GlueCon 2017 Session Descriptions
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Day 1 - Wednesday, May 24, 2017
7:30a - 5:00pRegistration Open
7:30a - 8:30aDanishes and Coffee
8:30a - 8:45aOpening Remarks - Eric Norlin
8:45a - 9:15aKeynote: Taking Kubernetes Mainstream: What Will it Take to Grow Users by 10x? Joe Beda and Craig McLuckie, Heptio - - Kubernetes has taken the container world by storm and is a strong platform for orchestration and sustainable management of container based applications. During this session we will talk about some opportunities we see to make Kubernetes accessible to more general developer audiences, drive relevance for new classes of workload, and provide even more value to the overall developer community. We will talk about the set of simple abstractions necessary to unlock value for new classes of users experiencing Kubernetes for the first time, delve into the complex topic of application configuration management, and discuss the value of a stable base with robust extensibility points as necessary to the growth of the community. We will also take the time to review the emerging needs of operators building and running 'internally multi-tenant' clusters and cluster hosted services in larger organizations.
9:15a - 9:30aKeynote: The Service Mesh - Oliver Gould, Buoyant - - You’re using Docker. You’re on Kubernetes. You’re building microservices. And now you’re fully ready to scale to arbitrary workloads and gracefully handle partial failures. Or are you? In this talk, former Twitter engineer Oliver Gould describes a critical component of every cloud native application: the “service mesh” that defines how services communicate with each other, shed load, and propagate failure. He traces the lineage of the service mesh from client-specific implementations, to libraries like Finagle, Hysterix, and Stubby, to modern proxy-based incarnations like Linkerd. If you’re writing cloud native applications today, the service mesh is a critical part of ensuring that they can be fast, scalable, and reliable.
9:30a -10:15aKeynote: Second Chances - Catherine Hoke, Defy Ventures - - - What if you were only known for the worst thing you’ve done? Defy Ventures “transforms the hustle” of people with criminal histories (both inside and outside of prisons nationally). Think of Defy like Khan Academy merged with Techstars for people with criminal histories. Defy recognizes the entrepreneurial nature of drug dealers and gang leaders. They equip proven street hustlers to go legit by providing entrepreneurship training, character development, Shark Tank-style pitch competitions, startup incubation, and executive mentorship. Defy grads have a 95% employment rate and a 3.2% recidivism rate, and Defy has incubated and financed 165 of its grads’ startups. Defy plans to serve 10,000 incarcerated people in the next three years.
10:15a -10:30aMorning Break
10:30-10:45Keynote: How to Build an API in 15 Minutes - David Okun, IBM - - Can you really build an API in 15 minutes? With LoopBack, the open-source Javascript framework for APIs, you can! LoopBack, based on Express, makes creating and extending a basic CRUD API painless. LoopBack handles the drudgery so you can concentrate on what's important: your data, your users, and bringing the two together with a stable, well-designed, and well-understood API.
10:45a - 11:00aKeynote: The Importance of Personal Storytelling - Lorinda Brandon, Capital One DevExchange - - Happily, we're emerging from the crazy days of content farms but that doesn't mean content marketing is dead. In fact, it has taken a healthy pivot that is much more knowledge-focused and community-oriented. Let's talk about what developers want to read about and, more importantly, what they want to write about.... and how to make that all happen.
Breakout 1Breakout 2Breakout 3Breakout 4 (Spruce)Breakout 5 (Fir)Breakout 6 (Birch)
13 A Node.js Application Framework for Building Command Line Programs, Microservices, and REST APIs -- Will Shulman, mLab - - is an open source Node.js framework for building microservices and APIs created by and used in-house at mLab to build many of its internal services. In this talk Will Shulman, CEO and co-founder of mLab, will discuss the major components of the framework and show you how it can be used to build, document, and test your APIs.API Modeling Framework: A Toolbox for Interacting With API Specs
Antonio Garrote, Mulesoft - - MuleSoft's API Modeling Framework (AMF) provides a way for developers to interact with API specifications written in either RAML or OpenAPI. This talk will give an overview of AMF, a set of tools to model, query and expose all aspects of an API specification. During this talk, we will go through several use cases, some simple and some more complex ones, to showcase how this can be useful at all stages of the API design process. We will show how AMF stores model and data for the model in a single unified data graph, and how it persists and allows querying using a declarative language. We will also show how, thanks to the formal qualities of the tools, automatic reasoning can be used to add inferred data to the model in order to solve particular data integration scenarios.
Small, Fast, Memory Safe Network Proxies: Rust Meets the Linkerd Service Mesh
Carl Lerche, Buoyant - - Network proxies should be small and fast, which usually means they must be written in native code. In light of recent buffer-overflow vulnerabilities like Cloudbleed and ImageTragick, can these proxies also be memory-safe? In this talk, Carl Lerche, author of the Tokio library, describes the use of Rust, a fast, memory-safe language with zero-cost abstractions, to write native code proxies as part of the Linkerd service mesh.
Debugging the Debugger: Why Your Debugger Doesn't Work When You Need it To Samy Bahra, Backtrace - - In this presentation, we will take you on a journey to some of the darkest and most confusing pits of systems programming involving debug formats, compilers and process control. We will describe situations where debuggers have failed you, why and how they can be addressed. These failures include missing critical data, corrupted output, performance bottlenecks and more. Even a single snapshot of application state can yield important clues that can reduce time to resolution. This ranges from the classes of instructions involved, to run-time breadcrumbs from the garbage collector or memory allocator, to the relationships of objects in application memory. We will take a tour of commonly neglected areas of application state whose exploration can greatly reduce time to resolution of common classes of bugs. Various aspects of popular debuggers such as GDB and LLDB will be analyzed, including performance and debug information handling. Some of the worst bugs are ones that leave engineers with no visibility into application state. Perhaps a process is unable to dump core on your filesystem, or your debugger hangs extracting application state or your compiler has completely optimized out a crucial piece of information. What are the common pitfalls and how can they be resolved? We will investigate real-world situations where standard symbolic debugging techniques are insufficient or fail and how some of those situations can be mitigated.The Ansible Container Project: Lessons for Doing Containers as Part of the SDLC - Joshua Ginsberg, Chief Architect, Redhat Ansible --Containers offer unparalleled potential for more scalable, reliable, and secure services, however adoption has been slow, in no small part because the majority of the tools and techniques we’ve developed over the last 30 years simply aren’t useful in a containerized ecosystem. Ansible has taken the automation landscape by storm precisely because it’s so universally adaptable, and the Ansible Container project has brought the power of Ansible tools and experience to the container world. In this talk, we introduce Ansible Container, and how it uniquely offers building and running containers using the simple, powerful, and agentless software development lifecycle Ansible Core delivered to the rest of IT.Kubernetes in the Wild: Building a Content Delivery Network on Kubernetes -- Daniel Bartholomew, - - In this session Daniel will discuss how to use Kubernetes to build a distributed system of reverse proxies, like a Content Delivery Network. This technical talk will take a deep dive into how to run reverse proxies in Kubernetes to accelerate and secure websites, and how Kubernetes can be globally deployed to form a Content Delivery Network. He will go over how uses Kubernetes to manage a global network and the challenges encountered along the way.
12:00p -1:00pLunch
1:00p -1:30pNetworking with Exhibitors
Afternoon Tracks and Workshops
Track 1: APIsTrack 2: From Bare Metal to Containers to ServerlessTrack 3: Automation, Testing, Monitoring and AnalyticsBreakout 4Breakout 5Breakout 6
1:30p -2:10pWhy I Tried to Build an API for Automatic Troll Detection -- Jonathan Michaux, Restlet - - Trolls are individuals that exhibit toxic behaviour and disinform communities, and today’s social networks and social media are crawling with them. Even the CEO of Reddit was trolled beyond reason on his own social network. In this talk, we’ll explore the extent to which it is possible to use AI technology to mitigate this issue, and how such a solution could be deployed through a web API. The result provides fascinating insights into the relationship between society and technology and its potential for the future. Announcing A New Resource for Extending & Leveraging the Power & Flexibility of Cloud-init
Aaron Welch, Packet - - Cloud-init is one of the most ubiquitous tools for getting your cloud infrastructure from "here" to "there", but there are a number of powerful and flexible features that are underutilized which can dramatically improve the usefulness of cloud-init. There are also some limitations to it, for example, where do you store your user-data, much less revision or run tests against it? Currently there is no great solution. Enter - a community resource that provides a repository for all your custom user-data as well as a resource for community projects and platforms to publish "official" user-data to bootstrap their software via cloud-init. Making everything easier, from a simple bootstrapping of your chef client to deploying a full-blown Mesosphere / DCOS cluster, come see what the missing piece of the cloud-int puzzle can do, and do for you.
Don't Worry About Servers, But Still Worry About Metrics: FaaS Measurement Fundamentals -- Clay Smith, New Relic - - Function-as-a-service (FaaS) platforms like Amazon Lambda, Azure Functions, or Google Cloud Functions are being experimented with in many projects. While FaaS is hyped, there are plenty of success stories from teams that have created scalable, low-cost systems with serverless computing components. It’s less well understood, however, how to measure function performance when traditional infrastructure, server, and application metrics are unavailable. This talk is about how to use emerging FaaS metrics—and a little bit of data scraped from the /proc filesystem—to build more resilient, fast functions.
Building Reusable End to End Self-service Catalogs For Your Organization - Nate D'Amico, - - Open Source tools have become the primary choice of engineers and operations teams when it comes to developing, deploying and managing their services.  Typically, tools are singularly focused in their capabilities and its common to mix and glue various ones together in ad-hoc ways to strive for an end to end solution.  The Devops Toolkit (Dtk) is an Open Source framework that was built to handle this heterogeneity with a focus on the practice of reuse and sharing of existing tools/scripts through a versioned self-service catalog that can leverage ANY existing script/asset with minimal to no changes.  The Dtk provides end-to-end workflow management & support that coherently integrates a state-based idempotent approach with the ability to invoke procedural actions by drawing on AI Planning concepts. Come learn about the origins of the project, where it’s going in 2017, and what it can do for you today.
How Databases with "Translytical" Capabilities Will Change the Way We Develop Data Driven Applications - Lucia Subatin, SAP -- Developing modern data driven applications requires a re-examination of one of the building blocks developers have come to rely on - the database system. In this session, we will discuss the implications for application development using a multi-modal, in-memory data processing environment. We will explain how this creates a new data programming model for applications which give you the flexibility to adjust and expand data models over time and share an architecture blueprint for building data driven applications.Hacking on Hardware: A Workshop for Building Internet Connected Projects - Taron Foxworth, Losant - - In this workshop you’ll learn about circuits, sensors, and internet-connected hardware. This workshop provides all of the hardware, software, and instructions needed to build several simple connected IoT apps. All attendees get to keep the hardware, which includes a WiFi microcontroller and other hardware components.
2:15p -2:45pKeeping your APIs Honest -- Emmanuel Paraskakis, Oracle Apiary - - Ever had your API documentation go out of sync with your API implementation? Or broke API clients with a refactor of your back-end code? Or maybe you deployed the wrong version of a microservice to production instead of staging... If the above sends chills down your spine, then this talk is for you! We'll learn how to use open source tooling to test your code against an API spec, during development or in production, so you can ensure your documentation is in sync and that you don't break everyone out there that depends on your API.Architecting Modern, Data-driven Applications with Containers and Microservices Jon Gray, Cask - - Building and running production applications on Hadoop is often a difficult process filled with slow development cycles and painful production operations. In this talk, we will discuss how to design and deploy container-based, microservices-oriented architectures for big data, apply these architectural blueprints to common big data use cases such as data lakes and IoT, and reduce the time to production for modern data-driven applications.
A Broader look at Architecting Fault-tolerance into Apps - Adil Aijaz, Split - - In software architecture, failure is the rule, not the exception. The role of an architect is neither to manage the team, nor to write code on a day-to-day basis, rather it is to be the voice of risk mitigation in the organization. A successful architect will help his or her team build systems that will gracefully handle failures. Most folks think of mitigating risk at an infrastructure layer: redundancy, failovers, active/active databases etc. I want to encourage architects to think of risk mitigation from the application perspective as well: how can we write our applications to be more graceful when failure happens? In this talk, I'll share two application level strategies for mitigating risk I learned from my time at LinkedIn. These are: Circuit Breaker: allows you to isolate failures in a microservices world.
Controlled Rollout: allows you to manage failure by gradually ramping features from 0% to 100% of your customers.
Istio - A Holistic Approach to Managing Service-mesh Traffic on Kubernetes - Louis Ryan, Google & Shiriram Rajagopalan, IBM - - Istio provides a common substrate for the polyglot service-mesh in Kubernetes. It includes advanced traffic controls, policy enforcement, enhanced security & fleetwide insights. Capital One DevExchange/Alexa Hackathon Prep - Amanda Rice, Capital One - Jared Smith, Capital One and Liz Myers, Amazon - - Joining us for our evening Hackathon at Glue? If so, you’ll want to get a jump on the competition by attending this workshop. Representatives from Amazon Alexa and Capital One DevExchange will be there to walk you through the basics of using the DevExchange APIs and building Alexa skills.
2:50p-3:20pCilium + BPF: Least Privilege Security on API Call Level for Microservices -- Dan Wendlandt, Covalent - - Security used to involve placing firewall appliances in the right place to protect the good from the evil. While software defined infrastructure has moved security functionality to every server, its principles haven’t changed much. Security is still based on IP addresses and port numbers. This effectiveness of this model has become questionable if the majority, if not all, of the network traffic is being sent over port 80 or 443. If a service makes an API call to another service, then all of the API surface has to be exposed to the calling service. This is against the security best practice of "principle of least privilege" and allows compromised services to make arbitrary API calls to other services. In this talk, we will walk through how the Cilium open source project leverages the kernel technology BPF to provide visibility into the API calls between services and how it can enforce security policies on application protocol level in a completely transparent manner.Scale Your Node Application, Skip the Infrastructure Matt Williams, Datadog - You don’t have to look far to find yet another article on scaling your NodeJS app to handle large numbers of users. But the techniques covered usually involve becoming an expert in deploying hardware or a guaranteed minimum outlay of cash to handle your expected load. But what if there were a way to scale almost infinitely without having to worry about the infrastructure to run any of it. Using platforms like AWS Lambda, Azure Functions, and IBM OpenWhisk, you can focus on providing scalable functionality in your NodeJS application without having to think about any of infrastructure details. In this session, Matt Williams will show you how to get started building a complex Node application on AWS Lambda from scratch. Starting with the standard CLI, we move to other frameworks like Node Lambda and Serverless to add more functionality to serve your users. We will consider some key architectural decisions that affect how the application is designed. And all the way along we look at ways to monitor the application to help find the bottlenecks. By the end of the session, you will be eager to start working on your next application on AWS LambdaDelivering Quality Code, Frequently Neil Manvar, Sauce Labs - - As web and mobile application software development increases in complexity, the frequency of testing is growing exponentially. This trend is leading to a competition between companies and their dev teams to see who can deliver the most quality product faster in today’s competitive business environment. Join Neil Manvar, Solutions Architect at Sauce Labs, as he outlines best practices for leveraging modern technologies to develop and test maintainable, quality code. Through his experiences, you will learn how to avoid change-related outages of your apps but adopting automated testing, continuous integration and open source tools.
3:20p -3:30pIntro to an OpenAPI Initiative Workshop - Lorinda Brandon
3:30p - 3:45pAfternoon Break
Afternoon Tracks and Workshops, Continued
Track 1: APIsTrack 2: From Bare Metal to ServerlessTrack 3: Automation, Testing, Monitoring and AnalyticsBreakout 4Breakout 5Breakout 6
3:45p -4:15pThe OpenAPI Initiative Workshop Darrel Miller, Microsoft and Ron Ratovsky, SmartBear - - The OpenAPI specification is on the cusp of a new iteration. What began as the Swagger specification, now part of the Linux Foundation, supported by tech's biggest names, OpenAPI V3 will bring even more value to developers building and consuming APIs. Come join us for a two way conversation about what has been fixed, what has been improved, brand new features and those that didn't quite make the cut. Whether you are new to the world of API descriptions, or a grizzled API veteran, we will show you how OpenAPI V3 allows you design, describe and document your APIs and drive all different kinds of tooling used in the API lifecycle. Bring your questions about why OpenAPI works the way it does. Bring your API design challenges, and we'll show you how OpenAPI describes them. Bring your wish list of features for the future and we'll crush your dreams… just kidding!Surviving Day 2 in Open Source Hybrid Automation -- Rob Hirschfeld and Greg Althaus, RackN - - - Quick starts don't work for running systems! So how can we ensure ongoing operability of open source code? That requires an automation approach that allows open communities to both share code AND customize it to individual needs without forking? The SRE focused team at RackN has been working on exactly this problem. Site Reliability Engineering (SRE) focuses on creating systems that are maintainable over time with decreasing operational effort. We can't just worry about getting something install quickly if that means the software cannot be upgraded, secured or scaled. In this session, we'll show real Day 2 SRE tooling patterns that allow upgrades, live patching and security key rotations that should be part of your daily operational practice on Day 1Meet Isomer: A Best-practices framework for the Modern Product Development Team - Omed Habib, AppDynamics - - The Isomer Framework is the sum of the best practices observed over decades of software development and functional organization. One way to think of the Isomer Framework is to imagine the latest trends in the Microservice design pattern. As software is becoming more decoupled into individual services mirrored around specific business purposes, so are the product teams forming themselves around the same organizational structure. This session introduces the Isomer best practices and helps you understand what functional changes you may want to make to improve your recipe for success. Serverless in an Offline-First World - Adam Fish, Realm - - - Serverless architecture is well suited for mobile development. However, mobile environments face different challenges than the web. Network connectivity is unreliable, there are multiple sources of truth between user devices and the server, and the REST model wasn't designed for pushing data. This talk will explore how a Serverless architecture can be achieved that is resilient to these problems.My Evil Plan To Save The World... From a Suboptimal Programming Language Created in 1972 Andrew Kelley - - It's been 45 years since the C programming language first appeared, and we still depend on it today - even in high level code such as Node.js, Ruby, Python, and Java. But this language is fraught with peril. We see security vulnerabilities on a regular basis. And we haven't quite figured out how to replace it with languages such as C++, Go, and Rust. This session introduces a new challenger, Zig, and dives deep into what really happens on a system when you don't depend on C in order to do things like printing to stdout, multi-threading, and networking.Self-Driving Kubernetes & Helm Lifecycle at Ticketmaster -- Josh Rosso, CoreOS and Michael Goodness, Ticketmaster--- Ticketmaster is embracing cutting-edge tools & technologies as it launches its cloud-native platform. Join us for a technical overview of self-driving Kubernetes, which moves the complexities of control-plane maintenance into the cluster itself. We’ll demonstrate automated upgrades, component modifications, and troubleshooting in a large distributed system. Then jump behind the wheel with Helm, the Kubernetes-native package manager. See how Ticketmaster leverages this tool to increase operational efficiency and developer velocity through slick CI/CD workflows.
4:20p -5:00pEmbracing Docker and Serverless in Enterprises -- Sathiya Shunmugasundaram, Capital One - - Docker is already in production in enterprises. Efforts are sincerely underway to containerize applications and vacate Data centers and move into cloud. With the sudden emergence and increased momentum of Serverless architectures, FUD (Fear/Uncertainty/Doubt) is inevitable. There is a rush and pressure to evaluate Serverless and start migrating. We strongly believe while Serverless is going to be in limelight, containers have their legacy set and will stay through. With practical use-cases, we will discuss why Serverless and Containers have to co-exist for enterprises and how they can complement each other to achieve the most important thing of solving business problemsLessons Learned from Deploying Deep Learning at Scale -- Diego Oppenheimer, Algorithmia - - Algorithmia is a startup with a mission to make state of the art machine learning discoverable by everyone;they offer the largest algorithm marketplace in the world, with over 2700 algorithms running as serverless microservices supporting tens of thousands of application developers. Algorithma is the first company to make deep learning, one of the most conceptually difficult areas of computing, accessible to any company via microservices. In this session, you learn how this startup has selected and optimized cloud instances for various algorithms (including the latest generation of GPU optimized instances), to create a flexible and scalable platform. They also share their architecture and best practices for getting any computationally-intensive application started quickly.
5:05p -5:35pKeynote: Observability in the Glorious Future (& Inglorious Past) -- Charity Majors, Honeycomb - - Are we really going to put software engineers on call, and will you ever get any work done ever again once we do? HELL YES. Future systems will be built just as much instrumentation-first as tests-first, but we have many tooling gaps and practices-gaps to close to get there. Our current tool set was designed and built to solve the last generation of problems. Let's talk about how we can make that evolutionary leap to systems where we only get woken up for new and interesting reasons ... where software engineers are empowered to own their own services from end to end (AND THEY LIKE IT) ... and where we can interact with live distributed systems as powerfully as we currently dive deep into single-node performance problems. To the future!
5:35-6:05Keynote: Keynote: How to Knock Out Your QA Bottleneck - Russell Smith, Rainforest QA - - - The demand for development teams to ship increasingly faster, higher quality software has never been greater. Throughout the development process, QA continues to be among the most manual, slow and painful steps, especially for agile and continuous delivery teams. In this talk, Rainforest QA CTO and co-founder Russell Smith will highlight the essential steps to get QA to move at the speed of the fastest moving development teams.
6:00-7:30GlueCon Evening Reception and Networking with Exhibitors
7:30-MidnightHacking Alexa: Grab a beverage and come build (and deploy) Alexa Skills - Held in Breakout 3 - (*Registered GlueCon Attendees Only*)
Day 2 - Thursday, May 25, 2017
8:30a - 12:00pRegistration Open
8:30a -9:15aDanishes and Coffee
9:15aDay 2 Begins - Eric Norlin
9:15-9:45amKeynote: A Connector, A Container and an API Walk into a Bar... -- Steven Willmott, Red Hat Inc. - - As software becomes an integral part of the modern wall, our tools to build software systems have changed radically as well, becoming more powerful, modular and distributed. As we build modern software systems though we are often our new tooling by itself isn’t enough to guarantee systems that live up what they need to deliver, we also need to change the way we approach software delivery. In this talk we’ll talk about how containers, APIs and the changing usage of integration technology are genuinely changing the systems landscape for many customers as well as some of the new unexpected challenges that creates.
9:45-10:15amKeynote: AWS Lambda & The (Serverless) Future of Big Data - Tim Wagner, AWS Lambda - - Think big data is inherently entwined with the challenges of scaling, managing, and paying for big infrastructure? In this talk we’ll construct several working projects that feature simple architectures that can work at massive scale. We’ll not only build and demo several big data approaches live, we’ll show you how to create a CI/CD pipeline and a load tester for them…all with serverless ease and scale. Along the way we’ll demonstrate AWS Lambda’s programming model, console and CLI, and show you how to easily define APIs and complete serverless apps using SAM, the Serverless Application Model. We’ll leave you with recipes for doing enterprise-grade big data projects without the complexity of infrastructure or the fear of paying for capacity when it’s not in use. Leave your servers at home; you won’t need them for this talk.
10:15-10:30amKeynote: Metadata is the Glue - Uri Sarid, Mulesoft - - When the Glue Conferences started in 2008, “Glue” was roughly about “web oriented architecture”, “interop for the web”, and coupling that’s as loose as possible but no looser. Nine years later, we’re weaving a truly huge network of APIs, and the API metadata -- the API spec -- is the lynchpin of intentional loose coupling. It’s the single source of truth for what a service does, it’s the versioned contract between consumers and producers, it automates docs and exploration and testing and CI/CD and integration, and it’s key to productizing services. You can now benefit from RAML’s modeling features and Open API’s ubiquity with a new open-source engine, the API Modeling Framework, that glues them into a unified document model and domain model; it’s an open and extensible metadata engine for APIs that provides round-trip interoperability between formats, a common programmatic interface to the metadata, and a powerful kernel for API tooling.
10:30a - 10:45a Morning Break
10:45a - 11:15aPassport Prize and Hacakthon Winner Announcements
Breakout 1Breakout 2Breakout 3Breakout 4Breakout 5Breakout 6
11:20a - 11:50aInnovate with Experimentation: Incorporate A/B Testing Into Your Product Development - John Provine and Matthew Auerbach, Optimizely - - Experimentation is at the core of today’s most successful software products, from Amazon to Google to Facebook to Netflix. These companies use A/B testing to de-risk development and measure the impact they’re making with new ideas. As a developer, how can you ensure that the features you’re building are making an impact on the metrics your business cares about? We will walk through how product and engineering teams can apply experimentation to their development cycles to create better user experiences. Attendees will learn best practices for running A/B tests across teams, and pitfalls to avoid when building an internal system.Scaling Application Defense for Container Environments - John Morello, Twistlock - - With the advent of containers, microservices, and devops traditional security approaches have struggled to keep up with scale and rate of change in modern environments. While it's easy to dismiss containers and the operational patterns they enable as being riskier than legacy virtualization - that's simply not the case. In this session, we examine the changes to the threat landscape that containers bring, but also the opportunity that comes with leveraging the fundamental characteristics of containers to automate and scale their defense - without slowing application delivery.Incident Response Orchestration Systems - Berkay Mollamustafaoglu, OpsGenie - - We live in an always-on world, where our customers (users) demand that the services they use will always be available, performant and secure. The reality is that no matter what approaches we use to try to prevent them, incidents have now become a routine occurrence in our daily lives. As a result, effective incident response now essential to ensure that problems can be resolved as quickly as possible. Incident response is no longer solely the responsibility of Operations teams. Your entire operations are now engaged in an effective Incident response. With the adoption of DevOps practices, developers have become directly involved in the incident resolution process. The same is true for customer service organizations, marketing and other stakeholders in your organization. This presentation will discuss how organizations are streamlining their incident response practices, while incorporating those non-traditional teams, in order to bring under control what would otherwise be chaosNATS: A Simple, Secure, Scalable Messaging System for the Cloud Native Era - Peter Miron, Apcera - - Modern distributed systems are intended to be resilient, scalable, and flexible/responsive to business needs. The always-on nature of modern systems and the scale involved are unique challenges for system architects which can be addressed using NATS is a remarkably simple, scalable, and secure open source messaging system widely adopted for Cloud Native and Microservices architectures. This talk will explore the various components that comprise NATS (NATS Server, NATS Streaming, NATS Top) and some of the use cases where NATS is being adopted in the enterprise, including a quick demo.When Feature Flags Go Bad:How Not to Have Feature Flags Be Used Incorrectly for Disastrous Results - Edith Harbaugh, LaunchDarkly - - Feature flags are a continuous delivery best practice to get feedback faster, with less risk. With feature flags, engineering changes are pushed live to production “off”, and then turned on to different users, separating deployment from release. Learn how Behalf and CircleCI to use feature flags for opt-in early access, private beta, canary releases and dark launches.Jumpstarting a Legacy Refactoring Job without Losing Your Server or Altering the Original
John Minnihan, - - Enterprises have many mission-critical processes running on old servers inside the firewall. CIOs know that they must migrate to the JIT-cost model of cloud computing to remain competitive, but refactoring legacy services on-prem carries a high risk of destabilizing those old servers. Cloning the legacy servers directly into the cloud allows teams to begin work using a 100% software-based copy of the server. This eliminates the risk of catastrophic hardware or systems failure on the original server while allowing refactoring to begin. It also reduces costs in the near-term, as the on-prem server can be decommissioned.
11:50a - 12:50p Lunch with Gluecon Exhibitors
12:50p - 1:15pNetworking with Gluecon Exhibitors
Breakout 1Breakout 2Breakout 3Breakout 4Breakout 5Breakout 6
1:15p - 1:45pThe KiSSS Approach: Integrating Microservices into Kubernetes with Scalable, Secure and Simple Designs -- Karthik Prabhakar, Tigera - - Aristotle, asked about Kubernetes, said: “The whole is greater than the part”. This guided session will help us see the big picture and clear our minds (of noise). Reflect on connecting and securing microservices (in the Kubernetes system). Contemplate the Past, the Present and the Future (of cloud-native networks and security). Join us, sleep better at night.The Serverless Database - Chris Anderson, Fauna - - You’ve written a serverless app, and it feels great not to worry about irrelevant parts of your stack. But when it comes to your data, your’re either still provisioning databases the old-fashioned way, or you’ve moved to a cloud database that you still have to provision up front. You don’t have to accept these tradeoffs. In this talk, Chris Andrerson, Director of Developer Experience at Fauna and previously co-founder of Couchbase, will go into detail about a new generation of database that fits the pay-as-you-go serverless provisioning model and offers strong consistency with relational queries. We'll look at code using the Serverless framework and AWS Lambda, and how the database can provide fine grained access control.Beyond Relying on AWS: Challenges and Approaches for Being Cloud Agnostic Using Containers -- Phil Dougherty, Containership - - In February, the world learned exactly how many services other services rely on to function also rely on AWS. It didn’t have to happen. Find out why (and how) in this discussion on the challenges, benefits and approaches to becoming cloud agnostic and multi-cloud ready using containers.Does Your Opinion Matter? Spring Boot Doesn’t Think So - Brian Mericle, Choice Hotels Over the last five to ten years, we have seen companies increase their obsession with DevOps and moving towards Continuous Integration, Delivery and Deployment. The business goals typically involve delivering products faster to market, realizing competitive advantage and reducing the cost of delivering software to production. The goals of IT usually involve increasing deployment quality, consistency and reliability while reducing error prone manual processes. One thing that developers can do to help facilitate this journey is to streamline their own processes. Spring Boot takes a very opinionated approach to software development. It takes the idea of “convention over configuration” to a new level. This talk dives into why this approach can be good and how it can increase your productivity while enabling your organization to be successful in their journey towards continuous deployment.Scalably Exposing Public API Endpoints Across Microservices -- Josh Cincinnati, Lyft - - Microservices: so hot right now. But exposing them publicly can be decidedly less hot. If you’ve got dozens of services of varying scopes and purposes, what’s the best strategy to expose them? How can you maintain separation of internal and external services? These questions and more will be answered in this talk, where Lyft will drive a discussion into its own rapidly growing, modern microservices-based infrastructure and the tools it uses to expose API endpoints across the company.Using Hashicorp Vault for Secrets Management
Chris Stevens, Traxo - - Rigorous secrets management processes can help win business and satisfy both internal and external security requirements. This session focuses on the why and how of using Vault as an application developer. Attendees will learn how to safely store and retrieve encrypted secrets, implement short-lived credentials for database users, use encryption and hashing as a service, and secure networked applications using dynamically generated TLS certificates. The session will demonstrate basic through advanced level Vault capabilities, show how containers running on a Nomad cluster can easily and transparently access secrets, and provide integration options for legacy and non-container applications.
1:50p - 2:20pBots: The Unspoken Challenge of Conversations - Rakia and Marcus Finley, FIN. Digital - - As interfaces and development opportunities evolve from the older “apps”models, voice and bot integrations have begun to emerge as new models. For developers, designers, and project managers who have traditionally worked on more conventional web-user interfaces, creating a voice UI can seem foreign and unobtainable. Voice bots, such as Amazon’s Alexa, have become captivating platforms for bot creators, however translating functionality into verbal exchanges can be surprisingly difficult. This session will discuss what challenges arise when creating voice bots.Serverless-Architecture in the Enterprise - Allen-Michael Grobelny, Box -
The advent of new technologies like Amazon Lambda have created a new norm of development without traditional servers. This has created a new opportunity for software developers to easily build and deploy cloud applications, and also requires cloud API providers to provide tools for developers building in server-less environments. In this session, Matt Self, VP of Software Development at Box, will discuss the growing popularity of server-less development and the types of tools available to server-less developers.
Exception Handling Across Time and Space
Andrew Weiss, Rollbar - - The evolution of exceptions across various programming languages over the past 50 years.
Using Sagas to Maintain Data Consistency in a Microservice Architecture -- Chris Richardson, Eventuate, Inc- - The microservice architecture structures an application as a set of loosely coupled, collaborating services. Maintaining data consistency is challenging since each service has its own database to ensure loose coupling. To make matters worse, for a variety of reasons distributed transactions are not an option for modern applications. In this talk we describe an alternative transaction model known as a saga. You will learn about the benefits and drawbacks of using sagas. We describe how sagas are eventually consistent rather than ACID and what this means for developers. You will learn how to design and implement sagas in a Java application. Distributed Serverless Stack Tracing and Monitoring -- Chris Munns, Amazon - - When you’re running a large, multi-faceted serverless application, how can you effectively diagnose issues in your application’s performance? In this session, we’ll show you how to peek under the hood of your function executions so you can determine where performance issues are occurring in your serverless application. We’ll demonstrate a live demo of a new service, AWS X-Ray, which is a distributed tracing service that helps developers analyze and debug distributed applications. We’ll show you how you can use X-Ray to diagnose your serverless applications using dynamic stack tracing, call analysis, and the X-Ray service graph which visually depicts service calls made to your application.How Engineering Teams Can Get the Most from their Internal Power Users - Jenny Farver, Civis Analytics - - If your product has technical or power users, you're probably getting plenty of creative, thoughtful feedback and roadmap ideas. At Civis, we build software for data scientists but we're at our best when we're building things with data scientists. Join us to hear about some specific ways we've integrated our technical power users into our product development process -- design sprints, user feedback sessions, and deep/shallow team embeds. We'll also give a few examples of the results: better software and happier people.
2:25p - 3:00pSteward, the Kubernetes-native Service Broker -- Gabe Monroy, Microsoft - - - No application is an island. Most applications interact with a diverse set of services, not all of which run on a Kubernetes cluster. How do you manage access to both on and off cluster resources? Join Gabe Monroy, CTO of Deis, for a discussion about service catalogs, explicit service bindings, and how they can help you rationalize heterogeneous computing environments. We will end with a demo of Steward, the Kubernetes-native Service Broker.Kick Your Server to the Curb with OpenWhisk - David Okun, IBM - - In this talk, I'll introduce the open source serverless framework OpenWhisk. I'll explain what serverless means (to me anyway), why you would use it (and when you would not), and explain how it's implemented in the OpenWhisk environment.Security for Cloud Native Applications ("Toto, we are not in Kansas anymore") -- Dimitri Stiliadis, Aporeto - "Cloud native" implies a more flexible and dynamic architecture for developing and delivering applications. While application development frameworks have advanced, new application security models have not kept pace. The result has been the extension of legacy security models into cloud-native environments, where the physical world is mapped one-to-one to the cloud world These approached do not scale and maintain the silos between development and security teams. Who hasn’t heard the story: “It works in dev, but it failed in production because of security rules.” In this talk, we will discuss three fundamental problems: First, how cloud deployments can become the catalyst for better security and simpler infrastructure. Second, how the right tools can provide the much-needed communication interface between developers and security for a shared-responsibility security model. Last but not least, we describe how some our open source efforts and specifically the Trireme project provide the first steps in this journey. Steam Punk: IoT and Containers are Hot - Jayson DeLancey, GE Digital For over 2000 years, we’ve used boiling water to produce mechanical motion. A recent demo project demonstrates the process of taking a small miniature replica steam engine and using sensors to model, understand, and optimize how it works. A combination of sensors for heat, pressure, vibration, and motion allow us to create a digital representation of a physical machine and system. Adding edge computing we can run analytics and computation workloads where it makes the most sense.
Whaleless!: Do Serverless with Docker and Avoid the Lock-in -- Amir Choudry, Docker - - Serverless is picking up steam and the allure of ignoring the underlying infrastructure is attractive to developers. However, there are many cases where enterprises need to maintain control over where computation is run — for compliance, security, or efficiency reasons. How can those dev teams still gain the benefits of serverless architectures while allowing the ops teams to maintain control? In this talk I'll introduce FaaS, an open source framework for building serverless functions using Docker. I'll demonstrate auto-scaling in real-time across a large Docker cluster and I'll describe how both containers and serverless can coexist to solve a variety of problems.Architecting the Future: Abstractions and Metadata -
Dan Barker, DST Systems - - Kubernetes and Docker are two of the top open source projects, and they’re built around abstractions and metadata. These two concepts are the key to architecting in the future. Come with me as I dig a little deeper into these concepts within k8s and Docker and provide some examples from my own work.
3:00p - 3:15pAfternoon Break
Breakout 1Breakout 2
3:15p - 3:45pThe IoT Attack Surface: A Threat Model and Real-World Assessment -- David Lindner, nVisium - The Internet of Things (IoT) is not new terminology. However, the sheer amount of connected devices we have at home and at our businesses is growing exponentially and increasing the attack surface. Attacking and assessing IoT can easily lead us down a rabbit hole only to hit a wall on the other side. However we need to be extremely comprehensive in our methodology and not end up down that rabbit hole for too long. We're here to discuss the attack footprint of a typical IoT infrastructure, whether at home or at the office. We will discuss a threat model and verification of a real-world IoT assessment including every component from hardware, protocols, mobile applications and devices, web APIs, etc. We will discuss attack vectors, attack motivation, typical attack vectors, and common shortfalls in IoT systems. Join David as he walks through an assessment of an IoT system including a high level threat model and attack chain discussion.Kubernetes on Windows on Azure
Anthony Howe, Microsoft
3:50p - 4:20pCreating Docker-based Container Clusters with Clusterdock
Pat Patterson, Streamsets - - clusterdock is a simple, Python-based framework for creating Docker-based container clusters. Unlike regular Docker containers, which tend to run single processes and then exit once the process terminates, these container clusters are characterized by the execution of an init process in daemon mode. As such, the containers act more like "fat containers" or "light VMs": entities with accessible IP addresses which emulate standalone hosts. In this session we’ll dissect clusterdock; you’ll learn how we use it to spin up a Hadoop cluster on a single VM in a few minutes, how it bootstraps itself from a shell script, and how it can be extended to support other distributed systems.
API Design in the Age of Bots, IoT, and Voice - James Higginbotham, Launch Any - - Developers have been debating RPC vs. REST for some time, and now we have GraphQL and other options growing in popularity. But what happens to our API design when we add bots, IoT edge devices, and voice into the mix? This talk examines how our APIs must change in the world of bots, voice, and edge devices. We'll also look at ways that we can future-proof our API design in light of these new ways of interaction. Finally, we'll identify design strategies to support the growing need for edge computing.
4:25p - 4:55pKeynote: Flying Dreams: Real-Time Communication from the Edge of Space -- Jonathan Barton & Neha Abrol, goMake - - Creating flexible, resilient access to real-time sensor data can be challenging – especially when your device targets can literally disappear off the face of the Earth! See how goMake is using Kubernetes, Node.js, Swift, Raspberry Pi, and a global satellite network to create scalable infrastructure for students to build, launch, and track their own high-altitude balloons as part of a standards driven project-based learning curriculum.
4:55p - 5:00pClosing Comments - GlueCon 2017 Ends