Blog

2016 Speaker Proposal: Dealing with a different kind of scale by Nick Demaster

In shared hosting, when we talk about database scale, we don’t mean large monolithic installations; scale for us means (literally) millions of small databases. We have millions of customers deploying many millions of databases to host their blogs, CRMs, custom apps.  How do we account for all this use and still provide available machines?

In this talk, we will discuss the unique challenges in deploying databases at shared hosting scale, the commonly deployed architectures (bare metal, virtual, containers) managing and backing up that data, what monitoring means for us, challenges and thoughts on scaling for the future, and what “high availability” means when you are fulfilling customers at a very small price point.

We will discuss future architecture considerations and how we as a database group think about the future.  Hopefully, as we show how we work through these questions for our group, the same questions and techniques can be applied to other groups as they think about what scaling means for them.

This talk focuses on MySQL based technologies and architecture.


Nick DeMaster has been a DBA for 12 years.  He has worked in both high growth startups, as well as large corporate environments.  Currently, he is DBA of the data platform at Endurance International Group.  He is passionate about all things data.  In his spare time, he enjoys whisky.


2016 Speaker Proposal: Getting along with your DB Ops team by Nick Demaster

Often times, when we talk about DevOps, the database operations get grouped together with “Ops”.  This can lead to a lot of misunderstanding in the future with teams who adopt certain practices that, while allowing fast iterations, may not be the best for DB ops – and when a DBA comes into your organization, may cause friction between Dev and Ops

In this talk, we will discuss the process and challenges we are going through at Endurance in bringing best practices for databases to the engineering team.  We will discuss how to talk to your DBAs without making them mad, and how to bring a Data first mindset into your DevOps process,

how to ensure the work you do does not make more work for your DB team, and how to at the end of your day to protect your data integrity.

At Endurance, we are currently going through the process of bringing engineering and databases together to allow for faster, iterative releases that fit a DB acceptance policy that we have a laid out together.

Your Data is one of the most important aspects of your company; it’s time to treat it as such.


Nick DeMaster has been a DBA for 12 years.  He has worked in both high growth startups, as well as large corporate environments.  Currently, he is DBA of the data platform at Endurance International Group.  He is passionate about all things data.  In his spare time, he enjoys whisky.


2016 Salt Lake City DevOps Days Keynote Announces- Effective DevOps Co- Author Jennifer Davis as Keynote Speaker

Silicon Slopes, UT – Jennifer Davis,  co-author of Effective DevOps, Chef Software Engineer and founder of Coffeeops will be a keynote speaker at SLC DevOps Days inaugural event. The internationally based Conference will bring together Developers, Operation Engineers, System Administrators, Project Managers, Scrum Masters-and leadership from the area who are adopting DevOps practices and principles.

“Unlocking the Puzzle: What is DevOps, Why Now, Why Me?” this year’s theme, will be elucidated by Ms. Davis’ personal and industry transformation stories. She brings both years of technical and cultural experience in DevOps at scale initiatives and will share these with attendees.

SLC DevOps Days is particularly excited to welcome Jennifer due to her familiarity of the needs and expectations of attendees. She is a co-organizer of devopsdays Silicon Valley, and supports a number of community meetups in the San Francisco area. In her role at Chef, Jennifer develops Chef cookbooks to simplify building and managing infrastructure. She has spoken at a number of industry conferences about devops, tech culture, monitoring, and automation. When she’s not working, she enjoys hiking Bay Area trails, learning to make things and quality time with her dog, George.

The two-day inaugural event is intended to drive discussions about the ambiguous definition of DevOps. Is it tooling, new agile, a cultural change in Software or all of that? Davis and other keynotes from around the nation, all participating in successful and challenged transformations, will openly discuss the milestones and changes their organizations may require along their path to DevOps.

Event Details:

About DevOps

(a clipped compound of “development” and “operations“) is a culture, movement or practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals while automating the process of software delivery and infrastructure changes.[1][2] It aims at establishing a culture and environment where building, testing, and releasing software, can happen rapidly, frequently, and more reliably.

In traditional, functionally separated organizations there is rarely cross-departmental integration of these functions with IT operations. DevOps promotes a set of processes and methods for thinking about communication and collaboration between development, QA, and IT operations.

https://en.wikipedia.org/wiki/DevOps


2016 Speaker Proposal: GitHub and Docker like Peanut Butter and Jelly by Lee Faus

Description: In this presentation we will look at some common developer workflows as it pertains to using Git, GitHub, and Docker.  We will walk through some sample scenarios for how to build new containers through GitHub Webhooks and leverage the GitHub Deployments API to show when a new container version is available.  We will then leverage the Deployments webhook to automatically stop, pull and restart a running Docker container.  These workflows are critical when defining standards for containerization in large enterprises.  Regulatory and compliance is about what is running where and will be imperative to understand how this applies to continuous integration and continuous delivery pipelines.  Finally, we will explore how these workflows could be generalized to any PaaS like Deis, CloudFoundry, Heroku or IBM Bluemix.


leefaus


2016 Speaker Proposals: Automation and Autonomous systems, or why we orchestrate Kubernetes with SaltStack by Yaroslav Molochko

In case you concerned about security, you may end up with building your own on premises cluster or even couple of them. Once you made this decision, you may face problems of distributed systems you never thought ever existed. I’ll tell how we transformed enterprise “old-schoold” company, with technology stack from 90th into modern company, with high availability and reliability in mind. Why we choose SaltStack and Kubernetes for our stack. What problems you may face working for “enterprise” company with open source tools. How we made error proof deployment, and how you can do the same.


Yaroslav MolochkoI’m system architect at Oberthur Technologies, where I design clustered environments. I have started my career as shift engineer, and that changed my mindset to always think about operation in production. With more than 12 years of experience with production systems, my expertise varies from legacy systems to highly available real-time clusters. I can tell a lot how not to build your system 🙂


2016 Speaker Proposal: Your own Private Heroku using Convox by Drew Bowman

Description: At BrightBytes we use Convox to deploy and scale our many applications on AWS. We don’t have any full time Ops at BrightBytes and we used to use Heroku to deploy our applications. We needed more control and to reduce cost. Enter Convox a great open source tool for deploying and scaling applications. I’ll explain how it works and why its awesome.


drew_bowmanDrew has been building great software products for over 10 years. During his time in software he has built tools to improve warehouse automation, healthcare claims, and learning. Drew is dedicated to learning and seeing the world changed through education. He currently works for BrightBytes building tools for educators to improve the way the world learns.

2016 Speaker Proposal: Behind Closed Doors: Managing Passwords in a Dangerous World by Noah Kantrowitz

Behind Closed Doors: Managing Passwords in a Dangerous World

Description

A modern application has a lot of passwords and keys floating around. Encryption keys, database passwords, and API credentials; often typed in to text files and forgotten. Fortunately a new wave of tools are emerging to help manage, update, and audit these secrets. Come learn how to avoid being the next TechCrunch headline.

Abstract

Secrets come in many forms, passwords, keys, tokens. All crucial for the operation of an application, but each dangerous in its own way. In the past, many of us have pasted those secrets in to a text file and moved on, but in a world of config automation and ephemeral microservices these patterns are leaving our data at greater risk than ever before.

New tools, products, and libraries are being released all the time to try to cope with this massive rise in threats, both new and old-but-ignored. This talk will cover the major types of secrets in a normal web application, how to model their security properties, what tools are best for each situation, and how to use them with major web frameworks.

Outline

  • Intros
  • Types of secrets
    • Passwords (internal control)
    • Key files (TLS, whole files)
    • Tokens (external control)
    • Other (PCI, etc)
    • Hot vs. cold access
  • Properties of a secrets management system
    • Audit trail
    • Least access
    • Integrations
    • Pre-encryption systems
  • The usual solutions, and why they are dangerous
  • Attack surfaces and threat modelling
    • Code leak
    • Backup leak
    • Directory traversal/transclude
    • RCE
    • Laptop theft
    • Higher power (gov, etc)
  • Identity Management
    • Tokens
    • Cloud Systems
    • HSMs
  • Tools
    • Text files
    • Chef encrypted bags
    • Ansible Vault
    • Chef Vault
    • Hashicorp Vault
    • KeyWhiz
    • AWS KMS
    • Sneaker
    • Confidant
    • Trousseau
    • Sops
    • Red October
    • Barbican
    • Conjur
  • Framework Integration
    • HVAC
    • KeywhizFS
    • Consul Template
    • botocore

 


2016 Speaker Proposal: Fail Proof Ways to Run Beautiful Tests Regardless Of Browser Choice by Kevin Berg

What happens when you have thousands of tests that run beautifully in Chrome, but half of them fail in Internet Explorer? Unfortunately, this scenario is all too common for developers, and remains a major sore point for teams tasked with getting software out the door that runs in a growing number of browsers.

This talk will discuss how access to cloud-based Selenium Grids makes it easier than ever to run functional test suites in every imaginable operating system and browser combination. The result is less time and hassle adapting testing suites to each particular browser. Join Dr. Kevin Berg of Sauce Labs as he shares hands-on insight into ways you can optimize your tests for cross-browser functional testing.

The session will cover:

  • The role of testing in a CI/CD Pipeline.

  • Why cross browser testing is important: Websites look and behave differently depending on the browser in which they are displayed. Developers should aim to create a valuable experience for users regardless of the browser they have chosen.
  • How to use waits, error handling, and page objects to architect reliable cross-browser automated Selenium and Appium tests to speed up your development process.

Kevin BergDr. Kevin Berg is a Customer Automation Specialist at Sauce Labs where he works with prospective, new and existing customers to adapt their tests and frameworks to enhance their parallel and cross browser testing capabilities. Originally from Montana, he has written 30+ test framework examples that exhibit both parallel execution and cross browser testing capability for both desktop and mobile.

2016 Speaker Proposal: Behind Closed Doors: Managing Passwords in a Dangerous World by Noah Kantrowitz

Description

A modern application has a lot of passwords and keys floating around. Encryption keys, database passwords, and API credentials; often typed in to text files and forgotten. Fortunately a new wave of tools are emerging to help manage, update, and audit these secrets. Come learn how to avoid being the next TechCrunch headline.

Abstract

Secrets come in many forms, passwords, keys, tokens. All crucial for the operation of an application, but each dangerous in its own way. In the past, many of us have pasted those secrets in to a text file and moved on, but in a world of config automation and ephemeral microservices these patterns are leaving our data at greater risk than ever before.

New tools, products, and libraries are being released all the time to try to cope with this massive rise in threats, both new and old-but-ignored. This talk will cover the major types of secrets in a normal web application, how to model their security properties, what tools are best for each situation, and how to use them with major web frameworks.


Noah KantrowitzNoah Kantrowitz is a web developer turned infrastructure automation enthusiast, and all around engineering rabble-rouser. By day he builds tools and teaches, and by night he works with the Python Software Foundation infrastructure team. He is an active member of the Chef community, and enjoys merge commits, cat pictures, and beards.


2016 Speaker Proposal: Security Automation in a DevOps World by Alan Robertson

Cybersecurity is in the news almost every day. It’s not just getting the attention of the technical folks in the trenches, it’s getting attention in the boardroom. It’s also an area that the DevOps culture hasn’t spent as much attention on as we have on testing and deployment automation. This talk is about how to make things better and keep them there – showing you how to get started in 15 minutes.

Making your systems more secure is a daunting task – the average system has something like 100 ways it’s out of step with hardening best practices. If you have 1000 systems, that means you have something like 100,000 problems – it’s overwhelming! There’s also understanding your attack surface (the ways an intruder can enter your systems) – how to understand and minimize it. This talk will cover these things:

  • How to know what you need to do to harden your systems
  • How to triage, manage and track the hardening process – and show your boss what great progress you’re making
  • How to keep your systems hardened after you get there
  • How to visualize and understand your attack surface

 

Alan_RobertsonAlan Robertson is a long-time IT professional, having managed computer systems for over a decade, and written innovative system management software for more than 20 years, and is an alumnus of Bell Labs, SuSE and IBM.

He founded the leading open source high-availability project (now called Pacemaker) and led it for nearly 10 years.  It has been incorporated into a number of commercial products, and is estimated to be used in over 100,000 systems over the world including by some of the largest companies in the world, and in critical roles like air traffic control and medical devices.

More recently, he founded the Assimilation Project, which drives hardening, security, and monitoring out of an automated configuration management database (CMDB).

He is also a frequently requested and fun speaker on security automation, availability, monitoring, discovery, scalability, and raising Geek Girls – having spoken at over 35 conferences all over the world, and been a keynote speaker at several conferences.  He connects exceptionally well with his audiences. People even ask him back. 😉

 


Search
Archives
Calendar
November 2017
M T W T F S S
« Apr    
 12345
6789101112
13141516171819
20212223242526
27282930