We all know the developers are the new kingmakers. But developers couldn't build great software without the support of a killer platform ops team! So while there are plenty of great sessions at Cloud Foundry Summit Europe next week for devs, let's spend some time previewing the show from a platform ops perspective.
A key operations theme of the show is security. In addition to providing a great platform and development experience, platform ops teams are also tasked with keeping their enterprises safe and secure. The good news is these two mandates – providing a great experience for developers and maintaining a secure environment – aren't mutually exclusive!
Let's take a look at the operations and security track at Cloud Foundry Summit Europe, with a few other relevant sessions from other tracks thrown in for good measure.
Day 1
Keynote: Service Broker Management Across Cloud Foundry and Kubernetes
Florian Müller, Technical Lead Platform Foundation & Services, SAP Cloud Platform
October 10, 9:25 to 9:35
One of the great things about Cloud Foundry is its embrace of the Open Service Broker API, which enables developers to create services instances and bind those instances to applications. But things can get tricky for ops teams when they are responsible for managing potentially hundreds of services across multiple Cloud Foundry foundations. In this keynote session, SAP’s Florian Müller demonstrates how to use Service Manager as a central service broker registry for Cloud Foundry and Kubernetes, bringing order to what can otherwise be a chaotic environment.
Comprehensive Cloud Foundry Security Overview and Roadmap
Sree Tummidi, Sr. Manager Product Management, Pivotal
October 10, 11:35 to 12:05
There’s perhaps now bigger responsibility for operators than keeping the platform safe and secure. The good news is that Cloud Foundry has robust security capabilities built into the platform and the community is adding new features every day. In this session, Pivotal’s Sree Tummidi will review the current state of Cloud Foundry platform security, including secure credential management, encryption, network security, authentication, authorization and auditing. You’ll leave this session with an even better understanding about how to take advantage of all of these capabilities to deliver comprehensive platform security.
Cloud Foundry Security Needs the Community
Dan Jahner, Senior Product Manager, Pivotal
October 10, 12:15 to 12:45
When it comes to platform security, we all have a role to play. It's too big a job for just one person or even one company. In this session, Pivotal's Dan Jahner will explain how you an get involved in security testing to help make Cloud Foundry as secure as it can be. He'll walk through the mechanics of how to responsibly report security vulnerabilities when you find one and what the triage process looks like once you have submitted a report. You'll also walk away from this session with a better understanding of the historical context of security in platform operations and better educated on some general security testing concepts to get you jump started on security testing.
Thales Digital Factory: A Cloud Foundry Platform Journey
Erwan Bornier, Platform Architect, Pivotal
Nicolas Dumont, Platform Product Owner, Thales Digital Factory
October 10, 12:15 to 12:45
It’s not as if Thales is new to software development. Around 15% of the French company’s 65,000 person-strong workforce is made up of software engineers. And software plays a key role in nearly all of its products, largely critical systems for the aerospace, transportation, and defense industries. But the company wanted to get better and faster at building great software, a journey that started with Cloud Foundry. In this session, you'll learn how Thales' ops team supports thousands of developers and applications, enabling the company to "go fast, go secure by default, deliver anywhere, and innovation and transform."
Running Isolated and Secure Workloads via BOSH
Subhankar Chattopadhyay, Associate Architect, SAP
Shashank Jain, Chief Development Architect, SAP
October 10, 14:30 to 15:00
In an ideal world, all the workloads running on your Cloud Foundry foundation will be known, trusted applications. But there are times when your developers may need to run untrusted applications on the platform. How do you prevent these application from potentially causing security and performance issues throughout the platform and other applications? In this session, SAP’s Subhankar Chattopadhyay and Shashank Jain will illustrate how to cordon off these types of workloads via sandboxing with a little help from BOSH, thereby limiting the potential damage.
Security Considerations for CF Container Runtime vs CF Application Runtime
John Michealson, Cloud Security Integration Architect, Aqua Security
October 10, 15:10 to 15:40
Cloud Foundry has come a long way over the last year. What started as a single application runtime environment is now a full-fledged development and operations platform with not one but two abstractions to choose from, depending on the use case. One is the tried-and-true application runtime, the other a container runtime based on Kubernetes. In addition to providng different but complimentary environments for developers, the two runtimes also have different security needs and considerations. In this session, Aqua Security's John Michealson describes how to approach the divergent security needs of the two Cloud Foundry runtimes and demonstrates some of the methods and tools that can be used to mitigate risk without slowing down development.
The Route to Rootless Containers
Claudia Beresford, Software Engineer, Pivotal
Ed King, Software Engineer, Pivotal
October 10, 15:50 to 16:20
It's always good to know your roots. But what about when there are no roots? Rootless containers are quickly rising in popularity in part because it allows you to create and manage containers as a completely unprivileged, non-root user. This is a good thing from a security perspective and makes it easier to open up container-based workloads to a lot more developers. In this session, Pivotal's Claudia Beresford and Ed King share insights learned from adopting rootless containers in production running on for Cloud Foundry. If you’re interested in using rootless containers in production, this talk is for you!
Panel: Continuous Security: Inject Pipelines with Critical Protection for Your Apps
Kamala Dasika, Product Team, Cloud Platform Ecosystem, Pivotal
Josh Kirkwood, DevOps Security Lead, CyberArk
Simon Maple, Director of Developer Relations, Snyk.io
James Wickett, Head of Research, Signal Sciences
Molly Crowther, Senior Technical Program Manager, Pivotal
Shatarupa Nandi, Director of Software Engineering, Pivotal
October 10, 17:30 to 18:00
You can't fix it if you don't identify it. In one of the most straightforward session of the summit, Pivotal's Molly Crowther and Shatarupa Nandi reveal the top five security vulnerabilities previously found in Cloud Foundry, including how each vulnerability was discovered, how it could be exploited, and how the it was remediated in the product. You'll leave this session with a better understanding of how critical-severity vulnerabilities are discovered, triaged, and fixed in Cloud Foundry.
Day 2
Platform as a Product: How to Delight Your Developers and Deliver Value for Your Customers
Paula Kennedy, Director, PCF Solutions, Pivotal
October 11, 11:15 to 11:45
As a platform operator, you may not think you are directly serving the needs of customers, but think again. In fact, your customers are the software engineers and developers building and running applications on Cloud Foundry. And Cloud Foundry itself is the product. In this session, Pivotal’s Paula Kennedy extolls the virtues of treating your platform as a product and all that entails. She’ll discuss what this approach looks like in practice and provides advice for building a platform team, applying the Build-Measure-Learn feedback loop to platform development and how to build trust with your customers, application developers.
Upgrading from CF-Release to CF-Deployment: The Unusual Way
Johannes Hiemer, CEO, evoila
Yannic Remmet, Software Engineer, evoila
Cluster Health for Application Health – Monitoring the Cloud Foundry Infrastructure
Johannes Bräuer, Technology Strategist, Dynatrace
October 11, 14:10 to 14:40
Is there anything more frustrating than not being able to diagnose why application performance is suffering? I doubt it. All your application monitoring dashboards are green, yet apps are slowing to a crawl. Luckily, there is a solution and Dynatrace’s Johannes Bräuer will share it in this session! He’ll explore methods for identifying bottlenecks in core platform components, such as Gorouters and Auctioneers, and provide a demonstration of how to detect component anomalies that hit applications’ response time and availability.
#automateALLtheTHINGS: From Ops Manager GUI to Automating Deployments and Reporting with Concourse
Onno Brouwer, Technical Specialist, Rijkswaterstaat
October 11, 14:10 to 14:40
One of the things that sets Cloud Foundry apart from other application platforms is its extensive automation capabilities. Automation allows ops teams to reduce manual tasks, apply updates at scale, and, therefore, spend more time delivering value to developers. In this session, Rijkswaterstaat’s Onno Brouwer shares how the company’s ops team transitioned from manually performing platform upgrades using the Ops Manager GUI into fully automating the upgrades process by incorporating the PCF and BBR pipelines, and how your team can do the same.
Panel: Practising a Massive Public Disaster – How to Mitigate Risk When You Can’t Afford to Fail
Zenon Hannick, COO, Armakuni
Chisara Nwabara, Staff Technical Program Manager, Pivotal
Debbie Wood, Product Manager, Pivotal
James Wynne, Staff Software Engineer, Pivotal
October 11, 14:50 to 15:20
Imagine that the vast majority of your enterprise’s revenue is generated on a single day each year. The last thing you can afford is for your platform or applications to fail during this singular, extremely high-traffic event. Sound far-fetched? Maybe for most organizations, but its reality for Comic Relief. The U.K.-based charity raises millions of pounds to fight poverty during its annual telethons. It’s entire donations system runs on Cloud Foundry. In this session, hear how Comic Relief’s operations teams collaborates with its developers to run extensive fire drills across its mission-critical, multi-region, multi-foundation environment to practice troubleshooting across various layers of the stack under extreme load.
It's a Mob! How We Gained Shared Knowledge and Delivered Value with Quality Faster
Cai Cooper, Head of Cloud Platform Operations, Fiserv
Colin Simmons, Engineer, EngineerBetter
October 11, 15:30 to 16:00
You’ve heard of pair programming, where two developers write code together on the same machine. Well, how about you add the entire team to that scenario? That’s called Mob programming and it helped the Fiserv Finkit operations team improve how they deploy, operate and troubleshoot their Cloud Foundry foundations and other supporting tooling. In this session, Finserv’s Cai Cooper and EngineerBetter’s Colin Simmons share how Mob programming helped the team more effectively share knowledge, reduce wasted time and increase the quality of its operational expertise.
Face Your X.509 Fears: Automating Certificate Rotation for Cloud Foundry
Iryna Shustava, Software Engineer, Pivotal
October 11, 16:30 to 17:00
Cloud Foundry continues to become more and more secure by default. That's obviously a good thing! But, it does increase the burden on platform operations teams, who are responsible for managing the ever-increasing number of certificates and certificate authorities that come with it. The good news is the team at Pivotal has made a lot of progress on credential management, in particular with CredHub. This session covers how to manage Cloud Foundry credentials with Concourse, BOSH, and CredHub. It includes a demo of a Concourse pipeline rotating all certificates with zero application downtime. Beat that!
See You in Basel!
Now you're ready to hit the ground running in Switzerland next week at Cloud Foundry Summit Europe. So pack your passport and your thirst for platform ops knowledge and we'll see you in Basel!
