Ken Sipe

Scaling up on the web

Tuesday, 8:00 PM EST

The drive to continuous delivery, micro services and PaaS includes the need to auto scale and potentially auto provision services. This session will identify the legacy thinking of a statically partitioned world and drive to the scalable world of Apache Mesos.

This session will look at the failings of the many of today's cloud technology, identify the goals we have and look into the tooling of how to get there. In this session we will look at:

• static vs elastic partitioning
• vm vs containers
• separating cluster capacity from application scale
• load balancing with HAProxy

This session will be packed with demonstrations.

Building a PaaS Workshop

Wednesday, 3:15 PM EST

Platform as a Service (Paas) is all the buzz today…. but why? What's the value proposition? Once you have decided that it is for you… what are your options?

This 2 session presentation is broken down in to 3 parts. The first is understanding why organizations on moving to PaaS and what to expects. The second and third part includes a walk through of PaaS options with part 2 being traditional PaaS and part 3 highlighting container based PaaS solutions.

We will conclude with a short discussion on getting PaaS like experiences without a PaaS and what that might look like.

Building a PaaS Workshop

Wednesday, 5:00 PM EST

Platform as a Service (Paas) is all the buzz today…. but why? What's the value proposition? Once you have decided that it is for you… what are your options?

This 2 session presentation is broken down in to 3 parts. The first is understanding why organizations on moving to PaaS and what to expects. The second and third part includes a walk through of PaaS options with part 2 being traditional PaaS and part 3 highlighting container based PaaS solutions.

We will conclude with a short discussion on getting PaaS like experiences without a PaaS and what that might look like.

Scaling and Fault Tolerance Workshop

Thursday, 9:00 AM EST

There was a day when it was common to see the twitter fail whale! This imagine, extinct today, was the sign that scaling at twitter was broken in some way. What did Twitter do in order to increase their ability to scale, be more fault tolerant all while growing significantly. The answer is a move to Apache Mesos and leveraging container technology.

Google in 2009 had a top secret project we now know as the Google Borg project. That technology was reincarnated in an open source project out of UC Berkley known as Apache Mesos. Mesos has grown up significantly while at Twitter providing production tested solution for scaling applications and containers. In addition Solomon himself stated at DockerCon EU in December 2014 that Mesos is the only reliable way to scale docker in a production environment today.

This session is a hands on workshop. It is broken into 3 separate but related parts.

The first part is an 1.5 hour lecture of the challenges of the datacenter today. It will provide an overview of

* containers, 
* static vs. elastic partitions 
* schedulers.

The second part is a dive into docker with time for hands on labs. You will need access to docker for 1/2 of this session. We will have some discussion on the issues of running Java in a container with a focus on needs of production.

The third part will be on Apache Mesos and several different schedulers. We will discuss:

* different types of containers
* stateful service solution
* service discovery
* typical failures at twitter and how to avoid them

This also has a hands on component. You will need either:

* A Google Compute Engine account
* A AWS account
* Software local on your laptop to run vagrant

The last shorter part will include an overview of technologies on the horizon in this fast paced micro-services space.

Scaling and Fault Tolerance Workshop

Thursday, 10:45 AM EST

There was a day when it was common to see the twitter fail whale! This imagine, extinct today, was the sign that scaling at twitter was broken in some way. What did Twitter do in order to increase their ability to scale, be more fault tolerant all while growing significantly. The answer is a move to Apache Mesos and leveraging container technology.

Google in 2009 had a top secret project we now know as the Google Borg project. That technology was reincarnated in an open source project out of UC Berkley known as Apache Mesos. Mesos has grown up significantly while at Twitter providing production tested solution for scaling applications and containers. In addition Solomon himself stated at DockerCon EU in December 2014 that Mesos is the only reliable way to scale docker in a production environment today.

This session is a hands on workshop. It is broken into 3 separate but related parts.

The first part is an 1.5 hour lecture of the challenges of the datacenter today. It will provide an overview of

* containers, 
* static vs. elastic partitions 
* schedulers.

The second part is a dive into docker with time for hands on labs. You will need access to docker for 1/2 of this session. We will have some discussion on the issues of running Java in a container with a focus on needs of production.

The third part will be on Apache Mesos and several different schedulers. We will discuss:

* different types of containers
* stateful service solution
* service discovery
* typical failures at twitter and how to avoid them

This also has a hands on component. You will need either:

* A Google Compute Engine account
* A AWS account
* Software local on your laptop to run vagrant

The last shorter part will include an overview of technologies on the horizon in this fast paced micro-services space.

Web Application Security Workshop

Thursday, 1:30 PM EST

As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

Attendees will come away with the following skills / capabilities:

• threat modeling
• security audit plan
• introduction to Pen testing
• key / certificate management
• fixing web application security issues

Don't be the weakest link on the web!

Web Application Security Workshop

Thursday, 3:15 PM EST

As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

Attendees will come away with the following skills / capabilities:

• threat modeling
• security audit plan
• introduction to Pen testing
• key / certificate management
• fixing web application security issues

Don't be the weakest link on the web!