Upload File

containers vs vms for secure cloud applications id: #rsac moderator: panelists: containers vs vms...

  • Home
  • Documents
  • Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich
15
SESSION ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich Chris Hoff CTO @Bromium @simoncrosby SVP Product Docker, Inc CTO Azure Microsoft @markrussinovich VP & CTO Security Juniper Networks @beaker

Upload: trinhthu

Post on 27-May-2018

221 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

SESSION ID:

#RSAC

MODERATOR: PANELISTS:

Containers vs VMs for Secure Cloud Applications

ASD-W04

Simon Crosby Scott Johnston

Mark Russinovich

Chris Hoff

CTO @Bromium

@simoncrosby

SVP Product

Docker, Inc

CTO Azure

Microsoft

@markrussinovich

VP & CTO Security

Juniper Networks

@beaker

Page 2: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

#RSAC

This is an “Intermediate” Level Panel

You know enough to be dangerous about

Docker/LXC, Windows, Linux, Virtualization

Private and Public Cloud Architectures

Our goals

1. Highlight security considerations / challenges for app delivery in VMs

and containers on Public & Private Clouds

2. Offer architectural guidelines to maximize containerized app security

3. Spotlight security roadmap for Docker, Azure, Micro-Services &

Micro-virtualization

2

Page 3: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

#RSAC

3

Page 4: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

4

Page 5: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

#RSAC

5

Page 6: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

6

OS [VM]

App Containers

Cloud Infrastructure

Container Orchestration

Page 7: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

7

Page 8: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

8

Page 9: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

9

Page 10: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

© Bromium 2014 10

Layered Multiplexing VMs Cloud

containers VMs

Page 11: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

11

Multiplexing = Shared Fate

Page 12: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

12

Multiplexing = Shared Fate

Page 13: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

13

Isolation = Protection

Page 14: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

#RSAC

Get involved!

docker.com/resources/security

If your organization is developing cloud apps using containers / VMs

Make security-first a design commitment

Understand the security differences & limitations of containers and VMs

Educate your dev-ops team on the security / compliance challenges of any shared infrastructure environment – even if it is a private cloud

Educate your team on the role of micro-services networking to help to secure cloud based applications

14

Apply What You Have Learned Today

Page 15: Containers vs VMs for Secure Cloud Applications ID: #RSAC MODERATOR: PANELISTS: Containers vs VMs for Secure Cloud Applications ASD-W04 Simon Crosby Scott Johnston Mark Russinovich

#RSAC


Openstack Summit: Networking and policies across Containers and VMs

Spawnpoint: Secure Deployment of Distributed, Managed Containers … · 2018-01-14 · Spawnpoint: Secure Deployment of Distributed, Managed Containers by John Kolb A thesis submitted

TX-2016.TIER New and Next - Internet2 · • Docker containers • Virtual machine images to run the containers • Focus on automation tools • Build containers and VMs ... TIER

How Mobile Malware Bypasses Secure Containers

From VMs to Containers: Decompose and Migrate Old Legacy JavaEE Application

Virtual Infrastructure: VMs and Containers · 2019-01-30 · Virtual Infrastructure: VMs and Containers Andy Bavier and Gopinath Taget ONF ... Deployment Architecture (in the near

Containers, VMs, and Clouds: Oh My!

Microservices for Enterprises - Consistent Network & Security services for Containers and VMs

Secure Your VMs with vSphere and AppDefense - VMware › content › dam › digitalmarketing › vmware … · Secure Your VMs with vSphere and AppDefense Wee Kiong Tan Staff Solution

Containers vs. VMs: Competition Of Co-Existence?

Containers At Scaleslides.eightypercent.net/GlueCon 2014 - Containers At Scale.pdf · Container VMs in Google Compute Engine Cloud VMs optimized for Containers Easiest way to use

Secure Networking with Kubernetes, OpenStack, and …...VMs 1 2 1 Consistent security and network functionality between VMs, containers, or bare metal. … VM Compute Node Nested Container

ViFX Tech Connect: Containers & VMs

Containers > VMs

Heavy and Light Virtualizationurvoy/docs/VICC/1_0_vicc.pdfAround virtualization: management of VMs, containers, virtual network Orchestration of containers Single server level: Docker,

Secure trade and 100% container scanning of containers

Container Security and Sandboxingyiying/cse291j-winter20/reading/Container-Security.pdfLec6: Threats of Containers • Unlike VMs whose interface is hardware instructions, containers’

REF ERENCE ARCHIT ECT URE...any cloud with secure and consistent operations. It provides developer-friendly infrastructure (supporting VMs and containers) and a common approach to

Securing the network for VMs or Containers

VMworld 2014: The Software-Defined Datacenter, VMs, and Containers

The speed of containers, the security of VMs - schd.ws · The speed of containers, the security of VMs Xu Wang, ... Direct Device Assignment SRIOV NVDIMM Multi-OS ... CRI-O, containerd-cri

Game of Hosts - Containers, VMs and Microscaling

EMCW2015 - Containers vs VMs

Containers and VMs and Clouds: Oh My. by Mike Coleman

MGT1776BU vRealize Automation Solves the Container or ... · vRealize Automation Solves the Container Onboarding Conundrum VMworld 2017 ... VMs vs. Containers 9 • Containers share

How to Secure Containers

Contain Yourself: Building Mobile Secure Containers

Trusted Docker Containers and Trusted VMs in OpenStack · Trusted Docker Containers and Trusted VMs in OpenStack ... o Reference Architecture with OpenStack ... Docker Engine –Runtime

Understanding Containers and SAS 9.4 Container Deploymentsupport.sas.com/.../papers/understanding-containers... · Understanding Containers and SAS ... must limit how many VMs run

The Software-defined Datacenter, VMs, and Containers: A ......Containers & VMware NSX • Unified operational model for VMs & containers • Programmable, datacenter-wide connectivity

DockerCon14 Performance Characteristics of Traditional VMs vs. Docker Containers

AMD’s Virtualization August 25, 2016 Memory Encryption · HW MEMORY ENCRYPTION –AMD SECURE ENCRYPTED VIRTUALIZATION Protects VMs/Containers from each other, administrator tampering,

Secure Hybrid Cloud on Z - conferences.gse.org.uk · Before we begin … Docker ™ From VMs …. To containers … Virtual appliance plaPorm Based upon hypervisor Hardware abstracQon

Kata-Containers on openSUSE - FOSDEM6 Lightweight Virtualization Low CPU and Memory Overhead Small and Fast VMs == More VMs == More Kata Containers Small & Fast kernel Little, tailored,

Mobile Fail: Cracking Open "secure" Android Containers [SecTorCA]