it will dispatch jobs to service For example, the client send a request to master for querying about account information, then master will dispatch this job to LDAP service and the LDAP service will query LDAP server to get the account information. After that, the LDAP service will send the result back to the client.
  52. In our akka cluster system, we have built up a lot of micro-service just like LDAP service. Each micro-service has its own tasks So when different kind of jobs are sent to the master, master will dispatch each job to corresponding service
  53. we dockerie each akk micro-service into a docker image. It will make us easy to setup and operate our akka cluster system
  54. In addition, when some services hit their capacity limit, we can scale it out easily (sca li out) For example, In our akka cluster system, we have a Data Process service to normalize our input logs Then, if there are too many logs steaming in to our system, the data process service will not be able to deal with them in time. We can scale out the data process service quickly to solve the problem
  55. I have introduced how Docker benefit our product development (threat analytic system), But don’t forget when you ship your dockerize product to your customer, you need to take care about security. So, next I will show you our experience on Docker security
  56. As our survey, from docker first release to now, there are a few vulnerabilities in Docker. So far, the most dangerous vulnerability was fixed in 2 days. This means that there are not many security issues in docker itself. So what will make your dockerized product become insecure?
  57. It is misconfiguration This is an example, when you set up swam cluster in your environment, you may need to open a network port of your docker daemon. But do you know, this action may allow worldwide to access (let whole world be accessible) your docker engine?? Because a lot of people just forget about the network ACL setting.「æ€Șæ€Ș的」 Actually in the Docker website, they already reminded you to set your network security rules when setup the docker swam.
  58. And as trend Micro study, we also found that there are a lot of docker registry in the world can be access directly without any authentication It’s easy and happy to use Docker but when you get into misconfiguration, it will make you become unhappy So how to prevent this disaster happened ?
  59. The following, I will introduce a couple of useful tools
  60. First one is Docker Bench for Security. It is a shell script, very easy to use It can check your host, docker daemon and container setting For example, It can check whether your linux kernel version is greater than the minimum requirement or not It can also check your docker configuration file and directories ACL setting In container runtime, it can check if you use privileged container or not
  61. Second tool is CoreOS Clair. It can do further analysis on your Docker images to check if any vulnerability package you have installed The protection ability is based on Debian, Ubuntu and Red Hat vulnerability database
  62. Actually, Docker has announced the new security service recently if you already use Docker cloud service, they will do the vulnerability scan for your docker images to make sure your images are secure enough
  63. Finally let’s talk about how to do monitor on Docker
  64. We adopt cAdvisor, influxDB and Grafana to compose our monitor stack cAdvisor is responsible to retrieve usage of CPU, memeory and network from containers and then store these metrics into influxDB. So grafana gets the metrics from influxDB and the user can use grafana web portal to check each container system status [æ€Șæ€Ș的]
  65. The monitor stack is not only used in container system status but also applications We send Spark, Kafka and our application metrics into influxDB, so that, we can monitor many kind of application metrics, such like Kafka data input throughput, on the grafana web portal
  66. However, when your container use host network and you also have multiple network cards on your physical machine, cadvisor won’t be able to send the correct network usage to influxDB. Therefore, we use telegraf as a solution to this problem. Telegraf is an agent to collect metrics data and write them to influxDB Using telegraf, we can get all network card information from cAdvisor and send them to influxDB, so that, we won’t miss the correct one(modify)
  67. We have finished the Dockerize, security and monitor At the end, we will share some experience[æ€Șæ€Ș的] and make a conclusion for this talk.
  68. Let me talk about the lessons learned during dockerize the threat analytic system
  69. Mount the stuff which you may change it frequently to your Docker containers For example, In the beginning of dockerize our threat analytic system, we found that we need to change configurations frequently My suggestion is at the beginning of dockerize progress, mount the whole configuration files into Docker container, then you can change and apply new setting efficiently without re-build your docker images. (ćŸŒæœŸç”šenv variable)
  70. In our use case, we use many big data open source components in our threat analytic system, such like Spark, And, in the Spark website, you can find that a lot of configurations could be adjusted based on the workloads. However, in the beginning, we still don’t have the proper setting , so we need to change configurations frequently. Once any configuration changed, we need to re-build our Spark docker image and deploy it again
  71. Therefore, we can mount configuration files into docker containers to solve the previous problem We directly modify our configuration files on host machine and apply the change to our dockerize components So we are able to deploy different setting rapidly to speed up our development progress
  72. At the end, let's make a conclusion of our talk today.
  73. Summarize the main points again First, we used four phases deploy, develop, test, and sale to explain docker can make our product progress more efficient and speed up the development iteration (And so far, we use Docker in our big data solution stack and everything is work well.) Second, The misconfiguration problem may cause the security issue in Docker. You can use exist tools like “Docker Bench for Security” and CoreOS Clair to make your dockerize product more secure. More over, you can leverage on Docker Cloud service to secure your docker images.[æ€Șæ€Ș的] Finally, the monitor stack cAdvisor, InfuxDB and Grafana can enhance your product’s visibility
  74. In the beginning we mention we would like to solve the problem we faced. We want to build an on premises product which can deal with big data.
  75. By leverage on docker major benefits Build ship run, we have now built an on premises product which can deal with big data. Docker makes the problem of dealing with big data become simpler and also let the procedure of composing an on premises product become more efficient.
  76. And enjoy your dockerize journey
  77. So thanks everyone. That’s it today Are there any questions That’s it guys. Thanks for your attention Questions time. Does any one have questions? I’m going to finish here and thank you for your attention. If you have any questions, I’ll be happy to answer them.
  78. Thank you all. Have a nice day !