GlueCon 2018 Session Descriptions
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Day 1 - Wednesday, May 16, 2018
7:30a - 5:00pRegistration Open
7:30a - 8:30aDanishes and Coffee
8:30a - 8:45aOpening Remarks - Eric Norlin
8:45a - 9:15aKeynote: Chaos Architecture - Adrian Cockcroft, AWS - - We’ve seen cloud usage patterns begin with a faster data center and greenfield applications, move to cloud-native migrations, and end up with complete data center replacement strategies. These patterns are driving even more business-critical backend workloads to the cloud, and new patterns are emerging for highly automated, available, and durable cloud-based architectures. However, a recurring problem with highly available architectures is that they don’t get enough exercise to ensure they will work correctly under turbulent conditions—and the weakest link is often the people operating the systems. Most enterprises have a backup data center, but in many cases disaster recovery failover and incident response isn’t practiced regularly. Chaos engineering leverages carefully designed failure injection tests and the distributed automation inherent in cloud deployments to prove that there is enough margin to absorb failures in production. Adrian Cockcroft outlines the overall architectural principles of chaos engineering and shares methods engineers can use to exercise failure modes in safety and business-critical systems.
9:15a - 9:45aKeynote: Kubernetes is a Platform Platform - Joe Beda, Heptio - - The world of containers is moving to the next phase. We are moving past the embryonic stage of figuring out how we run containers. The question is now what do we do with this new tool set? In this talk, we will outline how Kubernetes was built to be built on and detail some of the innovative community projects that are taking things to the next level.
9:45a - 10:15aKeynote: Many Charts With Circles: Systems Development Life Cycle (SDLC) Meets the Organizational Development Life Cycle - Lisa Kamm & Max Whitney - - Selecting a software development lifecycle (SDLC) for your organization can feel like playing roulette on lots of charts with circles. Across twenty years, Lisa and Max have been building software at large, medium and small scales through periods of hockey-stick growth, happy continuity and unexpected contraction. In this talk they present a framework for finding a design and engineering pipeline that fits your organization in its current moment of growth, addressing ideation, MVP, user testing, code management, develop-test-production environments, build services, manual and automated test, acceptable bug rates, performance monitoring, log analysis, alerting and managing on-call. Where do you throw the bulk of your staffing resources? Where do you build in pinch-points for review? When does increasing rigor help - and when does it get in the way?
10:15a -10:30aMorning Break
10:30a - 11:00aKeynote: Escape the Tar Pit with a Service Mesh - Andrew Jenkins, Aspen Mesh - - Software is complex, but we can't seem to stop creating it. That's because the complexity we build into our software is also the part that solves our users' interesting problems. We can't eliminate complexity but, good news, we can organize it. A classic framework from a paper called Out of the Tar Pit is a great start. Andrew will explain how his team uses Kubernetes and Istio to escape some of the tar pit muck. By building on top of common code and infrastructure, you can move complexity to Shared Accidental Complexity layers that you share with your team, your company and your open source community. But a shared layer that promises everything for everyone is likely to have immense complexity compounded many times over. Andrew will share lessons learned moving a hosted service on top of Istio.
Breakout 1Breakout 2Breakout 3Breakout 4 (Spruce)Breakout 5 (Fir)Breakout 6 (Birch)
11:05a-12:00pIntroduction to Virtual Kubelet - Ria Bhatia, Microsoft Azure - - Standalone Kubernetes still requires a layer of management and Kubernetes alone isn’t the answer developers are looking for. Virtual Kubelet is an open source project that takes away operational hardships for developers so they can continue to focus on building great apps rather than fumbling with infrastructure they shouldn’t have to care about. This is where containers fill the gap for flexibility, scalability, light-weight infrastructure matched with a per-second billing model, customers get exactly what they pay for. Azure Container Instances and other pods as a service platforms like is the story for flexible billing, instant compute power and efficiency within the cloud. This changes the game for deploying infrastructure.API Based Networking and Load Balancing for Microservices - Sai Chaitanya, VMware - - In this session we will begin by introducing VMware NSX-T – a cloud-native Networking and Security platform. NSX-T implements Networking, Load Balancing and Security for VMs and Containers based apps (built on platforms such as Kubernetes and Cloud Foundry) – all accessible via REST APIs. While platforms like Kuberentes (K8s) enable great agility, developers are often bottlenecked when it comes to exposing services and are often required to open tickets with IT teams to provision Load Balancers and Firewalls. In this session you will learn how a developer using K8s can leverage Kubernetes “Ingress” and “Services” and the NSX-T platform to expose a variety of applications – HTTP/HTTPS, other TCP and UDP apps - in an IT compliant fashion. Developers are often looking for their own dedicated instance of LB with full isolation – s/w driven Load Balancing enables NSX-T to support multi-tenant deployments as well. In additional Load Balancing, you will learn how NSX-T offer an integrated for solution for Networking and Security for Microservices as well.Application and Business Transaction Monitoring in a Container Orchestrated World - Mark Prichard, AppDynamics - - You are refactoring your critical business applications to use containers and migrating to Kubernetes - now you plan to roll out applications faster with immediate feedback, perhaps using canary releases, blue-green deployment patterns or some other approach to microservice-based development. How will you measure whether those strategies are really delivering benefits to your end-users and customers? Application Performance Management (APM) technology provides an essential link between development, devops and operations teams to ensure that you have: accurate, rapid feedback; proactive alerting about issues and regressions; and the ability to understand exactly the value that your applications are bringing to your business. In this session, Mark Prichard from AppDynamics will explain how APM works in microservices or container-based architectures, and share best practices and examples drawn from AppDynamics’ experience as a leader in APM technology for over 10 years.Ethics and AI: Thinking about the Implications of Algorithmic Design within Semi-Autonomous Systems - Ned Hayes, Intel - - As we design increasingly autonomous systems, the role of ethical decision-making in real-time system outcomes can’t be ignored. Ned Hayes will use Intel’s existing Computer Vision and Media SDKs to demonstrate the possible implications of autonomous action in vehicle and digital surveillance scenarios. He’ll outline some of the significant open questions in ethics and AI and venture some thoughts on how to design better algorithms that create ethical outcomes that don’t suck.Resolving Outages Faster with Better Debugging Strategies - Liz Fong-Jones & George Talbot, Google - - Engineers spend a lot of time building dashboards to improve monitoring but still spend a lot of time trying to figure out what’s going on and how to fix it when they get paged. Building more dashboards isn’t the solution, using dynamic query evaluation and integrating tracing is. Learn how SREs discover and debug problems at Google during outages, and hear real stories about our experiences.Lessons Learned on Scaling to Billions of Feature Flags - Edith Harbaugh, LaunchDarkly - - LaunchDarkly serves 25 billion features daily, but started with just one. Edith Harbaugh, CEO + Cofounder, talks about how they scaled and lessons learned on best practices for feature flag management. Feature flags are used by developers all over the world to control dark launches, controlled rollouts, betas, and long term control.
12:00p -1:00pLunch
1:00p -1:30pNetworking with Exhibitors
Afternoon Tracks and Workshops
Breakout 1Breakout 2Breakout 3Breakout 4 (Spruce)Breakout 5 (Fir)Breakout 6 (Birch)
Track: ContainersTrack: DevOpsTrack: Microservers & ServerlessTrack: Developing on a Blockchain
1:30p -2:10pDemystifying the "Cloud" in Cloud-Native: Building Resilient Applications with Managed Kubernetes and Istio Mallika Iyer - - Building a cloud-native application is easy on paper, but ridiculously difficult in in practice. The microservice paradigm has gained popularity over the past few years, but adoption proves to be a challenge because architecting for the cloud exposes one to new challenges - like communicating between different parts of an application written in multiple languages. While this architectural paradigm paves the way for significantly faster development and boosts developer efficiency, it also causes the number of potential failures to increase exponentially. This talk will cover the basics of a service mesh, the benefits of using a service mesh like Istio with a managed Kubernetes platform, and go into a demo of an application leveraging the aforementioned technologies, i.e. managed Kubernetes and Istio. The session will also cover resiliency of cloud-native applications from a practical aspect.Managing Your DevOps Pipeline End-to-End - Topo Pal, Capital One - - At Capital One, we have been in the DevOps journey for about five years now. Even after these five years, we realize that even in our own organization, DevOps has different meaning to different people. From our experience we found that it is better to ask first “Why is DevOps?” - focusing of the outcome. For us, DevOps is about delivering high quality software faster. This stance, immediately shifts everyone’s attention to the “delivery pipeline” or “devops pipeline”. The pipeline is nothing but a manufacturing process that takes a business requirement to market as quickly as possible”. All the DevOps practices, patterns, tools, culture etc revolve around this “pipeline”. Important aspects of managing a lean pipeline starts with describing and identifying the pipeline, measure outcomes at each and every step, providing feedback, improve, “rinse and repeat”. In this talk I will present how we at Capital One manage our pipelines, how we use our own tools such as Hygieia to help us. I will also present how some other big enterprises are using Hygieia to better manage their pipelines.Kafka and the Service Mesh - Gwen Shapira, Confluent - - Service Mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing and a variety of other functionality. Apache Kafka is a distributed streaming platform with pubsub APIs - also often used to provide an abstract communication layer for microservices. In this talk, we’ll discuss the similarities and differences between the communication layer provided by a service mesh and by Apache Kafka. We’ll discuss the different paradigms they help implement - streaming vs request/response, and how to decide which paradigm fits different requirements. We’ll then discuss a few ways to combine them and to use Apache Kafka within a service-mesh architecture. We’ll conclude with thoughts on how Apache Kafka and its ecosystem can evolve to provide some of the functionality available in service mesh implementations... and vice versa. Building a Packaged Blockchain Platform for Developers Using Hyperledger Sawtooth - Duncan Johnston-Watt and Mike Zaccardo, Blockchain Technology Partners - - In this talk we provide an overview of the key components that make up our permissioned dedicated blockchain platform: Hyperledger Sawtooth, Seth, and an identity management and RBAC subsystem. The Sawtooth-Ethereum integration project, Seth, provides compatibility with Ethereum smart contracts as well as the standard interfaces that the Ethereum ecosystem expects, allowing tools like Truffle to be used with Sawtooth. It also provides support for the ERC-20 token standard. We drill down on how we’ve packaged our platform to make it easy for developers to spin up their own environment and focus on what really matters: developing DApps. Finally we demonstrate how we deliver this platform in the cloud using Apache Brooklyn.Moving Pinterest from REST to GraphQL, Carefully - Jordan Adler, Pinterest - - this session is about the decision making process and rollout strategy for making a major architectural shift to a high-usage API. The technical and organizational complexities in decision making and rollout will be reviewed, with advice on evolutionary architectural approaches to major shifts of highly available systems with hundreds of concurrent daily developers. Optimal API design will be evaluated for a myriad of use cases with trade-offs and constraints considered.Are REST APIs Still Relevant Today? - James Higginbotham - - REST gained popularity in 2005, yet GraphQL and other alternatives are moving the discussion beyond REST. Microservices and message streaming are forcing a rethink of internal APIs. In this talk, we will examine the state of APIs today, examine the use cases driving the next generation of APIs, if REST is still relevant, and how we need to prepare for the future of APIs.
2:15p -2:45pBuilding Geographically Distributed Microservices with Containers - Jari Kolehmainen, Kontena - - Running applications and services across several cloud providers and/or data centers can bring many benefits for organisations. Actually, in some cases it can even be a mandatory requirement. Making your application stack compliant with multiple cloud providers can be problematic as there are differences between cloud providers, for example in networking configurations. And to make things even more difficult, you should have a way to secure the intra-services’ communications between many cloud providers. In practice this means cumbersome network configurations with VPN and other networking security solutions. Luckily containers and modern (container) overlay networks can solve this complexity for you.
In this session, we'll dive deep into how to easily setup a container platform hosted on multiple different cloud providers with a secured overlay networking for intra-service communications. Participants will learn how to utilize containers and overlay networks to build highly resilient microservice architectures.
What Statistical Process Control Taught Me About DevOps - Jowanza Joseph, One Click Retail - - Outside of deep systems understanding and operational knowhow, DevOps practitioners spend a good deal of their time looking at charts ranging from system utilization to error rates. With the wealth of data generated and collected by DevOps professionals, a far wider set of analyses can be drawn that those taking place in a prototypical organzation. This talk is about how practices from the field of manufacturing (Statistical Processing Control) helped me to organize a successful DevOps practice in a enterprise SasS software company.Understanding Microservices with Distributed Tracing - Lita Cho, Lyft - - With a microservice architecture, one request can go through hundreds of network hops. Not one engineer can know the entire path of the request and all the services it went through. How can engineers infer how the system behaves? Metrics? Logging? These tools have their place, but neither of these inherently constructs a journey of the entire request. What if we want to optimize the overall request latency? Figure out how many additional hops the system will make by adding a new API call? I am here to talk about how distributed tracing tells a story about your system. I will go over how you can see the entire picture of what your system looks like, and with this data, make investigate and triage systematic issues, and make impactful, data-driven, performance optimizations to your system. I will go over what tracing does well and what it isn’t meant for. I will also go over how we went about tracing at Lyft and lessons learned from our adoption process.Building Data-Centric Blockchain Applications- Brian Platz, Fluree - - Blockchain enables distributed data, and microservices bring us closer to distributed execution. It is quickly becoming possible to build an entire application that has no centralized environment to run on. In this presentation, Brian will show how Blockchain and decentralized applications integrate and work perfectly towards a future with eliminated third parties and limited data risks. We’ll also cover how Fluree had to deconstruct the traditional database paradigm in building its blockchain database, and how the database needs to play a larger role in application state management and stream processing to enable a decentralized application execution environment.OpenAPI Initiative Workshop Part 1 -- OpenAPI v3 - Ron Ratovsy, SmartBear - - - Up to the minute updates on the features and future of the OpenAPI Specification. Learn about the latest features and how to participate in developing future versions of the OAS. Part 2-- How Kubernetes Generates OpenAPI: Case Study - Daniel Smith, Google - - - Kubernetes has published OpenAPI specs since very early in its life. Daniel will walk through how these specs are assembled, with emphasis on the toolchain that assembles the OpenAPI data models, and discuss how we're evolving the toolchain in the future. Part 3 - Preparing for the Future of API Description Languages - Kyle Fuller, Oracle - - API Description languages come and go. At Apiary we’ve supported nearly 4 formats without significantly changing our code base. In this session we will talk about how we’ve prepared Apiary for the future of API Description languages. We will cover the evolving domain of API Description, including the new features and concepts introduced in OAS3.Monitoring: Doing it the Right Way - John-Daniel Trask, Raygun - - Understanding what your software and infrastructure is doing is important, but where do you start? Investigating options online leads to some exciting articles, but often for organizations operating at extreme scale (who doesn't love reading how Netflix monitor things?). This session is focused on providing a framework for how to think about monitoring, how to ensure you're not trying to boil the ocean, and what steps you can take to make a meaningful difference to how your team supports the software it creates. This session is suited to operations folks, developers, and anyone who cares about the delivery of great experiences to their users (while also staying sane when the inevitable fires do break out!).
2:50p -3:30pKubernetes Runtime Security - Jen Tong, Google - - Containers make it easier than ever to keep deployment secure, but mistakes and new vulnerabilities happen. Runtime security focuses on responding to breaches as they occur, and gathering information for forensic analysis. This talk guides you through common runtime security concerns, and discuss how they change as you move to containers and Kubernetes. Making Bare Metal Go Cloud Native: The Power of Immutable Deploys - Rob Hirschfeld, RackN - - The benefits of automated cloud deployments for speed, reliability and security are undeniable. The cornerstone of this approach, immutable deployment, promotes the idea of continuously rolling safe, stable images instead of trying to keep up with managing a fixed pool of machines, If this pattern is so great, shouldn’t we bring it into the physical layer too?In this talk, we’ll explore the immutable infrastructure pattern and how to use continuous deployment and continuous integration (CI/CD) process to build and manage server images for any platform. Then we’ll show how automate deploying these images quickly and reliability with open DevOps tools like Terraform and Digital Rebar. Not only is this approach fast, it’s also more secure and robust for operators.If you are running physical infrastructure, this talk will change how you think about your job in profound ways.Kite: Twitter's System for Tracking Ownership Across Disparate Microservices - Vinu Charanya & Fabio Rojas, Twitter - - Twitter is composed of thousands of microservices running on a platform that provides a variety of compute, storage, messaging and monitoring systems through a combination of on-premise and public resources. These multi-tenant platforms run atop thousands of servers making it difficult to provision and manage services, track resource usage, attribute utilization, gauge efficiency and forecast future capacity needs. To solve these problems Twitter has built Kite, a system which generalizes the service ownership tracking across Twitters disparate platforms. Kite has enabled engineers within Twitter to visualize resource utilization and spend, improving overall efficiency and empower teams to make data driven decisions about future needs for their services. Moving forward Kite’s ownership model is being extended to help manage provisioning, metadata storage and credential management for services at Twitter. In this session we will share how our team approached building Kite, the design decisions involved and the trade-offs that were considered.Building on Blockchain: Understanding the New Meta - Andrew Redden, Blockcrushr Labs - - A deep dive into the decision making process around Blockchain development/adoption, managing the ever changing landscape of new technology/tools/research, how to make future proof decisions and what it means to decentralize your application.
3:30p - 3:45pAfternoon Break
Afternoon Tracks and Workshops, Continued
Breakout 1Breakout 2Breakout 3Breakout 4 (Spruce)Breakout 5 (Fir)Breakout 6 (Birch)
Track: ContainersTrack: DevOpsTrack: Microservers & ServerlessTrack: Developing on a BlockchainThe Operating System for AI: How Microservices and Serverless Computing Enable the Next Generation of Machine Intelligence - Chris Armstrong, Algorithmia - - At Algorithmia, we've built the AI layer, a complete “Operating System for Artificial Intelligence” -- a common interface for different algorithms to be used and combined, and a general architecture for serverless machine learning which is discoverable, scalable, and sharable. Our platform leverages a microservice architecture built on Kubernetes and Docker to power tens of thousands of algorithm developers in our open marketplace, as well as large-scale data science workloads at some of the largest enterprises. In this talk, we'll look at why machine learning is a natural fit for serverless computing, discuss a general architecture for scalable machine learning, and share lessons learned from our experience designing and implementing the largest "operating system" for AI/ML workloads.Spinnaker + Kubernetes: CI/CD Environments with Capstan - Monjay Settro, Kenzan - - Are you are interested in using a CI/CD system but not configuring it from scratch? Join us for a demonstration of Capstan, our new open source tool that allows you to quickly bootstrap a CI/CD environment into the cloud. During this presentation, we will discuss Capstan, how it integrates Kubernetes, Spinnaker, Jenkins and Helm charts and provision a working CI/CD environment in Google Compute Cloud.
3:45p -4:15pLevel Triggering and Reconciliation in Kubernetes - James Bowes, Manifold - - It is often said that Kubernetes is level triggered, as opposed to edge triggered. These are electrical engineering and systems programming concepts; how do they apply to a complex distributed system like Kubernetes? We will explore how this low-level systems programming concept is applied as a high-level philosophy to Kubernetes. We will examine its practical impacts on Kubernetes and how you can apply this philosophy to your own systems. For Immutable Infrastructure, Real Code Beats DSLs - Donna Malayeri, Pulumi - - As DevOps has evolved, developers are more often responsible for creating and managing the infrastructure their application code depends on. Unfortunately, cloud tools are designed around the previous ops model, where there were organizational silos between dev and ops teams. We’ll describe a novel idea: what if you could write code in a general purpose language, code that defines both your declarative infrastructure and your application logic? What if we go beyond the idea of infrastructure-as-code, and treat infrastructure as software? We’ll show how this approach creates a fundamental shift in the way in which modern cloud applications are designed and developed.Blowing Up the Monolith: Practical Advice on Microservices - Marco Palladino, Kong - - With the increasing maturity of container technology and orchestration tools like Kubernetes, transitioning from legacy monolithic applications to microservices is becoming more accessible to teams and organizations around the world. Based on my first hand experience with enterprise organizations and developers who have pursued the transition we will be looking at different strategies, common mistakes and the overall technical process.How to Create a Private Crypto-Currency - Reuven Cohen, CoinLaunch - - Get an in-depth look at how to build, deploy and manage a private crypto-currency using Kubernetes and Ethereum on the AppChains platform.
4:20p -5:00pSequencing Microservice Vulnerability Chaos in Kubernetes - Sabin Thomas, Bluefyre - - Have you ever seen a polyglot microservice application misbehave? What happens when your application cluster can self replicate, but suffers from sequenced chaos with vulnerable payloads or through version drift? In this session, we'll present some examples of this, and explore corrective and preventive steps for your application stack. Using a polyglot microservices app in Node.js and Go, we'll demonstrate how architecture choices at the design step and at runtime can enhance security resilience in a cluster orchestration environment such as Kubernetes.Data Operations: Building a New Discipline - Pat Patterson, Streamsets - - Traditional data integration had a waterfall model; we imagined that you could take inventory of your data sources, integrate them into a data warehouse, and walk away, basking in the glow of a job well done. Unfortunately, reality turns out to be somewhat more challenging. New data sources coming online and changing business requirements mean that many projects never even complete their initial discovery phase. The rise in data volume, evolving schema, and the need to continuously process data streams, soon overwhelm even those enterprises that do manage to populate a data warehouse. The data operations discipline, in contrast, considers change an inevitable, but manageable issue, promotes an agile approach, and iterates around a build-execute-operate cycle. Companies such as GlaxoSmithKline and Cox Automotive are already reaping the benefits of this more flexible approach to managing data in motion. Employing a strategy of continuous iteration, they integrate new and changing data sources without the headaches of the traditional approach. Anyone working with data in motion, from developers to CIOs, should attend this session to discover a new way of looking at an old problem.Self-healing Serverless Applications - Nate Taggart, Stackery - - Serverless applications increasingly involve distributed systems where errors and bottlenecks can have significant downstream impact. This can be compounded by the ephemeral nature of FaaS offerings in which errors can be difficult to diagnose retroactively. In this session we'll discuss instrumentation and "self-healing" architectural patterns that will improve resiliency of your application and drive improved observability and performance.
5:05p -5:35pKeynote: A Black Woman, CEO and Developer Walk Into a Workspace - Rakia Finley, FIN Digital - - The question, “What’s it like being a [INSERT TITLE HERE] in the industry” is a question we attempt to answer within the tech ecosystem daily that generates separation among our staff. However, this conversation at times is done to generate change while really creating division and never seems to get to the root of its issue. In this presentation we’ll discuss — the bigger issue within diversity within our development team. When unconscious bias affects how are teams work together and deploy innovations what happens? This session will discuss identifying your unique strengths, allowing your purpose to lead the way, and knowing what concessions you’re willing to make without resentment to relieve technology of bias production.
5:35p - 7:05pEvening Reception and Networking
Day 2 - Thursday, May 17, 2018
8:30a - 12:00pRegistration Open
8:30a - 9:15aDanishes and Coffee
9:00aDay 2 Begins - Eric Norlin
9:15a - 9:45aKeynote: Why Developers are the Future of Robotics -- Ian Bernstein, Misty Robotics - - The emerging robotics market is ripe for disruption at the hands of developers, likely reaching a market value of $13.2 billion by the end of 2022. There will be a world where robots will be seen and treated as our friends and part of our families - performing helpful tasks, providing safety, and interacting with humans in friendly ways only currently known to science fiction. In order for that day to come, robotics developer expert and Misty Robotics Founder & Head of Product Ian Bernstein will address the four principles for personal robots, how developers can tap into this emerging market, and what it will take for them to make personal robots a reality.
9:45a - 10:15aKeynote: This Job is Too Hard. Code, Draft, Metaparticle and the Future of Distributed Systems Development on Kubernetes - Brendan Burns, Microsoft - - More and more developers are being asked to build reliable distributed systems in the cloud. But the previous generation of tools and languages were designed for desktop, not cloud environments. Fortunately, in containers and Kubernetes a foundation has been created for the development of cloud native tools for developer productivity. We'll walk through the current state of the world and also discuss directions and opportunities for the future.
10:15a - 10:45a Morning Break
10:45a - 11:05aKeynote: Have Your Layer Cake and Eat it Too: Decomposing Service Descriptions & the Future of API Design - Emmanuel Paraskakis, Oracle + Apiary - - Monolithic API Description Documents have served us well. But as our services evolve, we find ourselves constantly working around their limitations. It’s time to evolve Service Descriptions - learn about a new approach that helps API Design and Documentation scale.
10:45a - 11:15aPassport Prize Announcements
Breakout 1Breakout 2Breakout 3Breakout 4 (Spruce)Breakout 5 (Fir)Breakout 6 (Birch)
11:20a - 11:50aMonolithic and Legacy applications in Kubernetes - Kris Nova, Heptio - - Kubernetes is a technical investment, but comes at a cost. In this presentation we explore the risk and value associated with migrating large monolithic applications to Kubernetes. We explain the technical value gained from a migration. The audience will walk away feeling safe to intelligently comment on if moving to Kubernetes is right for their IT team. Design-First API Development with OpenAPI (and Apicurio) - Eric Wittmann, Red Hat - - In our current world of agile microservice development, there is a great need
to build decoupled services with strong API contracts. This can obviously bedone in a number of ways, but a useful and compelling approach is Contract-First.
In this session I'll discuss techniques for developing REST APIs using this Contract First approach while leveraging a number of available open source tools. I'll
also review some challenges that must be overcome, and some opportunities for improvement.
AI for the Enterprise - Heather Dykstra, Salesforce - - Artificial Intelligence (AI) is quickly becoming a part of our everyday lives, from our coffee pot to our car. By putting AI into everything we develop, we are empowering our applications to be the best in class. Come learn more about what AI means for you and how to quickly implement it in your applications without having to be an AI expert. The Best Practices and Hard Lessons Learned of Serverless Applications - Chris Munns, Amazon Web Services -- In November 2014, AWS Lambda introduced developers to serverless compute with automatic scaling, pay-per-request billing, and built-in high availability. As a result, startups and enterprises are changing the way they build their applications. Since then, we've learned a lot from our customers about what it takes to build successful serverless applications. We’ve also seen some common and not so common missteps that developers building serverless applications have made along the way. Today, we're going to share those learnings, and show you how you can build the best serverless application that you can.Creating a QA Strategy - Russell Smith, Rainforest QA - - Good QA enables developers to move faster, while having a consistent set of checks for the work they do. Most companies do QA in one for or another, though few seem to have a formal strategy around it. But doing QA without a clear strategy or measurement can leave teams with an insufficient process that pulls resources and time away from the team without providing the insights they need to be successful. In this session, I'll teach you the basics of what I've learnt from talking to hundreds of companies about QA Strategy. You will learn what goes into a good QA strategy, how to start creating one, how to measure its effectiveness, and more..Build, Test and Deploy Your Microservices Automatically with a Battle-Tested Dev-Ops Pipeline - Jon Christensen, Kelsus Inc. - In this talk, Jon Christensen will discuss the details and decisions behind the CI/CD pipeline Kelsus uses for almost all of its projects. As mainly a Node.js shop with React front ends and Postgres datastores, the Kelsus CI/CD pipeline uses Docker and AWS extensively -- including AWS’s Elastic Container Service for container management and orchestration. We'll talk about the set of tools and processes at each stage in the pipeline, and demonstrate that we've arrived at the right balance between automation provided by third party tools and developer control over the whole process.
11:50a - 12:50p Lunch with Gluecon Exhibitors
12:50p - 1:30pNetworking with Gluecon Exhibitors
Breakout 1Breakout 2Breakout 3
1:30p - 2:00pA Security-First Approach to Designing API Services - Stephen Gates, Oracle+Dyn - - With the proliferation of mobile applications, the demand for server-to-server communications and the increasingly complicated requirements for micro services, more and more organizations are deploying API (application programming interface) endpoints at an increasing rate. This creates a broader attack surface that is increasingly a target for savvy threat actors and malicious botnets. Organizations need to protect web services from DDoS attacks and malicious bots without compromising legitimate API traffic or hindering deployment schedules and agile workflows. Join our breakout session and learn how to mitigate your API endpoints from being the weakest link. This session will discuss:·Why traditional methods, such as IP rate limiting, are not truly effective. · How to use advanced identifiers to determine the legitimacy of API calls · How to effectively use a change management dashboard to build security without interrupting workflowsYou Don't Know JaC?: Managing Jenkins as Code - Brian Mericle - - How many jobs are defined in your Jenkins installation? How many of those jobs actually run? How many of those jobs are just clones of each other with a slightly different configuration? If you let out a heavy sigh after thinking about these questions, and you don't already manage your Jenkins through code, this talk is for you. I will cover the pros and cons of managing Jenkins through code and will demo by creating some sample jobs and pipelines through code.Online Fraud Fighting with Our Virtual Card Number API - Matthew Ziegler, Capital One - - Online fraud in the U.S. is estimated to grow from $2.8 billion in 2014 to $7.2 billion in 2020. To increase security while shopping online, while simultaneously providing a better experience for customers, Capital One is introducing the Virtual Card Number API. When productionized this API will allow online merchants to request a Virtual Card Number for their Capital One customers which is more secure and provides fewer payment disruptions than traditional plastic card numbers.
2:05p - 2:35pAccelerating Change: How Lyft Engineers Author, Test and Deploy Code at Scale - Ryan Cox, Lyft - - This talk will outline the process by which engineers at Lyft go from concept to deployed code at scale. Aspects of Lyft's CI system, test infrastructure, spot instance management, deployment tools and observability stack will be described. Lessons learned scaling an engineering organization will be discussed along with future plans.How Serverless and the OpenAPI Specification Can Accelerate your API Development - Keshav Vasudevan, Smartbear Software - - Developers and teams are increasingly adopting an API First approach as APIs to minimize product liability and maximize product value across multiple clients. The OpenAPI Specification goes hand-in-hand with an API-first approach, proving a simple solution to designing REST interfaces. Serverless infrastructure is also gaining popularity by the day, with AWS Lambda leading the way forward for the future of Serverless engineering. In this session, I will be taking a deep dive into understanding what exactly is an API First approach with the OpenAPI Specification (OAS), discuss Serverless architecture, and detail how AWS Lambda, API Gateway and the OAS work together for holistic API design development and management. Improving the API Experience Using SDKs - Nauman Ali, APIMatic - There exists a lot of misconceptions and skepticism around SDKs. Although criticized for being expensive to build and maintain, there is no denying how crucial they have proved to be for API Consumption. With the growing popularity of APIs and microservices, well-written SDKs can really help you optimize your consumption experience for both Internal and External platforms. I’ll talk about the importance of SDKs, design decisions that can help you produce more effective client libraries and how top API providers have used SDKs to improve developer adoption. I’ll be then taking a deep dive into the possibility of leveraging your API specification to automatically generate language idiomatic client libraries, and how automatic generation of SDKs can help you reduce change reflection time within your internal API-driven microservices structure and cut down on cost and development time while improving API adoption in external APIs. Finally, I’ll be walking you through the comparison of tools available for Client-side code and code sample generation and the pros and cons that come with them.
2:40p - 3:10pOptimizing Linux Containers for the Internet of Things - Zach Walchuk, - -The benefits of Linux containers, including portability across platforms and minimal overhead, make them an attractive technology for the Internet of Things, providing a bridge between the cloud and embedded worlds. However, in any production IoT scenario, there are still a number of potential pitfalls that containers don’t, by default, solve for: unreliable networks, power failures, and device compatibility, to name a few. In this session, we’ll look at how containers can be optimized to run on remote, internet-connected devices, bringing container and microservice architectures to the edge.How GitHub Combined with CI Empowers Rapid Product Delivery at Credit Karma - Amit Mishra, Credit Karma - - We will discuss how GitHub and self service continuous integration (CI) helps Credit Karma rapidly deliver new features to over 60 million members. We will review how Credit Karma streamlined and scaled growing CI needs stemming from an army of engineers decomposing monolith into services. Strategies to Enable Localization on Metadata Based Systems - Charles Kimaita & Adrian DeKlerk, Cherwell Software - - Localizing a service is so much more than simply applying a translation filter. The subtle nuances of language as well as understanding how different cultures interact with their work has major implications on how we build our software, processes and applications. We will explore how to localize and internationalise a metadata-based code base that is intended to be customized by users. We must account for all ways that customers and users can customize and extend a product in addition to understanding how enterprise systems fit together. This session will break down that approach.
3:15p - 3:45p Keynote: Emergent Architectures and the Future of API Security - Rob Zazueta, Tibco - - As we move from N-tier architectures to microservices, serverless, smart contracts, and beyond, it's no longer clear where your code will execute — and it may not even matter. However, this shift introduces new command and control concerns that are best to address upfront—before they turn into massive security issues. In this talk, TIBCO’s Rob Zazueta will lay out the current state and future path of distributed computing and offer insight into strategies for securing our code —wherever it may ultimately live.
3:45p - 4:00pClosing Comments - GlueCon 2017 Ends
Main menu