The main conference day offers 18 sessions, subdivided into three parallel tracks, focussing on topics like Modern Cloud & Container Infrastructure, DevSecOps and DevOps Transformation. And not only that – various surprises await you throughout the day. So it’s worth booking June 29-30 in your calendar, so you won’t miss anything exciting!
Whether you’re working from home or in the office, you decide from where you would like to take part. Save on travel and hotel costs, as well as what matters most: your time!
Our seasoned and trusted DevOps Con speakers are highly experienced with the learning opportunities of online conferences and workshops.
On the main conference day, you can choose from 3 parallel sessions and switch between them at any time.
On the workshop days you can expect live coding and practical exercises on selected topics that cover state of the art technologies.
You will follow the speaker’s presentation via video stream and will be guided through the learning content.
All sessions on the main conference day will be recorded and made available to you after the conference is over. Online workshop participants will also be provided with a recording so they can follow up on the content.
Interaction is a key focus of our online workshops!
With special Q&A sessions, a chat function, and the possibility for audio/video communication, individual questions can be taken into account and the pace of the workshop can be adjusted accordingly.
Virtual Get-Together – an online meeting with our experts in three virtual rooms on predefined topics.
The basic idea behind the DevOps principle is to bridge the gaps between different disciplines of IT and speeding up delivery cycles. You can easily imagine what this means for one as a person and for whole teams. It becomes more difficult when discussing the impact of DevOps for entire organizations and their ways of working. The DevOps transformation has some similarities with the agile transformation most companies are working on. However, DevOps transformation goes further than agile approaches.I will introduce our approach to applying DevOps principles at Hermes Germany and how we are trying to get things right.In my talk I’ll discuss how we aligned business and IT. I will also introduce our approach to developing our people and transforming our organization to make use of the new possibilities both DevOps principles and new technology offers. For example, at the current state of our journey, our organization looks completely different than at the start. And like all journeys, our journey comes with its own obstacles and pitfalls that we needed to solve. I address some of these and show potential solutions.
Stephan ist Leiter der Entwicklungsabteilung bei Hermes Deutschland. Stephan hat die Arbeitsweise in seiner Abteilung geändert und sein Team in ein agiles Devops-Team umgewandelt, das sich kontinuierlich darauf konzentriert, seinen Kunden einen Mehrwert zu liefern. Stephan hat einen technologischen Hintergrund, da er zuvor als Entwickler und Architekt gearbeitet hat. Er spricht auf verschiedenen regionalen Veranstaltungen wie der Java User Group in Hamburg.
Denis is the Director of Field Engineering at Solo.io, a company building application networking solutions for the edge and service mesh. Denis is a passionate engineer who has spent his career in technical roles working directly with customers and users in architecting and adopting technologies like Object Storage, Big Data, Containerization, Service Mesh into their infrastructure. He enjoys sharing what he learns with the community and can be found creating demos, writing blogs, and speaking at events.
Your organization is evolving, moving towards managed services in one of the cloud offerings, but still relying on self-managed servers. Your team is comfortable managing and automating virtual servers, and is able of packaging services on the servers as you need them.You’ve been thinking of moving to containers, but felt too intimidated by the idea of managing your own container infrastructure. Just the idea of learning Kubernetes gives you that eerie feeling every time you think of all the things possibly going wrong. There must be an easier way of getting on board that ship...You’ve learned about the fully managed AWS Fargate service, but there just wasn’t proper justification for taking that route. This talk explores the motivation factors to make that move and start deploying containers within your organization.
Tomislav is a Principal Solution Architect specializing in AWS and Node.js, and a Certified AWS Developer and Cloud Solution Architect. Evolved from building websites in the age of Netscape Composer back in 1998, to providing technical leadership as an independent professional today.
Agile is often presented as something that only works when the entire team is in the same room at the same time. I’m here to shatter that misconception by sharing success stories, along with the tools and processes that make remote agile teams work well.
Audience & Requirements
In this talk I share my experience over the past 20 years as I have worked with large number of companies, both in person and remote. Today I run a remote-first company that successfully implements agile practices.
Michael is the CEO of Andromeda, Product Architect for FlexePark, CTO for Catipult.AI, an International Speaker, a Google Developer Expert in Firebase, and a Microsoft MVP in Developer Technologies. For more than 20 years he has been writing code and geeking out over technology. He is passionate about keeping things simple and focusing on what provides real value to the end user. Michael enjoys speaking at conferences and user groups, and mentoring other developers and entrepreneurs. He is the author of Programming Languages ABC++, Approachable Accessibility, and Architecting CSS.
Developing cloud native applications bring in a lot of complexities for developers. Without using tools to compensate these complexities, you will not become very efficient and often suffer a rising frustration by fighting these problems. Before I push code into Git, I want to test different things in my cloud environment. Therefore it is essential to have a fast and easy round trip. A classic round trip starts by writing or generating code, create a Docker image, deploy it into Kubernetes and test or remote debug the application in Docker or in Kubernetes. Without some elementary tools, this round trip will not be very fast or simple and therefore error prone. This Lab will show you some open source tools, making live as a developer more easy. Short demos will demonstrate the simple handling of these tools. Starting point is the generation of a MicroProfile and a SpringBoot application. By using the different tools (e.g. Helm, Shell completion, kubectl cp, Ksync, Stern, Kubefwd, Telepresence, …) on these applications, the complete round trip will be shown. Most of these tools are language independant. Finally you will get an outlook on tools which are more focused on larger developer teams.
Michael Hofmann is a freelance architect, consultant and developer. He has been gaining project experience for more than 2 decades on the German and international scenes, mainly in the areas of software architecture, Enterprise Java and DevOps. Since 2015, he has been increasingly involved with topics related to microservices architectures. In addition to his project assignments, he is active as a speaker at various conferences or as an author of professional articles and books (current eBook: "Von Monolithen und Microservices: Funktionierende Microservices-Architekturen erstellen").
Before IT organizations can reap the benefits Kubernetes provides for application delivery and orchestration, they must select, install and integrate the required components in the existing IT stack, ensure compliance with the security standards and implement tools and processes for the reliable operations of the container platform. This talk will discuss five pillars of production-grade Kubernetes and demonstrate, how an open-source solution like Rancher can accelerate the initial implementation of Kubernetes significantly and provide operations teams with a single, consistent tool to manage Kubernetes on any infrastructure.
Jan Bruder is a solution engineer at SUSE with a focus on cloud-native technologies, particularly containers and Kubernetes. He has been working with many large enterprise organizations on the adoption of container technology in the cloud, data center as well as industrial IT/OT.
How are you integrating security into the development process? Are you able to test for security without slowing down your developers? We’d like to share our new initiatives in addressing this familiar challenge. Veracode recently announced our new Static Analysis product family, which combines our existing static scan types with a new Pipeline scan. Veracode Static Analysis now incorporates the IDE Scan, which helps developers learn as they code and prevent new flaws, the Pipeline Scan, which provides feedback quickly so that production isn’t halted and the Policy Scan for reporting that satisfies security and auditor requirements. Please join us for this insightful session– we want to hear your challenges, answer your questions, and show you our latest technology and how it can address your application security problems. In this session, you’ll get:
An in-depth look at the industry’s first Pipeline Scan
Information on how Veracode Static Analysis can help you secure your code across the pipeline
Discussion about the value of fast security feedback in the IDE as developers code
Details on how Veracode Static Analysis can help you satisfy policy and reporting requirements
Julian Totzek-Hallhuber ist Solution Architect bei Veracode. Als Spezialist für Anwendungssicherheit mit mehr als 15 Jahren Erfahrung im IT-Sicherheitsumfeld, verfügt er über Expertise in den Bereichen Anwendungsentwicklung, Penetrationstests sowie Sicherheit von Webanwendungen. Zudem ist er Autor zahlreicher Artikel, regelmäßig als Sprecher auf Messen anzutreffen und hat bei Projekten von www.webappsec.org mitgewirkt.
Deep learning achieves the best performance for many computer vision, natural language processing, and recommendation tasks and thus it’s becoming increasingly more popular. However, it’s quite difficult to use deep learning in production as it requires a lot of effort to develop proper infrastructure for serving deep learning models.Platforms for serverless computing, such as AWS Lambda, provide a good alternative: they take care of scaling up and down and offer attractive pricing based only on actual usage. These platforms, unfortunately, have other limitations that make it problematic. In this talk, we show how to come around these limitations and be able to use AWS lambda and TensorFlow to serve deep learning models. We also discuss important maintenance aspects such as cost optimization, monitoring, deploying, and release management. Finally, we cover the limitations of AWS lambda, compare it with “serverful” solutions, and suggest workloads for which serverless is not the best option.
Alexey is an experienced Software Engineer with a focus on Machine Learning. Currently, he works at OLX Group as a Senior Data Scientist where he mostly deals with content moderation and image processing models. He has been doing software engineering for more than 10 years, 6 of which he spent working with Machine Learning.
Alexey is a book author (Mastering Java for Data Science), technical reviewer, Kaggle master and machine learning competition winner.
Der Markt verlangt von Unternehmen immer schnellere Reaktionen auf wechselndes Kundenverhalten und etabliert somit eine On-Demand-Kultur. DevOps-Methoden haben sich bewährt, um diesen neuen Anforderungen gerecht zu werden. Dabei ist es unabdingbar, die CI/CD-Pipeline, Container und Webanwendungen sicher zu betreiben.Im Webinar zeigen wir, wie Sie:
Sicherheitsprobleme in Ihrer DevOps-Umgebung frühzeitig erkennen;
Schwachstellen, Malware sowie sensible Daten, wie API-Schlüssel und Passwörter, in Ihren Docker-Container-Images zeitnah aufspüren;
Richtlinien durchsetzen und ausschließlich richtlinienkonforme Container betreiben;
in nur zwei Minuten codebasierte Sicherheit in Anwendungen integrieren können, ohne dass zusätzliche Codeänderungen oder Regeln erforderlich sind.
Thomas Fecke ist seit 2019 als Sales Engineer bei Trend Micro tätig. Mit seiner technischen Expertise unterstützt er Kunden, Partner und Vertrieb. Sein besonderes Interesse gilt dabei dem Thema DevSecOps.
Der Fachinformatiker für Anwendungsentwicklung kann auf mehrjährige Erfahrung im Bereich IT-Sicherheit bei Herstellern und Distribution zurückblicken. Zuvor war er als IT-Administrator bei verschiedenen Unternehmen beschäftigt.
Traditional software development occurs in phases, where QA, security and other roles act as gatekeepers to production. This leads to silos, delays and it doesn’t scale. So, instead of waiting for a human to decide what is and isn’t valid, learn how to use automation to continuously enforce standards in your software. Let’s turn gatekeepers into build breakers!
Michiel Rook ist ein sehr erfahrener, leidenschaftlicher und pragmatischer freiberuflicher IT-Berater aus den Niederlanden. Als Coach, Softwareentwickler und -architekt sowie als starke Führungspersönlichkeit sieht er es als seine Aufgabe an, Unternehmen dabei zu helfen, ihre Softwarequalität und ihren Lieferprozess deutlich zu verbessern. Derzeit konzentriert er sich auf die Einführung von Continuous Delivery und DevOps-Prinzipien, Kultur und Tooling, Legacy-Software-Transformationen und Cloud-Migrationen.
Michiel ist regelmäßiger Sprecher auf (internationalen) Konferenzen und Veranstaltungen. Wenn er nicht gerade über Continuous Deployment, DevOps oder Event Sourcing nachdenkt, interessiert er sich für Musik, Autos, Sport und Filme.
Investigating production issues in a microservice architecture can make you feel like Sherlock Holmes, searching through evidence and gathering sources to recreate the scene of a crime. Often, this investigation involves digging into multiple log stores and dashboards to piece together an understanding of an issue. This is costly for engineering teams and customers – time spent sifting through clues only further delays the resolution. Distributed tracing can help. With distributed tracing, we see a request’s path through a complex system. But is that enough? At Netflix, we have taken distributed tracing, added in log correlation (with high-quality, detailed logs) and layered analysis on top. Not only does this reduce time for engineers to understand the root cause of an issue, we’ve provided this tool to customer operations, empowering them to understand the root cause and escalate with clarity. You’ll leave this talk with an understanding of distributed tracing and how to supplement traces with logs. You’ll see examples of how to shape your logs to clarify the business logic underneath a microservice’s response, and you’ll understand how tracing is the lynchpin to the type of detailed insights that will cut down on the cost of your team’s operational burden.
Elizabeth Carretto is a Senior Software Engineer at Netflix on the Platform Experiences team, where she builds UIs for the observability space. She enjoys building tools that help engineers quickly understand the root cause when they get paged in the middle of the night.
Do you want to make sure your workload doesn't crash your cluster? In this hands-on session, we show how to enforce limits on Pods. We will help you understand how the scheduler works and what the eviction (kubelet) is for. We will also discuss PodPriority, which is used to kill lesser important Pods in favor of the more important ones.
Erkan Yanar is an Open Source enthusiast. Starting with Linux on Kernel 2.0.36, he first worked as a MySQL DBA and Linux admin. Later, he helped build OpenStack installations and did containers even before Docker existed. Erkan has been working with Docker and Kubernetes from the start. Besides having a profound understanding earned by supporting many customers with Kubernetes, he also gives training about Kubernetes. He is a regular speaker at many conferences.
Julian Klodzinski ist Sales Engineer bei Harness mit langjähriger Erfahrung in den Bereichen DevOps und agile Transformationen, Prozessoptimierung und Full-Stack-Entwicklung. Julian begleitet Harness-Kunden bei der Vereinfachung Ihrer Software Delivery Prozesse mit einer Vielzahl von Modulen, darunter Continuous Integration, Continuous Delivery, Feature Flags und Cloud Cost Management.
SSH connections reach the most sensitive systems in your infrastructure. Many organizations treat them with less login scrutiny than expense report applications. SSH should be integrated with SSO and other layers of security and logging without bogging down DevOps teams.
Organisations are speeding up their digitalisation and cloud adoption process. To achieve business agility in the competitive global market, protect the brand reputation, many businesses are turning to DevSecOps.
But it's not as simple as it might look to roll out a successful DevSecOps program. In this talk Ema will share what are the other industry related drivers to increase secure coding hygiene, what are the challenges, how business roll out secure coding program. Ema will also cover the most frequently seen vulnerabilities across all languages that are specific to DACH region, how they related to OWASP Top 10 and SANS Top 25 and link those vulnerabilities to major cyber incidents.
Ema Rimeike is delivering innovative cyber technologies to customers in DACH for the past 10 years. She holds Masters in Cyber Security and is currently a candidate for PhD in Cyber Security and Software Security. Ema's passion is in Software Security, AI, ML, Incident Response, Threat Intelligence space. She is involved in Quantum Computing research that focused on which cyber security skills will be of highest demand in Quantum Computing world and how cyber security will be acted upon in the world of machines.
In diesem 45-minütigen Webinar erstellen wir gemeinsam mit unserem Kubernetes-Experten einen Kubernetes Cluster und deployen eine erste Applikation. Dabei bringen wir Ihnen die Grundlagen von Kubernetes näher und gehen unter anderem auf folgende Themen ein:
Simon Pearce is a System Architect at SysEleven in Berlin Germany since 2013. He has over 15 years of experience in the web hosting industry. With a focus on building distributed systems on public and private clouds. He is responsible for the kubernetes service team at SysEleven. Working on improving the experience of running multiple kubernetes clusters on a openstack cloud with a quobyte storage cluster.
Operators are extensions to Kubernetes that simplify application install and management by leveraging on manage applications Custom Resources.
The Kubernetes Operator pattern tries the emulate the role of an human operator, who uses their deep knowledge of the application to install, operate and debug it. The Kubernetes Operators search to automate these tasks and facilitate the whole application life-cycle.
In this talk, we will explain how do we use Kubernetes Operators at OVHcloud, and how the help us to operate our Managed Kubernetes service at scale.
We will illustrate the talks with three concrete examples: Harbor Operator, LoadBalancing Operator and our incoming NodePool operator.
Spaniard lost in Brittany, coder, speaker, dreamer and all-around geek.
After some years as Warp 10 frontend leader as Cityzen Data (now SenX, Horacio currently works as
developer advocate at OVHcloud. He is the co-founder and leader of the @FinistDevs.
Horacio is a Google Developer Expert (GDE) in Web Technologies and Flutter. He loves web development
in general and everything around Web Components and standards web in particular.
Containers are all the rage these days. They’re fast, they make deployment easy, they handle dependencies, they slice, they dice, they make julienne fries! But… what are they? What exactly is a container and how does it work? Just how does a container differ from the “old” silver bullet, virtual machines?
Here’s a hint: It has nothing to do with boats, or whales, or shipping. That’s all marketing fluff.
Containers are simply a shorthand name for leveraging newer features of operating system kernels that let the OS lie to programs about how they’re running. In fact, all of modern software is built on lies. That’s what’s useful about it!
To understand how that works, why it’s so useful, and where it’s not, let’s dive into how software actually works on a modern Linux system to see how those kernel features fit into the big picture, building up to “containers” along the way. Pull back the veil of lies and see how your computer really works.
Larry Garfield has been building websites since he was a sophomore in high school, which is longer ago than he'd like to admit. Larry was an active Drupal contributor and consultant for over a decade, and led the Drupal 8 Web Services initiative that helped transform Drupal into a modern PHP platform.
Larry is Director of Developer Experience at Platform.sh, a leading continuous deployment cloud hosting company. He is also a member of the PHP-FIG Core Committee.
Larry holds a Master’s degree in Computer Science from DePaul University. He blogs at both https://platform.sh/ and https://www.garfieldtech.com/.
Some DevOps transformations flourish, but many others are stalling. Why is that? This talk will make the case that Operations is the most predictable differentiator.
So much of the energy in DevOps has been about activities that start in Dev and move towards Ops — continuous delivery, deployment pipelines, automated testing, and of course, the unofficial mantra of “deploy, deploy, deploy.“ However, when it comes to Operations, too many DevOps transformations maintain the status quo and leave questionable Operations practices in place.
This talk will first examine the trouble with the various siloed, ticket-driven, low trust, and centralized practices that have been accepted in Operations for far too long. Then we will look at the specific techniques used by high-performing Operations organizations who are fundamentally transforming how they operate.
Damon Edwards is a Co-Founder of Rundeck Inc., the makers of Rundeck, the popular open source runbook automation. Damon has spent the past 19 years working with both the technology and business ends of IT Operations and is noted for being a leader in porting cutting-edge DevOps techniques to large-scale enterprise organizations. Damon is a frequent conference speaker and writer who focuses on DevOps, SRE, and Operations improvement topics.
Sebastian Meyen is Chief Content Officer at S&S Media. He has been actively involved with the IT industry for more than ten years. As a journalist he is constantly in touch with thought leaders in software development and architecture. He is editor in chief of the German speaking Java Magazin and program chair of the JAX conferences since 2001. Prior to joining S&S Media, he studied philosophy and anthropology in Frankfurt, Germany.
By embracing DevOps methodology we are living in a different era: one in which the speed of new releases of software products is necessarily much higher than in the past: "Users in the business are happy with that, but security people have a lot of trouble with it". Part of the solution is the integration of automated security testing in the DevOps toolchain. This is crucial to be able to intervene quickly and on time. Every time a new version of application or process is introduced, you know that security is fact-based. This approach is also known as Evidence Based Security Testing. Topics covered are:
How companies can integrate automated security testing into the DevOps toolchain
Example from practice
Evidence Based Security Testing
Presentation is about the following kind: Security Testing, DevOps, Agile Test Automation, Test Tooling, FitNesse, Zap Top 10 OWASP, CI/CD.
Rachid Kherrazi is Unit Manager Testing at Akka Technologies in the Netherlands, a ICT service provider in the High Tech Industry. During his career Rachid obtained experience in quality departments within several companies, but mainly High-tech Industry. Rachid developed strong skills in test automation, test process improvement and project management. Currently he is working on several Testing projects within the Dutch high-tech sector and he is involved in several academic research initiatives focused on Model Based Testing within Europe. Rachid Kherrazi obtained his Master on electrical engineering from the Technical University of Errachidia (Morocco), is a Six Sigma Certified Black Belt and recently obtained his license as an iSQI Certified Model Based Trainer.
If you’ve been using Terraform just by following the official documentation, you are not getting all from it. As soon as one cloud provider announces a new service or a feature, you dream that Terraform has zero-day support for it. Well, it is not always like this, and I will show what we can do about it. Are you using Terraform and keep asking yourself why I should copy-paste so much? What if you need to manage more than a dozen resources with Terraform (e.g., hundreds of GitHub repositories with permissions, or hundreds of IAM users and their permissions)? How can I use Terraform with GitHub Actions to act as an onboarding tool? What is beyond Terraform modules? What is a really dynamic module and what Terraform 0.12 will help us with? Let's see the advanced solutions of how Terraform can be extended, integrated, executed, or merely hacked to get the job done with the help of external open-source services and integrations.
Anton is AWS Community Hero and helps companies around the globe build solutions using AWS and specializing in infrastructure as code, DevOps, and reusable infrastructure components.
He spends a large amount of his time as an open-source contributor on various Terraform & AWS projects and enjoys solving real cloud architecture tasks and makes them available as open-source. His most successful projects are a collection of Terraform AWS modules (terraform-aws-modules on GitHub) downloaded more than 5 million times, ebook describing Terraform best practices established in the community (www.terraform-best-practices.com), and modules.tf.
Anton co-founded and co-organizes AWS, DevOps, HashiCorp User Groups in Norway, DevOpsDays Oslo, and often speaks at various technical meetups and conferences.
Digital transformation requires transformational talent. As more organizations move forward with DevOps, the principle of "shifting left" is opening up opportunities for developers, operational staff, security and others to supplement their core competencies with a broad set of general skills so as to migrate from an I-shaped specialist to multi-dimensional T-shaped professional. T-shaped practitioners are in the highest demand in the talent market today. For most IT professionals, it’s easy to identify the depth of knowledge that forms the stem of the T (e.g., developer). Grooming the right skills for the right role at the top of the T (e.g., testing) can be more challenging. In this session, Jayne Groll will explore emerging trends in DevOps skills modernization by presenting the benchmarks, and insights from the first Upskilling: 2019 Enterprise DevOps Skills Report. The fact-based report was fielded by the DevOps Institute and is based on a detailed global DevOps open community survey as well as interviews with several enterprises, industry and hiring leaders. Groll will also help attendees understand the characteristics of the T-shaped model and provide guidance for getting started in building personal and organizational learning paths.
Jayne Groll is co-founder and CEO of the DevOps Institute (DOI). Her IT management career spans over 25 years of senior IT management roles across a wide range of industries. Her expertise spans multiple domains including DevOps, Agile, ITIL and Leadership.
Jayne is a recognized and respected IT thought leader and influencer. In addition to authoring the Agile Service Management Guide, Jayne has co-authored several IT position papers including “Modernizing IT Operations in the Age of DevOps” that was published in 2018 by IT Revolution.
Jayne is very active in the global DevOps, ITSM and Agile communities and is a frequent presenter at local, national and virtual events.
Agile DevOps organizations often still rely on legacy AppSec solutions such as static and dynamic Application Security Testing and Web Application Firewalls which produce a lot of False-Positives and don’t fit very well in today’s processes. With Application Instrumentation we can protect applications from inside out. Faster, more efficient, significant better security, more scalable.
Contrast Security is a comprehensive AppSec platform combining Interactive Application Security Testing (IAST), Software Composition Analysis (SCA) and Runtime Application Self Protection (RASP). Contrast automatically detects and fixes vulnerabilities and defends against targeted attacks and bots – no scanning or scheduling required. Contrast is not a scanner or static analysis tool. Instead, Contrast uses software instrumentation to both find vulnerabilities and block attacks. The instrumentation approach provides access to not only the code and HTTP traffic, but also full data flow, control flow, configuration, libraries and frameworks, architecture, and much more. This wealth of information yields to incredible accuracy. And because Contrast is fully embedded throughout your SDLC and provides results in real time, you can provide security at DevOps speed and portfolio scale.
- Challenges of agile development and security teams
- Burden of legacy AppSec tools in SSDLC
- How Application Instrumentation works
- How fully embedded AppSec model speeds up your processes
Roman has vast experience in the Application Security domain across multiple sub-segments, encompassing, IAST, SAST and Open Source analysis (SCA). Throughout his career Roman has advised companies across multiple sectors to address their AppSec needs - enabling them to validate their decision making criteria against industry standards.
Prior to his career as a Sales engineer, Roman was a Java Developer which enables him to understand the Dev and DevOps needs from first hand experience of navigating though multitude of tech stacks, methodologies and architectures.
Docker multi-stage builds were announced 2 years ago, but sadly not all developers are using them.
Using multi-stage builds can result in a much more secure and smaller Docker image. In some cases, you can take a Docker image from 700MB to 20MB, which makes a big difference in the context of CI/CD. In this talk, we will see how to use multi-stage Docker builds and the best practices around them.
Guy Salton is a Solution Architect specializing in the fields of DevOps, Cloud Computing, Kubernetes, Containers, CI/CD and Infrastructure.
Guy shares his technical knowledge by speaking at conferences and Meetups around the world in addition to publishing DevOps-focused blog posts and delivering online webinars.
Heutzutage läuft eine Software nicht für sich allein, sondern agiert mit anderen. Die Kommunikation erfolgt meist über verschiedene Protokolle, sprich: über verschiedene Infrastrukturkomponenten. Gerade beim Testen stellt sich die Frage, wie der Entwickler Tests so schreiben kann, dass sie von einem bestimmten Infrastruktur-Set-up unabhängig sind. Meistens gelingt es nicht und dann wird dieser Teil der Software erst spät bei den End-2-End-Tests geprüft. Doch gerade mit Microservices und dem Paradigma "Wenn etwas schiefläuft, dann so schnell wie möglich" möchte der Entwickler schon zu einem früheren Testzeitpunkt, z. B. bei Entwicklertests, erfahren, wenn in diesem Teil der Software etwas nicht stimmt. Zudem macht die Infrastruktur nicht beim Anwendungscode halt. Mittlerweile wird Infrastruktur immer mehr mit Hilfe von Code (Provisionierungsskripte, Dockerfiles, (Shell-)Skripte etc.) beschrieben und automatisiert. Auch bei diesem Code möchte der Entwickler sicher gehen können, dass er so funktioniert wie erwartet. Dieser Vortrag zeigt anhand einer Java-Anwendung, wie man mithilfe von 3rd-Party Libraries die Infrastruktur in den Tests der Anwendung einbinden kann, ohne sich gleich von einer bestimmten Infrastruktur abhängig zu machen. Darüber hinaus, wird darauf eingegangen, wie die Qualität des Infrastrukturcodes gesichert werden kann, angefangen bei klassischen Provisionierungswerkzeugen bis hin zu Containern.
Sandra Parsick ist freiberufliche Softwareentwicklerin im Java-Umfeld. Seit 2008 beschäftigt sie sich mit agiler Softwareentwicklung in verschiedenen Rollen. Ihre Schwerpunkte liegen im Bereich der Java Enterprise Anwendungen, agilen Methoden, Software Craftsmanship und in der Automatisierung von Softwareentwicklungsprozessen. Darüber schreibt sie gerne Artikel und spricht gerne auf Konferenzen.
In ihrer Freizeit engagiert sie sich in der Softwerkskammer Ruhrgebiet, einer Regionalgruppe der Software Craftmanship Community im deutschsprachigen Raum. Außerdem ist sie Java Champion und Mitglied im Oracle Groundbreaker Ambassador Programm.
What does it mean for our software and systems to be resilient during a global pandemic? What does Resilience mean when there's not only technical impact, but it affects the talented engineers tasked with keeping it all running? What does it mean to be Resilient as we all adjust to the "new normal" we're confronted with? We'll discuss the questions and some potential answers, through the lens of how the Netflix Critical Operations & Reliability Engineering (CORE) team grappled with the situation and what we're thinking for the future.
J. Paul Reed began his career in the trenches as a build/release and operations engineer. After launching a successful consulting firm, he now spends his days as a Senior Applied Resilience Engineer on Netflix's Critical Operations & Reliability Engineering (CORE) team, focusing on incident analysis, systemic risk identification and mitigation, applied Resilience Engineering, and human factors expressed in the streaming leader's various sociotechnical systems.
Easy-to-understand monoliths are giving way to distributed systems: microservices, serverless, meshes, and proxies in every possible combination. These systems offer developers the freedom to build new features and technology faster, as they are no longer beholden to the elaborate release processes associated with monolithic architecture.
But, like all good things, there is a price: distributed systems are inherently difficult to operate and maintain. When something breaks—which it invariably will—how can you quickly comb through the myriad dependencies? How can you separate good hypotheses from bad ones?
Learn how observability helps developers understand multi-layered architectures: what’s slow, what’s broken, and what needs to be done to improve performance.
Yoann Lechevallier works at Lightstep as a Solution Engineer based in London. Prior to Lightstep, Yoann worked as a Professional Service consultant at Splunk, IBM. While at ATOS, he was a benchmark engineer working on the development of a NUMA server. Yoann worked also for several startups such as BlueData and Seanodes as Solution Engineer and consultant.
Modern software demands velocity, and traditional “outside in” scanning and firewalling are creating bottlenecks and slowing things down. In this talk, Jeff will approach application security from the “inside out”. We will show you how to create simple agents that get inside a running application (like a profiler or debugger) and give you access to everything you need for fantastic security observability. We’ll demonstrate real agents that identify vulnerabilities without changing any code, scanning, or extra steps. We’ll identify vulnerabilities, analyze access control, and even prevent RCE attacks. Unlike scanning and firewalling, this approach establishes a safe and powerful way for development, security, and operations teams to collaborate. We’ll discuss how software security instrumentation works, how it’s being used in many organizations, and the implications for the practice of application security.
Jeff Williams is the co-founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API (ESAPI), OWASP Application Security Verification Standard(ASVS), XSS Prevention Cheat Sheet, WebGoat and many other widely adopted free and open projects. Jeff is the co-founder and the CTO of Contrast Security. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.
It is clear that utilising the cloud is a trend that continues to grow. It is important to realise that risks and challenges grow at a similar or higher rate. In this talk Taco Scargo will highlight 10 tips everyone can benefit from on their journey into the cloud and DevSecGitOps. Learn how companies like Apple, Netflix, Twitter and Uber benefitted from the technology solutions from D2iQ.
Taco Scargo, an experienced solution engineer, is known for helping, educating, and supporting customers as they develop their strategic distributed infrastructure solutions. Currently working as a Senior Solution Engineer for D2iQ in EMEA, Taco is widely known for his passionate talks. While his speaking engagements have taken him around the world, Taco is proud to call The Netherlands home.
Applications built over the years carry historical design assumptions, such as that a few hours of downtime for maintenance upgrades every six months is acceptable. Today, embracing continuous delivery practices means more frequent releases, which means more downtime.This is the problem Poppulo faced and successfully overcame, going from monthly deployments with a couple of hours of downtime to zero-downtime deployments on demand. Pierre Vincent will show that by mapping out a deployment process, it becomes possible to progressively reduce its impact on users. He will also give practical advice on how to avoid downtime, such as online database migrations or progressive application rollouts. Finally, he will go through the operational improvements required to have consistent, repeatable, and observable deployments so that you can have the confidence to run them with live traffic.Zero-downtime deployments don’t mean that everything stays up, or that everything is immediately running the latest version; they simply mean users don’t notice a thing while all this is happening.
Originally from a software development background, the rise of DevOps drove Pierre Vincent to become more involved in how systems actually run in the real world and how he could make a difference helping others care about the applications they release to production.
Pierre is currently Head of SRE at Glofox, where he’s responsible for the continuous delivery platform and the operations of the cloud infrastructure.
Pierre is also a certified OSCP penetration tester and loves a good challenge on HackTheBox!
DevOpsCon Berlin 2020 Online Edition will be performed with the video platform bigmarker.com. You can easily take part with your internet browser, with no need to install any additional software.
Teilnehmen und Gewinnen!
Ausgefeilte Ingenieurskunst und modernste Technik vereint in einer Drohne: Mit der Mavic-2-Pro und ihrer ikonischen Hasselblad-Bildqualität, entdeckt ihr die Welt der Luftbildfotografie in herausragender Detailgenauigkeit völlig neu.
Meldet euch jetzt für die Online Edition an und gewinnt mit etwas Glück eine Mavic-2-Pro-Drohne im Wert von 1499 €!
Main conference day for free for all registered attendee of any DevOpsCon Edition 2020! Attendees will also receive a 25 % discount for the workshop day. The invitation will be send to the email address used for the conference registration.