Red Hat Enterprise Virtualization 3.0 Live Chat Transcript Sponsored by Red Hat
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Virtualization Getting Started Guide
Red Hat Enterprise Linux 7 Virtualization Getting Started Guide Introduction to virtualization technologies available with RHEL Last Updated: 2020-02-24 Red Hat Enterprise Linux 7 Virtualization Getting Started Guide Introduction to virtualization technologies available with RHEL Jiri Herrmann Red Hat Customer Content Services [email protected] Yehuda Zimmerman Red Hat Customer Content Services [email protected] Dayle Parker Red Hat Customer Content Services Laura Novich Red Hat Customer Content Services Jacquelynn East Red Hat Customer Content Services Scott Radvan Red Hat Customer Content Services Legal Notice Copyright © 2019 Red Hat, Inc. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. -
Static Vulnerability Analysis of Docker Images
DEGREE PROJECT FOR MASTER OF SCIENCE IN ENGINEERING COMPUTER SECURITY Static Vulnerability Analysis of Docker Images Michael Falk | Oscar Henriksson Blekinge Institute of Technology, Karlskrona, Sweden, 2017 Supervisor: Emiliano Casalicchio, Department of Computer Science and Engineering, BTH Abstract Docker is a popular tool for virtualization that allows for fast and easy deployment of applications and has been growing increasingly popular among companies. Docker also include a large library of images from the repository Docker Hub which mainly is user created and uncontrolled. This leads to low frequency of updates which results in vulnerabilities in the images. In this thesis we are developing a tool for determining what vulnerabilities that exists inside Docker images with a Linux distribution. This is done by using our own tool for downloading and retrieving the necessary data from the images and then utilizing Outpost24’s scanner for finding vulnerabilities in Linux packages. With the help of this tool we also publish statistics of vulnerabilities from the top downloaded images of Docker Hub. The result is a tool that can successfully scan a Docker image for vulnerabilities in certain Linux distributions. From a survey over the top 1000 Docker images it has also been shown that the amount of vulnerabilities have increased in comparison to earlier surveys of Docker images. Keywords: Docker, Containerization, Vulnerability analysis, Vulnerability scanning i Sammanfattning Docker är ett populärt verktyg för virtualisering som används för att snabbt och enkelt sätta upp applikationer och har vuxit sig populärt bland företag. Docker inkluderar även ett stort bibliotek av images från datakatalogen Docker Hub vilket huvudsakligen består av användarskapat och okontrollerat innehåll. -
Touchless and Always-On Cloud Analytics As a Service 1. Introduction
Touchless and Always-on Cloud Analytics as a Service S. Suneja, C. Isci, R. Koller, E. de Lara Despite modern advances in automation and managed services, many end users of cloud services remain concerned with regards to the lack of visibility into their operational environments. The underlying principles of existing approaches employed to aid users gain transparency into their runtimes, do not apply to today’s dynamic cloud environment where virtual machines (VMs) and containers operate as processes of the cloud operating system (OS). We present Near Field Monitoring (NFM), a cloud-native framework for monitoring cloud systems and providing operational analytics services. With NFM, we employ cloud, virtualization, and containerization abstractions to provide complete visibility into running entities in the cloud, in a touchless manner, i.e., without modifying, instrumenting or accessing inside the end user context. Operating outside the context of the target systems enables always-on monitoring independent of their health. Using an NFM implementation on OpenStack, we demonstrate the capabilities of NFM, as well as its monitoring accuracy and efficiency. NFM is highly practical and general, supporting more than 1000 different system distributions, allowing instantaneous monitoring as soon as a guest system gets hosted on the cloud, without any setup prerequisites or enforced cooperation. 1. Introduction Emerging cloud services enable end users to define and provision complex, distributed applications and their compute resources with unprecedented -
Erlang on Physical Machine
on $ whoami Name: Zvi Avraham E-mail: [email protected] /ˈkɒm. pɑː(ɹ)t. mɛntl̩. aɪˌzeɪ. ʃən/ Physicalization • The opposite of Virtualization • dedicated machines • no virtualization overhead • no noisy neighbors – nobody stealing your CPU cycles, IOPS or bandwidth – your EC2 instance may have a Netflix “roommate” ;) • Mostly used by ARM-based public clouds • also called Bare Metal or HPC clouds Sandbox – a virtual container in which untrusted code can be safely run Sandbox examples: ZeroVM & AWS Lambda based on Google Native Client: A Sandbox for Portable, Untrusted x86 Native Code Compartmentalization in terms of Virtualization Physicalization No Virtualization Virtualization HW-level Virtualization Containerization OS-level Virtualization Sandboxing Userspace-level Virtualization* Cloud runs on virtual HW HARDWARE Does the OS on your Cloud instance still supports floppy drive? $ ls /dev on Ubuntu 14.04 AWS EC2 instance • 64 teletype devices? • Sound? • 32 serial ports? • VGA? “It’s DUPLICATED on so many LAYERS” Application + Configuration process* OS Middleware (Spring/OTP) Container Managed Runtime (JVM/BEAM) VM Guest Container OS Container Guest OS Hypervisor Hardware We run Single App per VM APPS We run in Single User mode USERS Minimalistic Linux OSes • Embedded Linux versions • DamnSmall Linux • Linux with BusyBox Min. Linux OSes for Containers JeOS – “Just Enough OS” • CoreOS • RancherOS • RedHat Project Atomic • VMware Photon • Intel Clear Linux • Hyper # of Processes and Threads per OS OSv + CLI RancherOS processes CoreOS threads -
MOS WS 2020/21 Goals
Virtualization MOS WS 2020/21 Goals • Give you an overview about: • Virtualization and VMs in General • Hardware Virtualization on x86 Goals • Give you an overview about: • Virtualization and VMs in General • Hardware Virtualization on x86 • Not in this lecture: • Lots and lots of Details • Language Runtimes • How to use Xen/KVM/… History Erik Pitti, CC-BY, www.flickr.com/people/24205142@N00 History • Pioneered with IBM’s CP/CMS in ~1967 running on System/360 and System/370 • CP: Control Program (provided S/360 VMs) • Memory Protection between VMs • Preemptive scheduling • CMS: Cambridge Monitor System (later Conversational Monitor System) – Single User OS • At the time more flexible & efficient than time-sharing multi- user systems! Applications • Consolidation (improve server utilization) • Isolation (incompatibility or security reasons) • Reuse (legacy software) • Development … but was confined to the mainframe-world for a long time! Why? Imagine you want to write an operating system, that is: • Secure • Trustworthy • Small • Fast • Fancy but, … Why? Users expect to run their favourite software („legacy“): • Browsers • Word • iTunes • Certified Business Applications • Gaming (Windows/DirectX to DOS) Porting/Rewriting is not an option! Why? „By virtualizing a commodity OS […] we gain support for legacy applications, and devices we don’t want to write drivers for.“ „All this allows the research community to finally escape the straitjacket of POSIX or Windows compatibility […]“ Roscoe, Elphinstone, and Heiser, 2007 What is Virtualization? Suppose you develop on your x86-based workstation running a system Host, a system Guest which is supposed to run on ARM-based phones. An emulator for G running H precisely emulates G’s: • CPU • Memory (subsystem) • I/O devices Ideally, programs running on the emulated G exhibit the same behaviour, except for timing, as when run on a real system G. -
Mos - Virtualization
MOS - VIRTUALIZATION Tobias Stumpf, Marcus H¨ahnel WS 2017/18 Goals Give you an overview about: • virtualization and virtual machines in general, • hardware virtualization on x86, • our research regarding virtualization. We will not discuss: • lots and lots of details, • language runtimes, • how to use XEN/KVM/. MOS - Virtualization slide 3 What is Virtualization? Outline What is Virtualization? Very Short History Virtualization on x86 Example: L4Linux Example: NOVA Example: Karma VMM MOS - Virtualization slide 4 What is Virtualization? Starting Point You want to write a new operating system that is • secure, • trustworthy, • small, • fast, • fancy. but . MOS - Virtualization slide 5 What is Virtualization? Commodity Applications Users expect to run all the software they are used to (\legacy"): • browsers, • Word, • iTunes, • certified business applications, • new (Windows/DirectX) and ancient (DOS) games. Porting or rewriting all is infeasible! MOS - Virtualization slide 6 What is Virtualization? One Solution: Virtualization \By virtualizing a commodity OS [...] we gain support for legacy applications, and devices we don't want to write drivers for." \All this allows the research community to finally escape the straitjacket of POSIX or Windows compatibility [...]" Roscoe:2007:HV:1361397.1361401 MOS - Virtualization slide 7 What is Virtualization? Virtualization virtual existing in essence or effect though not in actual fact http://wordnetweb.princeton.edu \All problems in computer science can be solved by another level of indirection." David Wheeler MOS - Virtualization slide 8 What is Virtualization? Emulation Suppose you develop for a system G (guest, e.g. an ARM-based phone) on your workstation H (host, e.g., an x86 PC). An emulator for G running on H precisely emulates G's • CPU, • memory subsystem, and • I/O devices. -
Demystifying Internet of Things Security Successful Iot Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M
Demystifying Internet of Things Security Successful IoT Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M. Wheeler Demystifying Internet of Things Security Successful IoT Device/Edge and Platform Security Deployment Sunil Cheruvu Anil Kumar Ned Smith David M. Wheeler Demystifying Internet of Things Security: Successful IoT Device/Edge and Platform Security Deployment Sunil Cheruvu Anil Kumar Chandler, AZ, USA Chandler, AZ, USA Ned Smith David M. Wheeler Beaverton, OR, USA Gilbert, AZ, USA ISBN-13 (pbk): 978-1-4842-2895-1 ISBN-13 (electronic): 978-1-4842-2896-8 https://doi.org/10.1007/978-1-4842-2896-8 Copyright © 2020 by The Editor(s) (if applicable) and The Author(s) This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Open Access This book is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this book are included in the book’s Creative Commons license, unless indicated otherwise in a credit line to the material. -
BSD Projects IV – BSD Certification • Main Features • Community • Future Directions a (Very) Brief History of BSD
BSD Overview Jim Brown May 24, 2012 BSD Overview - 5/24/2012 - Jim Brown, ISD BSD Overview I – A Brief History of BSD III – Cool Hot Stuff • ATT UCB Partnership • Batteries Included • ATT(USL) Lawsuit • ZFS , Hammer • BSD Family Tree • pf Firewall, pfSense • BSD License • Capsicum • Virtualization Topics • Jails, Xen, etc. • Desktop PC-BSD II – The Core BSD Projects IV – BSD Certification • Main Features • Community • Future Directions A (Very) Brief History of BSD 1971 – ATT cheaply licenses Unix source code to many organizations, including UCB as educational material 1975 – Ken Thompson takes a sabbatical from ATT, brings the latest Unix source on tape to UCB his alma mater to run on a PDP 11 which UCB provided. (Industry/academic partnerships were much more common back then.) Computer Science students (notably Bill Joy and Chuck Haley) at UCB begin to make numerous improvements to Unix and make them available on tape as the “Berkeley Software Distribution” - BSD A (Very) Brief History of BSD Some notable CSRG • 1980 – Computer Science Research Group members (CSRG) forms at UCB with DARPA funding to make many more improvements to Unix - job control, autoreboot, fast filesystem, gigabit address space, Lisp, IPC, sockets, TCP/IP stack + applications, r* utils, machine independence, rewriting almost all ATT code with UCB/CSRG code, including many ports • 1991 – The Networking Release 2 tape is released on the Internet via anon FTP. A 386 port quickly follows by Bill and Lynne Jolitz. The NetBSD group is formed- the first Open Source community entirely on the Internet • 1992 – A commercial version, BSDI (sold for $995, 1-800-ITS-UNIX) draws the ire of USL/ATT. -
Vmware Technical Journal
VOL. 1, NO. 1–APRIL 2012 VMWARE TECHNICAL JOURNAL Editors: Steve Muir, Rita Tavilla and Ben Verghese VMWARE TECHNICAL JOURNAL TECHNICAL VMWARE SPECIAL THANKS TABLE OF CONTENTS Stephen Alan Herrod, Ph.D. Chief Technology Officer and Senior Vice President of Research & Development 1 Introduction Steve Herrod, CTO Julia Austin Vice President Innovation Programs 2 VisorFS: A Special-purpose File System for Efficient Handling of System Images Olivier Cremel PROGRAM COMMITTEE Banit Agrawal 3 A Software-based Approach to Testing VMware® vSphere® VMkernel Public APIs Jim Chow Lan Xue, Sreevathsa Sathyanarayana, Thorbjoern Donbaek, Ramesh Pallapotu, James Truong, Keith Farkas Sriram Sankaran, Eric Lorimer Steve Muir Javier Soltero 4 Providing Efficient and Seamless Desktop Services in Ubiquitous Computing Environments Rita Tavilla Lizhu Zhang, Wenlong Shao, Jim Grandy Ben Verghese 5 Comprehensive User Experience Monitoring Lawrence Spracklen, Banit Agrawal, Rishi Bidarkar, Hari Sivaraman Questions and Comments can be sent to [email protected] 6 StatsFeeder: An Extensible Statistics Collection Framework for Virtualized Environments Vijayaraghavan Soundararajan, Balaji Parimi, Jon Cook 7 VMware Distributed Resource Management: Design, Implementation, and Lessons Learned Ajay Gulati, Anne Holler, Minwen Ji, Ganesha Shanmuganathan, Carl Waldspurger, Xiaoyun Zhu 8 Identity, Access Control, and VMware Horizon Will Pugh, Kyle Austin 9 VMworld 2011 Hands-On Labs: Implementation and Workflow Adam Zimman, Clair Roberts, Mornay Van Der Walt VOL. 1, NO. 1 2012 1, NO. VOL. VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. -
Modernized Backup for Virtual Environments Open VM and Container Backup with Integration Into Enterprise Backup Platforms
DATA SHEET Modernized Backup for Virtual Environments Open VM and Container Backup with Integration into Enterprise Backup Platforms vProtect Highlights • Support for a wide range of Open VM platforms: • Backup to Amazon S3, Microsoft Azure, Google RHV/oVirt, Nutanix Acropolis, Citrix XenServer, KVM, PowerKVM, KVM for IBM z, oVirt, Proxmox, Swift, Neverfail HybriStor or Data Domain Boost Xen and Oracle VM. • Ability to backup, restore, mount file systems, • Support for backup and snapshot management of RBD volumes, and Nutanix files. Amazon EC2 • S3/S3-compatible backup provider – Nutanix Objects support and proxy support • Support for Kubernetes containers on OpenShift • Kubernetes/OpenShift – token-based authentication • Supports data export into existing backup • Data encryption for Amazon S3, Microsoft Azure environments for integration and long-term storage. Works with IBM Spectrum Protect, Veritas NetBackup, Dell-EMC Networker and Catalogic vStor. API) as well as command line • Multi-node support for better scalability or geographically dispersed environments. • Pre/post snapshot remote command execution on VM to enable operations such as DB quiesce iSCSI, SMB) supported DATA SHEET vProtect Introduction vProtect is an enterprise backup solution for Open VM environments and containers such more. vProtect enables VM-level protection and can function as a standalone solution or integrate with enterprise backup software. Platform Specific Features vProtect provides a wide range of capabilities and makes use of advanced virtualization -
Vmware Vsphere 4.1 Ultimate Bootcamp Course Overview Course
VMware vSphere 4.1 Ultimate Bootcamp Course Overview VMware Ultimate Bootcamp vSphere 4.1 teaches advanced virtualization concepts and explores the VMware vSphere 4.1 product suite. This comprehensive class prepares the student to become a certified professional virtualization expert. The course objective is to instill the knowledge required for the student to do their job efficiently and effectively, starting from installation of the product to real-world troubleshooting issues. The course focus is not limited only to learning and harnessing the power of VMware but the entire concept of virtualization, and other 3rd party tools and technologies that will enhance VMware capabilities and increase the student's virtualization expertise. Course Outline Course Introduction 5m Course Introduction Chapter 01 - Course Introduction and Methodology 5m Learn IT! Do IT! Know IT! Certified Virtualization Expert (CVE) Certification VMTraining's Physical Setup VMTraining's Setup Student to Datacenter VMTraining's Network IP Setup Chapter 01 Review Chapter 02 - Virtualization Overview 47m Why Virtualize? Why Virtualize? - Cost Savings VMware ROI TCO Calculator v2.0 Why Virtualize? - Simplified Management! What is Virtual Infrastructure? What is a Virtual Machine (VM)? Type 1 and Type 2 Hypervisors Cloud Computing VMware vCloud VMware Virtualization Products VMware Go VMware Server 2.0 VMware Infrastructure 3 (VI3) vSphere 4 vSphere 4.1 - New Features vSphere 4.1 Update 1 (2011/02/10) - New Features VMware vCenter Server VMware vCenter Orchestrator VMware -
Asiabsdcon 2008 Proceedings
AsiaBSDCon 2008 Proceedings March 27-30, 2008 Tokyo, Japan Copyright c 2008 AsiaBSDCon 2008. All rights reserved. Unauthorized republication is prohibited. Published in Japan, March 2008 In Memory of Jun-ichiro “itojun” Hagino Our friend and colleague Jun-ichiro “itojun” Hagino (a BSD hacker famous for IPv6 implemen- tation, and CTO of ipv6samurais.com) was working as a member of our program committee, but he passed away on October 29th 2007. Itojun was a valued member of the BSD community both for his technical and personal contributions to various projects over his career. We who are working on AsiaBSDCon would like to express our condolences to Itojun’s family and friends and also to dedicate this year’s conference to his memory. INDEX P1A: PC-BSD: FreeBSD on the Desktop 001 Matt Olander (iXsystems) P1B: Tracking FreeBSD in a Commercial Setting 027 M. Warner Losh (Cisco Systems, Inc.) P3A: Gaols: Implementing Jails Under the kauth Framework 033 Christoph Badura (The NetBSD Foundation) P3B: BSD implementations of XCAST6 041 Yuji IMAI, Takahiro KUROSAWA, Koichi SUZUKI, Eiichi MURAMOTO, Katsuomi HAMAJIMA, Hajimu UMEMOTO, and Nobuo KAWAGUTI (XCAST fan club, Japan) P4A: Using FreeBSD to Promote Open Source Development Methods 049 Brooks Davis, Michael AuYeung, and Mark Thomas (The Aerospace Corporation) P4B: Send and Receive of File System Protocols: Userspace Approach With puffs 055 Antti Kantee (Helsinki University of Technology, Finland) P5A: Logical Resource Isolation in the NetBSD Kernel 071 Kristaps Džonsons (Centre for Parallel Computing, Swedish Royal Institute of Technology) P5B: GEOM—in Infrastructure We Trust 081 Pawel Jakub Dawidek (The FreeBSD Project) P6A: A Portable iSCSI Initiator 093 Alistair Crooks (The NetBSD Foundation) P8A: OpenBSD Network Stack Internals 109 Claudio Jeker (The OpenBSD Project) P8B: Reducing Lock Contention in a Multi-Core System 115 Randall Stewart (Cisco Systems, Inc.) P9A: Sleeping Beauty—NetBSD on Modern Laptops 127 Jörg Sonnenberger and Jared D.