Boston
May 8-11, 2017

Event Details

Please note: All times listed below are in Central Time Zone

<< Go back
Securing Microservice Interactions in OpenStack and Kubernetes
Security

Interacting microservices have a large dynamic attack surface from exposed APIs, communication channels, data-store interactions, and agile deployment. Communication between Kubernetes pods and OpenStack VMs further expands the attack surface. An ideal security solution will go beyond reachability and allow rich security services to be activated on demand. This talk will cover:

  • Review OpenStack mechanisms to secure inter-service communication in tenant networks, across K8s and OpenStack clusters, at both network and application layers, e.g. Kuryr, service insertion, FWaaS, Barbican, Congress.
  • Inter-operation of K8s and OpenStack mechanisms, e.g. K8s network policy & Neutron security groups.
  • Operational challenges of configuring infrastructure security mechanisms to achieve service-level security objectives, and methodology to mitigate challenges.
  • Outline and demo of a security approach that operates independently of infrastructure mechanisms to secure inter-service communications.

What can I expect to learn?
  • A review of current OpenStack mechanisms to secure inter-service communication in tenant networks across Kubernetes and OpenStack clusters. Relevant mechanisms are at both the network and application layers, e.g., Kuryr, service insertion, FWaaS, Barbican, Congress.
  • Inter-operation of Kubernetes and OpenStack mechanisms, e.g., Kubernetes network policy and Neutron security groups.
  • Operational challenges of configuring infrastructure security mechanisms to achieve service-level security objectives, and a methodology to mitigate these challenges.
  • Outline and demo of a security approach that operates independently of infrastructure-level mechanisms to secure inter-service communications.
Monday, May 8, 3:40pm-4:20pm (7:40pm - 8:20pm UTC)
Hynes Convention Center - Level Three - MR 311
View video
Difficulty Level: Intermediate
Tags: Containers Security Neutron Application Deployment Container Management Container Orchestration Orchestration
Yoshio Turner
Banyan
Yoshio is a co-founder of Banyan, a company developing security technologies for microservices. Previously, Yoshio was a Principal Research Scientist at HP Labs, Networking and Mobility Laboratory, in Palo Alto, CA. He has co-authored several research papers in computer systems and networking, and contributed to architecting and developing a scalable production Neutron network virtualization... FULL PROFILE
Jayanth Gummaraju
Co-Founder
Jayanth Gummaraju is the Co-Founder and CTO of BanyanOps Inc., based in San Francisco, CA. Prior to founding Banyan, Jayanth worked at VMware where he co-created the Instant Clone technology used by the Container and VDI product lines, and co-founded the Big Data Virtualization initiative. He holds many patents and has published several papers in leading conferences in the areas of... FULL PROFILE