Scott McCarty

In the beginning there was compiling and static linking. My first programs when I was 10 years old worked like that. Then, we discovered dynamic linking. This was great because we could now patch one library and all of the programs would pick up the change on restart. But we created another problem - dependencies. Throughout the history of computing we have solved one problem and created another. Containers are no different. This talk will walk through why we invented Linux distros and why we… Show more

In the beginning there was compiling and static linking. My first programs when I was 10 years old worked like that. Then, we discovered dynamic linking. This was great because we could now patch one library and all of the programs would pick up the change on restart. But we created another problem - dependencies. Throughout the history of computing we have solved one problem and created another. Containers are no different. This talk will walk through why we invented Linux distros and why we should continue to appreciate them in a world full of container images... Show less

The journey from traditional software deployments to containers in production can be intimidating for newcomers. If you read blogs and trade publications, you will be exposed to a tremendous amount of projects and open source technology. This can make it hard to determine where to start, or how to continue towards the ultimate destination of Kubernetes in production.

Although explaining how to ride a Tron-style light cycle is beyond the scope of this talk, we will discuss something… Show more

The journey from traditional software deployments to containers in production can be intimidating for newcomers. If you read blogs and trade publications, you will be exposed to a tremendous amount of projects and open source technology. This can make it hard to determine where to start, or how to continue towards the ultimate destination of Kubernetes in production.

Although explaining how to ride a Tron-style light cycle is beyond the scope of this talk, we will discuss something almost as exhilarating—the journey from a single container on a single host, to thousands of containers on thousands of worker nodes in a production Kubernetes cluster. This talk will demonstrate that the journey isn’t quite as hard as it might seem. We’ll get you from Red Hat Enterprise Linux to OpenShift with two commands. Come learn how to find, run, build, share and deploy containers using Podman, Red Hat Universal Base Image and OpenShift. Show less

So, you know that containers are fancy processes, and you know that the kubelet, docker engine, runc and the kernel work together to somehow create containers, but you have gaps in knowledge on exactly what happens in between kubectl run (or docker run, or podman run) and ps -ef on a node. If you can’t explain it on a napkin and that drives you nuts, this talk is for you.

En esta charla exploraremos los avances de la tecnología de contenedores en Linux, a nivel de sistema operativo; describiremos el estado del estándar OCI (Open Containers Initiative); analizaremos distintas herramientas alternativas incluyendo CRI-O, Podman, Buildah y Skopeo; finalmente enseñaremos cómo Podman usa las características del kernel de Linux para ejecutar contenedores en escenarios con privilegios limitados.

A todas las personas técnicas se les presentan muchas veces situaciones laborales que son comparables a las que vive un product manager en su actividad diaria. En esta charla, exploraremos la vida de un product manager y las habilidades que éste necesita.

Exploraremos el valor de contribuir a proyectos open source y los beneficios que damos tanto como los que recibimos al hacerlo. No es un juego de suma cero, porque podemos crear valor para todo.

The progress being made in container technology is remarkable, especially now that Kubernetes, along with Mesos and Docker Swarm, are being widely used as the orchestration mechanisms for managing containers in distributed, scale-out computing. Revenue for container software is growing – reaching an estimated $3.5 billion by 2022 – with an additional $1.5 billion just for the orchestration and management software tools for containers. (source: Hurwitz Associates)

With container adoption… Show more

The progress being made in container technology is remarkable, especially now that Kubernetes, along with Mesos and Docker Swarm, are being widely used as the orchestration mechanisms for managing containers in distributed, scale-out computing. Revenue for container software is growing – reaching an estimated $3.5 billion by 2022 – with an additional $1.5 billion just for the orchestration and management software tools for containers. (source: Hurwitz Associates)

With container adoption on the rise, new security strategies are needed to address the unique challenges that containers represent. In this panel discussion, container experts will discuss the security risks of containers and briefly examine many of the multiple approaches that can be taken to achieve security in a container-based environment and a hybrid cloud world. Show less

“Everyone knows that building containers is easy. Or is it? Have you ever wondered if it’s too easy? Are you following all the “best practices?” Which ones are relevant? What about security considerations? In this session, we’ll look at several strategies and provide recommendations for creating container images that can be confidently deployed in production environments. ”

Have you ever wondered how Linux containers work? How they really work, deep down inside? Questions like: How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does the Docker Daemon work? How does Kubernetes talk to the Docker Daemon? How are container images made? In this lab, we'll answer all these questions and more. If you want a deep technical understanding of containers, this is the lab for you. An engineering walk through the deep, dark internals of the container… Show more

Have you ever wondered how Linux containers work? How they really work, deep down inside? Questions like: How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does the Docker Daemon work? How does Kubernetes talk to the Docker Daemon? How are container images made? In this lab, we'll answer all these questions and more. If you want a deep technical understanding of containers, this is the lab for you. An engineering walk through the deep, dark internals of the container host, what’s packaged in the container image, and how container orchestration work. You'll get the knowledge and confidence it takes to apply your current Linux technical knowledge to containers. Show less

Do you understand all of the tools that work together to create a Docker Container? Do you have gaps in how the Open Containers Initiative (OCI) really governs the interaction between all of the tools?

This session will explain exactly how containers are created and how the OCI governs the interactions between the tools and daemons that do it.

As the container development model goes mainstream, the container stack itself is evolving. Now that businesses see the value in containers, development and business focus is moving away from the engine and toward adding more sophisticated capabilities for more direct benefit to the business. Indeed, in just a few short years, containers have moved from a technological “wild west” with no governance, competing technologies, and fractured communities to a more genteel, commoditized IT package… Show more

As the container development model goes mainstream, the container stack itself is evolving. Now that businesses see the value in containers, development and business focus is moving away from the engine and toward adding more sophisticated capabilities for more direct benefit to the business. Indeed, in just a few short years, containers have moved from a technological “wild west” with no governance, competing technologies, and fractured communities to a more genteel, commoditized IT package, complete with standards driven by the cross-vendor Open Container Initiative. Show less

How do you know containers are going mainstream? In a word, “standards.” As more and more organizations adopt Linux container technology, standards are being developed to help communities and vendors innovate while retaining compatibility among container implementations. It’s all good, but it’s also important to understand how different standards do (and don’t) work together—and what they mean for your container deployments moving forward.

Have you ever wondered how Linux containers work? How they really work, deep down inside? Questions like: How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does the Docker Daemon work? How does Kubernetes talk to the Docker Daemon? How are container images made? In this lab, we'll answer all these questions and more. If you want a deep technical understanding of containers, this is the lab for you. An engineering walk through the deep, dark internals of the container… Show more

Have you ever wondered how Linux containers work? How they really work, deep down inside? Questions like: How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does the Docker Daemon work? How does Kubernetes talk to the Docker Daemon? How are container images made? In this lab, we'll answer all these questions and more. If you want a deep technical understanding of containers, this is the lab for you. An engineering walk through the deep, dark internals of the container host, what’s packaged in the container image, and how container orchestration work. You'll get the knowledge and confidence it takes to apply your current Linux technical knowledge to containers.
Show less

Containers offer the promise of portability and agility: the ability to move your applications from a developer's laptop to your internal datacenter, and out to different cloud providers with little trouble right? They offer the ability to spin up new, custom versions of your software to quickly meet contractual deadlines which were signed last minute, or maybe even provide your customers with self service. They start faster, and are easier to move around than virtual machines. Right?

Companies that need to deliver applications quickly and efficiently—and today, what company doesn’t need to do this?— are turning to Linux containers. What they are also finding is that once they get past the “let’s see how these container things work” stage, they are going to end up with a lot of containers running in a lot of different places.

Linux containers are gaining significant ground in the enterprise, which is not surprising, since they make so much sense in today’s business environment. With that said, container technology as we know it today is relatively new, and companies are still in the process of understanding the different ways in which containers can be leveraged.

Interview with Stu Miniman and Dave Vellante on The Cube at DockerCon Austin 2017 - discussed container use cases, things we are seeing in the industry at Red Hat, and the power of Open Source development, even in 2017 and beyond.

Like normal programs, containers really have two different states: running and not running. When a container isn’t running, it’s really just a set of files grouped together in a bundle called a container image. This container image is really just a “fancy file” that has other files in it. When a container is started, the container runtime unpacks the files in the container image and hands them to the operating system. The operating system is then responsible for running the container and… Show more

Like normal programs, containers really have two different states: running and not running. When a container isn’t running, it’s really just a set of files grouped together in a bundle called a container image. This container image is really just a “fancy file” that has other files in it. When a container is started, the container runtime unpacks the files in the container image and hands them to the operating system. The operating system is then responsible for running the container and connecting it to a copy of the files from the container image. The operating system (more specifically the kernel) also limits how much CPU and memory can be used. So, containers are just fancy files and fancy processes handled by the operating system in a slightly different way than regular programs. Show less

Defense in depth is an information assurance technique to protect a system from any particular attack by having multiple independent countermeasures in place. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.

This talk will cover numerous technologies and practices at each layer - from kernel quality, svirt, and SECCOMP, to measuring attack surface, use of root and patch… Show more

Defense in depth is an information assurance technique to protect a system from any particular attack by having multiple independent countermeasures in place. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.

This talk will cover numerous technologies and practices at each layer - from kernel quality, svirt, and SECCOMP, to measuring attack surface, use of root and patch remediation, to platform level authentication and authorization, these are the droids you are looking for.

This talk will help an end user understand the breadth of tooling that is available at each level and how they will help protect their system from intrusions and compromises. Show less

Defense in depth is an information assurance technique used to protect a system from any particular attack - use of blended countermeasures, working together to meet control and governance requirements. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.

This talk will cover numerous technologies and practices at each layer - from kernel quality, SELinux (svirt), SECCOMP, and use… Show more

Defense in depth is an information assurance technique used to protect a system from any particular attack - use of blended countermeasures, working together to meet control and governance requirements. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.

This talk will cover numerous technologies and practices at each layer - from kernel quality, SELinux (svirt), SECCOMP, and use of root, to measuring attack surface, patch remediation, and platform level authentication/authorization, these are the droids you are looking for.

This talk will help an end user understand the breadth of tooling that is available at each level and how they will help protect their system from intrusions and compromises. Show less

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in… Show more

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in production, there are a lot of things to think about when migrating existing applications to containers and running them in production. Show less

Container technology promises greater agility and efficiency when it comes to building and deploying applications—a critical ability in this age of zero tolerance for downtime and great expectations for capabilities on demand. Indeed, containers can provide a technological edge that translates into significant business advantage, but some companies have been leery about adopting the technology because of (very valid) security fears stemming from the way in which containers interact with the OS:… Show more

Container technology promises greater agility and efficiency when it comes to building and deploying applications—a critical ability in this age of zero tolerance for downtime and great expectations for capabilities on demand. Indeed, containers can provide a technological edge that translates into significant business advantage, but some companies have been leery about adopting the technology because of (very valid) security fears stemming from the way in which containers interact with the OS: Containers share system resources for access to compute, networking and storage, but, unlike virtual machines, all containers on the same host share the same OS kernel. If the kernel is compromised, containers will be compromised--and vice versa. Show less

I technical introduction to how Container Images work

A technical introduction to how container hosts work, including Container Engines and Runtimes

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in… Show more

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in production, there are a lot of things to think about when migrating existing applications to containers and running them in production. Show less

One big difference between containers and virtual machines is that containers don’t include a kernel, which is the core part of the operating system that handles essential things like memory allocation and input/output. “A container is essentially a file system without a kernel,” McCarty said in an interview with SiliconANGLE. “You would never break up an operating system in that way, but you do with containers.

A brief introduction to the four main container primitives - Container Images, Container Hosts, Container Registries, and Container Orchestration

Feedback session for the Red Hat Enterprise Linux Business Unit

An introduction of what business problems are solved by containers, as well as the challenges and how Red Hat solves them.

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in… Show more

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in production, there are a lot of things to think about when migrating existing applications to containers and running them in production. Show less

Okay, I just made a lot of claims that require unpacking, so let me give a little deeper explanation. Containers enable innovation through the agility and autonomy they provide. They are lightweight. In the world of virtual machines (VMs) apart from containers, you have a big complex package to maintain because a VM has all the elements of a machine, including the OS, one or more applications, and all the software those applications need have to be managed as one big blob. This can get tricky… Show more

Okay, I just made a lot of claims that require unpacking, so let me give a little deeper explanation. Containers enable innovation through the agility and autonomy they provide. They are lightweight. In the world of virtual machines (VMs) apart from containers, you have a big complex package to maintain because a VM has all the elements of a machine, including the OS, one or more applications, and all the software those applications need have to be managed as one big blob. This can get tricky, and the blob you need in production is different from the one you need in test and development. This causes more errors than you might think (in fact a lot more). Show less

Thinking about how to use OpenShift and OpenStack better together.

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in… Show more

Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in production, there are a lot of things to think about when migrating existing applications to containers and running them in production.
The audience is anyone interested in migrating existing applications to containers and running them in production. This is architects, systems administrators, and perhaps some ops focused developers (release engineers, etc).

This presentation will give operational confidence to people on the fence or just dabbling in containers. This will in turn lead to more shared experience and a bigger community of people running containers for real workloads. Currently, there is an extreme lack of operational confidence. Everyone is inventing the wheels right now. For example, people are just figuring out that they need HA with their registry servers. Second, there is a huge lack of knowledge around how to containerize optimally - one big container, many smaller containers (more difficult). Migrating an existing application is almost a Turing complete problem, we need to start collecting and discussing the best practices more to encourage wider adoption.
Show less

In this talk, we present a foundational understanding of building an enterprise software supply chain and how it is traditionally secured.

Demo and architecture of a resilient high availability cluster using JBoss AMQ and Red Hat Cluster Suite