Courses and certifications Open Source

Cloud

Application security and multi-cloud networking

24.900 CZK

Price (without VAT)

Days2
2. 12. 3. 12. 2021
virtual
CZ

New trends in the operation of applications, driven primarily by containerization and without running traditional servers, have a significant impact on how applications are designed, networked and secured. Network policies and policies can no longer be managed only at the classic level of network elements. Existing tools designed to protect against attacks called WAF (Web Application Firewall), but they can not protect against errors and communication of the applications themselves and their APIs. This creates the need for a new security approach focused on applications and their API communication.

The training focuses on an introduction to the issues of management, analysis and operation of globally distributed applications and their API interfaces.

Audience

  • NetOps
  • DevOps
  • IT systems designers

Goals

The Application Security and Multi-Cloud Networking training is built as an introduction to the issues of the new approach to application security and their APIs. It deals with current trends in containerization and distributed applications running in different clouds or locations. DevOps, NetOps or Architekt will gain insight into the latest approaches in the field of security API, multi-cloud or service mesh. Most of the topics are demonstrated on the live environment of the labs in the SaaS Volterra environment, where each participant has the opportunity to try everything in a dedicated tenant.

Course guarantor

JAKUB PAVLÍK

Jakub Pavlík works at F5 as Director of Engineering, where he got part of the acquisition of Volterra. He is responsible for running the Volterra Edge platform within F5. Together with his team, he has been working in the field of global cloud platforms for over 6 years. He is also a co-founder and former CTO of tcp cloud a.s. (purchased by Mirantis in 2016).

 

Outline

Introduction to distributed application networking

  • Trends in Cloud Native (transition from static monolithic applications to dynamic distributed microservices)
  • Service discovery and multi-cloud networking (connectivity between public cloud AWS and on-premise)
  • The concept of ADN (Application Delivery Network) - Deployment of micro services across several locations
  • Definition of origin pool
  • Delegation of domains with automatic certificate generation
  • HTTP Load Balancer (Anycast L7 load balancing)
  • TCP Load Balancer
  • Service Mesh in a multi-cloud environment
  • Observability and Troubleshooting - Analysis of metrics and log in the environment of micro services and their use in troubleshooting

 

Application security

  • Key principles for securing applications and their APIs
  • Web Application Firewall Concept (Filtering, monitoring and blocking HTTP traffic)
  • Use Service Policies to define intent instead of standard IP / port firewall rules
  • Discovery of application communication and automatic generation of service policies
  • Use Captcha or Javascript Challenge to protect web applications
  • Identification of PII (personally identifiable information) data in API communication
  • Anomaly detection and machine learning within the service mesh
  • Definition of Rate-Limiting to protect against L7 DDoS attacks
  • Fast ACL and protection against L7 attacks

 

Prerequisites

  • For the course, you need to have a common knowledge of networks, firewalls, the concept of micro services and the application API.

Technical requirements (BYOD)

  • Any OS supported by `kubectl` binary
  • SSH client
  • Web browser

Inquire course

Courses
Submit
* Required field
Cookies help us provide our services. By using our services, you agree to their use.
More information