Sort by:  

Authors: James Callaghan

tldr - powered by Generative AI

The presentation discusses the use of threat modeling in a fictitious example of a workload architecture, and the importance of prototyping early to understand how technologies integrate with each other and what can go wrong.
  • The example architecture includes an external facing service using TLS, mutual TLS for service communication, and web identity federation for accessing AWS services
  • Two approaches are presented: a simple web service and a service mesh approach using Istio and OPA
  • Data flow diagrams are essential for threat modeling and can be used to apply STRIDE to individual communications
  • Prototyping early helps to understand technology integration and potential issues
  • The presentation includes a relevant anecdote about a last-minute issue with AWS policies on S3 buckets
Authors: Zhonghu Xu

tldr - powered by Generative AI

The presentation discusses the challenges and solutions for implementing a multi-cloud strategy in organizations, with a focus on the use of Kubernetes Commander and Easter for inter-cloud communication.
  • The need for companies to maintain strict compliance with data privacy regulations is increasing, making a multi-cloud strategy the most effective and efficient approach.
  • Multi-cloud strategy offers improved security, better failover options, enhanced disaster recovery, and improved flexibility and scalability.
  • The challenges of managing multi-container clusters include workload fragmentation, resource scheduling, and vendor locking.
  • Kubernetes Commander is an open and cloud-native multi-cloud orchestration engine that provides a central control line for managing multi-cloud clusters.
  • Easter is a service mesh project that facilitates inter-cloud communication by securely encrypting traffic and providing DNS resolution.
  • Flat network and different network models have their own advantages and challenges for implementing a multi-cloud strategy.