SlideShare une entreprise Scribd logo

Node.js meetup at Palo Alto Networks Tel Aviv

Télécharger en tant que PPTX, PDF
Ron Perlmuter
Ron Perlmuter

Node.js - concurrency, microservices, docker

Technologie
1  sur  62
Node.js - concurrency, microservices, docker Dreaming on a job at Palo Alto? Get a real one in Palo Alto Networks Palo Alto Networks TLV is hiring experienced Node.js developers! Send your CV to: jobs-il@paloaltonetworks.com & Yaron Biton Oleg Verhovsky Amir Jerbi
Yaron Biton, CTO misterBIT.co.il … and then there was Javascript everywhere … Concurrency
My Technology Journey 1986 Commodore 64 Basic 1995 JCL, PL/I 1998 PC Main Frame C++ & Java 2003 Apps Servers JEE Architect 2007 Open Source PHP 2009 Everywhere Javascript
What do I do? Focused on Javascript Everywhere 12 weeks bootcamp that qualifies Full-stack Javascript developers. • Professional developers training • High End Consulting • Outsourcing
Its Javascript all the way Javascript is becoming an end to end choice for companies
ebay: Why we chose node.js? (for a project) • excellent support for async I/O • Low per-connection memory overhead – “We were able to tune a regular developer-quality Ubuntu workstation to handle more than 120,000 active connections per node.js process, with each connection consuming about 2k memory” • The full story: http://www.ebaytechblog.com/2011/11/30/announcing-ql-io/
Linkedin: Why we switched from Ruby to node.js? • Node is optimized for JSON, which was what our backend was giving us, as well as what our front end was looking to consume. • In our use cases, Node was roughly 20 times faster • Memory footprint is also a factor. We looked at how well VMs (virtual machines) worked in several languages, and the V8 JavaScript Engine just blew everything else away. • The extent of code reduction proved to be huge — from 60,000 lines down to 2000. • Node is getting a lot of hype, that made it easier for me to recruit.
Need for Speed: Groupon Migrated to Node.js “We’re able to serve much higher traffic,” McCullough said. Before the change to Node, a Starbucks deal was so popular that it brought the site down. “The next time, that didn’t happen,” McCullough said. On top of that, he said, pages now take less time to load for end users. http://www.datacenterknowledge.com/archives/2013/12/06/need-speed-groupon-migrated-node-js/
Node.js • Node.js is an open source platform built on Chrome's JavaScript runtime (V8) for easily building fast, scalable network applications. • Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, • Suitable for data-intensive real-time applications that run across distributed devices.
Node.js
A Simple Node Server • In this basic web server example, many client connections can be handled concurrently. • Node (libuv C module) tells the operating system that it should be notified when a new connection is made. • When someone connects, then it executes the callback - Each connection is only a small heap allocation. var http = require('http'); http.createServer(function (req, res) { res.writeHead(200, {'Content-Type': 'text/plain'}); res.end('Hello misterBITn'); }).listen(1337, "127.0.0.1"); console.log('Server running at http://127.0.0.1:1337/');
Node.js Efficiency • Single threaded - nodejs only uses one thread. • Most APIs are asynchronous by nature, (i.e. do not perform direct I/O, so the process never blocks. • Node enjoys memory efficiency under high-load – Most systems allocate at least 2mb per thread – You cant dead-lock the process — there are no locks.
Node.js Efficiency no server has the non- blocking ecosystem of Node.js today. Over 50k modules all written in the async style, ready to use
A Deeper look into Node.js Efficiency • Actual threads are contained at low level – and thus remain constrained in size and number, – and the thread synchronization is thus simplified • OS-level "switching" via select() is faster than thread context swaps (read about the C10K problem here) • Threads are really hard. Developers are likely to: – break due to bugs – not use them as efficiently as possible
The Reactor Pattern The application expresses the interest to access a resource at one point in time (without blocking) and provides a handler, which will later be invoked when the operation completes. A Node.js application exits when there are no more pending operations in the Event Demultiplexer, and no more events to be processed inside the Event Queue
Libuv - The non-blocking I/O engine of Node.js • Each operating system has its own interface for the Event Demultiplexer: – epoll on Linux, kqueue on Mac OS X, and I/O Completion Port API (IOCP) on Windows. • So In Node.js, libuv (a C library), is in charge of normalizing the non-blocking behavior.
Shared-state concurrency is difficult incorrect synchronization, deadlocks, inconsistent behavior, lost updates or dirty reads, are all there like an accident waiting to happen. Lets put some dead code corps on the table: • Race Conditions • None Atomic operations (writing to long!) • Volatiles • Write Buffers • Padding • ConcurrentCollections, CopyOnWrite,
What About CPU Bound Apps?
What About CPU Bound Apps? • If you naively do heavy computation in Node, you suddenly become a very uncooperative single-tasker. (i.e. – applying a filter on photo, find primes, etc) • But there are ways! • You can sometimes break calculations with setImmediate i.e. creating a none-blocking-forEach • We can use the Cluster module and break the server into micro services • Sometimes, we can spawn some of the calculations to be handled on the client side with Web Workers!
Summary Slides and Demos: http://bit.ly/misterbit-electron Node.js Single Threaded model makes our life easier and safer!
Slides and Demos: http://bit.ly/misterbit-electron Node.js is Great Javascript is Great, And Angular2 is coming. http://angularworkshop.co.il/
Questions? misterBIT.co.il
Keep on diving misterBIT.co.il
Micro Services Overview Dec 2015
About Codefresh A Docker platform for development teams w automated Docker Flow (Workflow for Docker images). Build, Run & Test Docker based applications
Is “Micro Services Architecture” a really new concept Back to “SOA” day : • Abstract Service Definition • Agnostic to technological stack • Decoupled and isolated Containerization technologies (Docker) provides standard way to build and deploy services based solutions
So what is Micro Service? Logically / Business wise independent Unit Deployable Scalable
Micro Services + Docker , in right place at right time Standard creation of deployable units Ability to deploy images on different environments. Easy scale of distributed application Growing tool chain helps to orchestrate containers (SWARM , Kubernetes , Mesos)
From Monolithic App to Micro Services
And now back to reality
Desirable flow
In reality it might look like
From Monolith to Micro Service Definition of services Discovery pattern Testing Practices Release lifecycle Deployment strategy
Auth API Worker Auth API Worker Worker Worker Example of migration
WebUI CommandLine API Team Management Workflow Manager Entity Manager Monitoring Routing Template Manager Integrations (Jira,etc) Builder Builder Runner Runner Runner Build Mongo Redis Hosted in Codefresh Run WebHook Local Registry DockerHub Registry
Lessons learned Architecture should evolve over time based on use case and customer feedback. It will include adding new micro services from one side and rearranging existing one. Testing - Make sure that every service testes through unit and API tests. Development environment - Stable development environment that will enable to focus on developing specific service without need to setup all system locally Release process should be adopted and continuously improved. Continues deployment with an ability to push every micro service in independent way Monitoring and logging of both single micro services and consolidate log
Release life cycle monolithic vs microservices Push1 Push2 V1.0 V1.1 V1.2 Push2 Service 1 V1.0 V1.2 V1.3 Service 2 No change V1.0 No change Service 3 No change No change V1.0
Development Environment for Micro service based architecture Docker Compose Vagrant OttO AZY other
@codefresh additional resources Codefresh blog blog.codefresh.io Containers #101 http://www.meetup.com/Containers-101-online-meetup/ Get your own account www.codefresh.io
Thank You
4 Steps for Developing a Secured Containerized NodeJS Application Amir Jerbi | CTO @ Scalock | @jerbia
Building a Secured Containerized NodeJS App 1. Secure Coding 2. Containerized! 3. Monitor Changes 4. Update Packages 42
1.Secure Coding 43
Know Your HTTP Headers Reference: https://www.owasp.org/index.php/List_of_useful_HTTP_headers HTTP Headers Why? Example Strict-Transport-Security Make sure channel is encrypted. Always. Strict-Transport-Security: max- age=16070400; includeSubDomains X-Frame-Options Hidden iframes can be used for clickjacking attacks X-Frame-Options: deny X-XSS-Protection Browser based XSS protection X-XSS-Protection: 1; mode=block X-Content-Type-Options Prevent mime type sniffing X-Content-Type-Options: nosniff 44
Secure & Verify Data Received from User ● Sanitize inputs: ○ SQL Injections ○ Form field sanitation ○ URL query string sanitation ● Sign or Encrypt Sensitive Cookie data ● CSRF References: https://www.npmjs.com/package/csrf https://www.npmjs.com/package/sanitize-html https://www.npmjs.com/package/cookie-encryption 45
Authentication ● Complex passwords ● Authenticate your REST API - JSON Web Tokens ● Brute force protection - rate limit authentications References: http://passportjs.org/ https://github.com/jhurliman/node-rate-limiter https://www.npmjs.com/package/owasp-password-strength-test 46
Remove Secrets from Your Code! What are Secrets? ● Hard-coded username and passwords ● Encryption keys ● Access Keys (AWS, Google) Where to Store them? ● Fetch from Secured location ● Keep in memory, git rid when not needed ● Encrypt Reference: https://security.web.cern.ch/security/recommendations/en/password_alternatives.sht ml https://square.github.io/keywhiz/ 47
2. Containerize! 48
What are Software Containers? Server Virtualization method that is: ● Lightweight, has a small footprint ● Allows running multiple isolated processes on a shared kernel (OS) ● Little to no overhead 49
Popular Container Engines 50
How Easy it is? Very. ● Ready made NodeJS packages from https://dockerhub.com ● No need to install or configure - simply run it... 51
Build - Deploy - Run ● Create a Dockerfile to automate build of your application. ● Easily run as daemon using “docker run -d” command. 52
Security Benefits of Containers ● Better control on dependencies: ship your code with its packages ● Compromised applications are still contained within container boundaries ● Built-in mechanisms to identify changes in container ● Better control on your deployment environment 53
3. Monitor Changes 54
Did Someone Change My Container? ● Use “docker diff” to see changes made in a running container. ○ C - modified ○ A - new ○ D - deleted 55
4. Update Packages 56
Common Vulnerabilities and Exposures (CVEs) ● Almost every software package has security issues. ● The older the package is - the chances it has more issues. ● Node nsp can be used to find vulnerable npm packages. References: https://web.nvd.nist.gov/view/vuln/search https://nodesecurity.io/tools 57
Peekr - Check Image Vulnerabilities References: https://peekr.scalock.com 58
Putting it All Together 59
Summary ● Containers are not the cure for everything. Good programming is still the basis for good security. Take a look at OWASP top 10 vulnerabilities: https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet ● CVEs are serious problem. Make sure you have a process to manage them. ● Containers adds to your visibility and control - better manage what’s being deployed. ● If you’ve been hacked then at least compromised code is running inside a container. 60
Questions?
Node.js - concurrency, microservices, docker Dreaming on a job at Palo Alto? Get a real one in Palo Alto Networks Palo Alto Networks TLV is hiring experienced Node.js developers! Send your CV to: jobs-il@paloaltonetworks.com & Yaron Biton Oleg Verhovsky Amir Jerbi

Recommandé

Discrete Event Simulation, CASE tool built using C#
Discrete Event Simulation, CASE tool built using C#Discrete Event Simulation, CASE tool built using C#
Discrete Event Simulation, CASE tool built using C#Ron Perlmuter
 
Java vs .Net
Java vs .NetJava vs .Net
Java vs .NetTejasvi Rastogi
 
Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)
Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)
Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)Mickael Istria
 
Elephant Carpaccio
Elephant CarpaccioElephant Carpaccio
Elephant CarpaccioLars Thorup
 
Core Java Slides
Core Java SlidesCore Java Slides
Core Java SlidesVinit Vyas
 
Driving and virtualizing control systems: the Open Source approach used in Wh...
Driving and virtualizing control systems: the Open Source approach used in Wh...Driving and virtualizing control systems: the Open Source approach used in Wh...
Driving and virtualizing control systems: the Open Source approach used in Wh...Igalia
 
TIBCO Jaspersoft en el sector público
TIBCO Jaspersoft en el sector públicoTIBCO Jaspersoft en el sector público
TIBCO Jaspersoft en el sector públicoIT-NOVA
 
BBLL.- Encuentra el billete a A Coruña
BBLL.- Encuentra el billete a A CoruñaBBLL.- Encuentra el billete a A Coruña
BBLL.- Encuentra el billete a A CoruñaIberia
 

Recommandé

Discrete Event Simulation, CASE tool built using C#
Discrete Event Simulation, CASE tool built using C#Discrete Event Simulation, CASE tool built using C#
Discrete Event Simulation, CASE tool built using C#Ron Perlmuter
 
Java vs .Net
Java vs .NetJava vs .Net
Java vs .NetTejasvi Rastogi
 
Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)
Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)
Whats new in Eclipse Indigo ? (@DemoCamp Grenoble 2011)Mickael Istria
 
Elephant Carpaccio
Elephant CarpaccioElephant Carpaccio
Elephant CarpaccioLars Thorup
 
Core Java Slides
Core Java SlidesCore Java Slides
Core Java SlidesVinit Vyas
 
Driving and virtualizing control systems: the Open Source approach used in Wh...
Driving and virtualizing control systems: the Open Source approach used in Wh...Driving and virtualizing control systems: the Open Source approach used in Wh...
Driving and virtualizing control systems: the Open Source approach used in Wh...Igalia
 
TIBCO Jaspersoft en el sector público
TIBCO Jaspersoft en el sector públicoTIBCO Jaspersoft en el sector público
TIBCO Jaspersoft en el sector públicoIT-NOVA
 
BBLL.- Encuentra el billete a A Coruña
BBLL.- Encuentra el billete a A CoruñaBBLL.- Encuentra el billete a A Coruña
BBLL.- Encuentra el billete a A CoruñaIberia
 
465 chistes y-leyes-(menudospeques.net)
465 chistes y-leyes-(menudospeques.net)465 chistes y-leyes-(menudospeques.net)
465 chistes y-leyes-(menudospeques.net)feracris
 
Retos y oportunidades en Archivos y Gestión Documental ante la Web Semántica
Retos y oportunidades en Archivos y Gestión Documental ante la Web SemánticaRetos y oportunidades en Archivos y Gestión Documental ante la Web Semántica
Retos y oportunidades en Archivos y Gestión Documental ante la Web SemánticaAna Carrillo Pozas
 
Tarea Modulo 3
Tarea Modulo 3Tarea Modulo 3
Tarea Modulo 3imilce
 
Muelles y resortes
Muelles y resortesMuelles y resortes
Muelles y resortesCarlos A Ramírez Rojas
 
Frascati Manual 2015
Frascati Manual 2015Frascati Manual 2015
Frascati Manual 2015innovationoecd
 
Marchantia
MarchantiaMarchantia
MarchantiaJayakara Bhandary
 
Prevent ssh-tunneling
Prevent ssh-tunnelingPrevent ssh-tunneling
Prevent ssh-tunnelingYudi Arijanto
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
Maria noemi1
Maria noemi1Maria noemi1
Maria noemi1Claudia Patricia
 
3 ¦ cuaresma
3 ¦ cuaresma3 ¦ cuaresma
3 ¦ cuaresmalobogame
 
TABISH NAQVI RESUME (1)
TABISH NAQVI RESUME (1)TABISH NAQVI RESUME (1)
TABISH NAQVI RESUME (1)TABISH RAZA NAQVI
 
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...10 cosas que deberías saber para implantar la ley de transparencia en el ayun...
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...Victor Almonacid
 
Internet Mobile Web 2.0
Internet Mobile Web 2.0Internet Mobile Web 2.0
Internet Mobile Web 2.0Emprende Futuro
 
Aqt Email Flier 051712
Aqt Email Flier 051712Aqt Email Flier 051712
Aqt Email Flier 051712Baysgroup
 
Mini-Adressa
Mini-AdressaMini-Adressa
Mini-AdressaThinfaniel
 
Bad angels
Bad angelsBad angels
Bad angelsTim Archer
 
Os círculos concêntricos do trauma
Os círculos concêntricos do traumaOs círculos concêntricos do trauma
Os círculos concêntricos do traumaMarcel Beer Kremnitzer
 
Atención residencial, pautas básicas para una atención de calidad a las perso...
Atención residencial, pautas básicas para una atención de calidad a las perso...Atención residencial, pautas básicas para una atención de calidad a las perso...
Atención residencial, pautas básicas para una atención de calidad a las perso...Generación de Jóvenes Rompiendo Barreras
 
Las 3 Mejores Jugadoras en la Historia
Las 3 Mejores Jugadoras en la HistoriaLas 3 Mejores Jugadoras en la Historia
Las 3 Mejores Jugadoras en la HistoriaAnghela Ojeda
 
Playing is a core human desire - How social games change the entertainment in...
Playing is a core human desire - How social games change the entertainment in...Playing is a core human desire - How social games change the entertainment in...
Playing is a core human desire - How social games change the entertainment in...Wooga
 
Beginners Node.js
Beginners Node.jsBeginners Node.js
Beginners Node.jsKhaled Mosharraf
 
IBM and Node.js - Old Doge, New Tricks
IBM and Node.js - Old Doge, New TricksIBM and Node.js - Old Doge, New Tricks
IBM and Node.js - Old Doge, New TricksDejan Glozic
 

Contenu connexe

En vedette

465 chistes y-leyes-(menudospeques.net)
465 chistes y-leyes-(menudospeques.net)465 chistes y-leyes-(menudospeques.net)
465 chistes y-leyes-(menudospeques.net)feracris
 
Retos y oportunidades en Archivos y Gestión Documental ante la Web Semántica
Retos y oportunidades en Archivos y Gestión Documental ante la Web SemánticaRetos y oportunidades en Archivos y Gestión Documental ante la Web Semántica
Retos y oportunidades en Archivos y Gestión Documental ante la Web SemánticaAna Carrillo Pozas
 
Tarea Modulo 3
Tarea Modulo 3Tarea Modulo 3
Tarea Modulo 3imilce
 
Prevent ssh-tunneling
Prevent ssh-tunnelingPrevent ssh-tunneling
Prevent ssh-tunnelingYudi Arijanto
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
3 ¦ cuaresma
3 ¦ cuaresma3 ¦ cuaresma
3 ¦ cuaresmalobogame
 
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...10 cosas que deberías saber para implantar la ley de transparencia en el ayun...
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...Victor Almonacid
 
Aqt Email Flier 051712
Aqt Email Flier 051712Aqt Email Flier 051712
Aqt Email Flier 051712Baysgroup
 
Atención residencial, pautas básicas para una atención de calidad a las perso...
Atención residencial, pautas básicas para una atención de calidad a las perso...Atención residencial, pautas básicas para una atención de calidad a las perso...
Atención residencial, pautas básicas para una atención de calidad a las perso...Generación de Jóvenes Rompiendo Barreras
 
Las 3 Mejores Jugadoras en la Historia
Las 3 Mejores Jugadoras en la HistoriaLas 3 Mejores Jugadoras en la Historia
Las 3 Mejores Jugadoras en la HistoriaAnghela Ojeda
 
Playing is a core human desire - How social games change the entertainment in...
Playing is a core human desire - How social games change the entertainment in...Playing is a core human desire - How social games change the entertainment in...
Playing is a core human desire - How social games change the entertainment in...Wooga
 

En vedette (20)

465 chistes y-leyes-(menudospeques.net)
465 chistes y-leyes-(menudospeques.net)465 chistes y-leyes-(menudospeques.net)
465 chistes y-leyes-(menudospeques.net)
 
Retos y oportunidades en Archivos y Gestión Documental ante la Web Semántica
Retos y oportunidades en Archivos y Gestión Documental ante la Web SemánticaRetos y oportunidades en Archivos y Gestión Documental ante la Web Semántica
Retos y oportunidades en Archivos y Gestión Documental ante la Web Semántica
 
Tarea Modulo 3
Tarea Modulo 3Tarea Modulo 3
Tarea Modulo 3
 
Muelles y resortes
Muelles y resortesMuelles y resortes
Muelles y resortes
 
Frascati Manual 2015
Frascati Manual 2015Frascati Manual 2015
Frascati Manual 2015
 
Marchantia
MarchantiaMarchantia
Marchantia
 
Prevent ssh-tunneling
Prevent ssh-tunnelingPrevent ssh-tunneling
Prevent ssh-tunneling
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFW
 
Maria noemi1
Maria noemi1Maria noemi1
Maria noemi1
 
3 ¦ cuaresma
3 ¦ cuaresma3 ¦ cuaresma
3 ¦ cuaresma
 
TABISH NAQVI RESUME (1)
TABISH NAQVI RESUME (1)TABISH NAQVI RESUME (1)
TABISH NAQVI RESUME (1)
 
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...10 cosas que deberías saber para implantar la ley de transparencia en el ayun...
10 cosas que deberías saber para implantar la ley de transparencia en el ayun...
 
Internet Mobile Web 2.0
Internet Mobile Web 2.0Internet Mobile Web 2.0
Internet Mobile Web 2.0
 
Aqt Email Flier 051712
Aqt Email Flier 051712Aqt Email Flier 051712
Aqt Email Flier 051712
 
Mini-Adressa
Mini-AdressaMini-Adressa
Mini-Adressa
 
Bad angels
Bad angelsBad angels
Bad angels
 
Os círculos concêntricos do trauma
Os círculos concêntricos do traumaOs círculos concêntricos do trauma
Os círculos concêntricos do trauma
 
Atención residencial, pautas básicas para una atención de calidad a las perso...
Atención residencial, pautas básicas para una atención de calidad a las perso...Atención residencial, pautas básicas para una atención de calidad a las perso...
Atención residencial, pautas básicas para una atención de calidad a las perso...
 
Las 3 Mejores Jugadoras en la Historia
Las 3 Mejores Jugadoras en la HistoriaLas 3 Mejores Jugadoras en la Historia
Las 3 Mejores Jugadoras en la Historia
 
Playing is a core human desire - How social games change the entertainment in...
Playing is a core human desire - How social games change the entertainment in...Playing is a core human desire - How social games change the entertainment in...
Playing is a core human desire - How social games change the entertainment in...
 

Similaire à Node.js meetup at Palo Alto Networks Tel Aviv

IBM and Node.js - Old Doge, New Tricks
IBM and Node.js - Old Doge, New TricksIBM and Node.js - Old Doge, New Tricks
IBM and Node.js - Old Doge, New TricksDejan Glozic
 
Architecture: When, how, and if to Adopt Microservices
Architecture: When, how, and if to Adopt MicroservicesArchitecture: When, how, and if to Adopt Microservices
Architecture: When, how, and if to Adopt MicroservicesAmazon Web Services
 
An introduction to Node.js
An introduction to Node.jsAn introduction to Node.js
An introduction to Node.jsKasey McCurdy
 
DockerCon SF 2015: Docker at Lyft
DockerCon SF 2015: Docker at LyftDockerCon SF 2015: Docker at Lyft
DockerCon SF 2015: Docker at LyftDocker, Inc.
 
Micro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMicro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMiki Lombardi
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...NRB
 
TransitioningToMicroServonDocker_MS
TransitioningToMicroServonDocker_MSTransitioningToMicroServonDocker_MS
TransitioningToMicroServonDocker_MSLana Kalashnyk
 
Microservices: How loose is loosely coupled?
Microservices: How loose is loosely coupled?Microservices: How loose is loosely coupled?
Microservices: How loose is loosely coupled?John Rofrano
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC vipin kumar
 
Reactive Amsterdam - Maxim Burgerhout - Quarkus Intro
Reactive Amsterdam - Maxim Burgerhout - Quarkus IntroReactive Amsterdam - Maxim Burgerhout - Quarkus Intro
Reactive Amsterdam - Maxim Burgerhout - Quarkus IntroFabio Tiriticco
 
JAX 2014 - The PaaS to a better IT architecture.
JAX 2014 - The PaaS to a better IT architecture.JAX 2014 - The PaaS to a better IT architecture.
JAX 2014 - The PaaS to a better IT architecture.Sebastian Faulhaber
 

Similaire à Node.js meetup at Palo Alto Networks Tel Aviv (20)

Beginners Node.js
Beginners Node.jsBeginners Node.js
Beginners Node.js
 
IBM and Node.js - Old Doge, New Tricks
IBM and Node.js - Old Doge, New TricksIBM and Node.js - Old Doge, New Tricks
IBM and Node.js - Old Doge, New Tricks
 
Architecture: When, how, and if to Adopt Microservices
Architecture: When, how, and if to Adopt MicroservicesArchitecture: When, how, and if to Adopt Microservices
Architecture: When, how, and if to Adopt Microservices
 
An introduction to Node.js
An introduction to Node.jsAn introduction to Node.js
An introduction to Node.js
 
Cont0519
Cont0519Cont0519
Cont0519
 
DockerCon SF 2015: Docker at Lyft
DockerCon SF 2015: Docker at LyftDockerCon SF 2015: Docker at Lyft
DockerCon SF 2015: Docker at Lyft
 
Node js
Node jsNode js
Node js
 
Node js internal
Node js internalNode js internal
Node js internal
 
Micro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMicro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - Plansoft
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...
 
Nodejs overview
Nodejs overviewNodejs overview
Nodejs overview
 
TransitioningToMicroServonDocker_MS
TransitioningToMicroServonDocker_MSTransitioningToMicroServonDocker_MS
TransitioningToMicroServonDocker_MS
 
ServerSentEvents.pdf
ServerSentEvents.pdfServerSentEvents.pdf
ServerSentEvents.pdf
 
Microservices: How loose is loosely coupled?
Microservices: How loose is loosely coupled?Microservices: How loose is loosely coupled?
Microservices: How loose is loosely coupled?
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC
 
Reactive Amsterdam - Maxim Burgerhout - Quarkus Intro
Reactive Amsterdam - Maxim Burgerhout - Quarkus IntroReactive Amsterdam - Maxim Burgerhout - Quarkus Intro
Reactive Amsterdam - Maxim Burgerhout - Quarkus Intro
 
DevOps demystified
DevOps demystifiedDevOps demystified
DevOps demystified
 
Docker12 factor
Docker12 factorDocker12 factor
Docker12 factor
 
JAX 2014 - The PaaS to a better IT architecture.
JAX 2014 - The PaaS to a better IT architecture.JAX 2014 - The PaaS to a better IT architecture.
JAX 2014 - The PaaS to a better IT architecture.
 

Dernier

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Dernier (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Node.js meetup at Palo Alto Networks Tel Aviv

  • 1. Node.js - concurrency, microservices, docker Dreaming on a job at Palo Alto? Get a real one in Palo Alto Networks Palo Alto Networks TLV is hiring experienced Node.js developers! Send your CV to: jobs-il@paloaltonetworks.com & Yaron Biton Oleg Verhovsky Amir Jerbi
  • 2. Yaron Biton, CTO misterBIT.co.il … and then there was Javascript everywhere … Concurrency
  • 3. My Technology Journey 1986 Commodore 64 Basic 1995 JCL, PL/I 1998 PC Main Frame C++ & Java 2003 Apps Servers JEE Architect 2007 Open Source PHP 2009 Everywhere Javascript
  • 4. What do I do? Focused on Javascript Everywhere 12 weeks bootcamp that qualifies Full-stack Javascript developers. • Professional developers training • High End Consulting • Outsourcing
  • 5. Its Javascript all the way Javascript is becoming an end to end choice for companies
  • 6. ebay: Why we chose node.js? (for a project) • excellent support for async I/O • Low per-connection memory overhead – “We were able to tune a regular developer-quality Ubuntu workstation to handle more than 120,000 active connections per node.js process, with each connection consuming about 2k memory” • The full story: http://www.ebaytechblog.com/2011/11/30/announcing-ql-io/
  • 7. Linkedin: Why we switched from Ruby to node.js? • Node is optimized for JSON, which was what our backend was giving us, as well as what our front end was looking to consume. • In our use cases, Node was roughly 20 times faster • Memory footprint is also a factor. We looked at how well VMs (virtual machines) worked in several languages, and the V8 JavaScript Engine just blew everything else away. • The extent of code reduction proved to be huge — from 60,000 lines down to 2000. • Node is getting a lot of hype, that made it easier for me to recruit.
  • 8. Need for Speed: Groupon Migrated to Node.js “We’re able to serve much higher traffic,” McCullough said. Before the change to Node, a Starbucks deal was so popular that it brought the site down. “The next time, that didn’t happen,” McCullough said. On top of that, he said, pages now take less time to load for end users. http://www.datacenterknowledge.com/archives/2013/12/06/need-speed-groupon-migrated-node-js/
  • 9. Node.js • Node.js is an open source platform built on Chrome's JavaScript runtime (V8) for easily building fast, scalable network applications. • Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, • Suitable for data-intensive real-time applications that run across distributed devices.
  • 11. A Simple Node Server • In this basic web server example, many client connections can be handled concurrently. • Node (libuv C module) tells the operating system that it should be notified when a new connection is made. • When someone connects, then it executes the callback - Each connection is only a small heap allocation. var http = require('http'); http.createServer(function (req, res) { res.writeHead(200, {'Content-Type': 'text/plain'}); res.end('Hello misterBITn'); }).listen(1337, "127.0.0.1"); console.log('Server running at http://127.0.0.1:1337/');
  • 12. Node.js Efficiency • Single threaded - nodejs only uses one thread. • Most APIs are asynchronous by nature, (i.e. do not perform direct I/O, so the process never blocks. • Node enjoys memory efficiency under high-load – Most systems allocate at least 2mb per thread – You cant dead-lock the process — there are no locks.
  • 13. Node.js Efficiency no server has the non- blocking ecosystem of Node.js today. Over 50k modules all written in the async style, ready to use
  • 14. A Deeper look into Node.js Efficiency • Actual threads are contained at low level – and thus remain constrained in size and number, – and the thread synchronization is thus simplified • OS-level "switching" via select() is faster than thread context swaps (read about the C10K problem here) • Threads are really hard. Developers are likely to: – break due to bugs – not use them as efficiently as possible
  • 15. The Reactor Pattern The application expresses the interest to access a resource at one point in time (without blocking) and provides a handler, which will later be invoked when the operation completes. A Node.js application exits when there are no more pending operations in the Event Demultiplexer, and no more events to be processed inside the Event Queue
  • 16. Libuv - The non-blocking I/O engine of Node.js • Each operating system has its own interface for the Event Demultiplexer: – epoll on Linux, kqueue on Mac OS X, and I/O Completion Port API (IOCP) on Windows. • So In Node.js, libuv (a C library), is in charge of normalizing the non-blocking behavior.
  • 17. Shared-state concurrency is difficult incorrect synchronization, deadlocks, inconsistent behavior, lost updates or dirty reads, are all there like an accident waiting to happen. Lets put some dead code corps on the table: • Race Conditions • None Atomic operations (writing to long!) • Volatiles • Write Buffers • Padding • ConcurrentCollections, CopyOnWrite,
  • 18. What About CPU Bound Apps?
  • 19. What About CPU Bound Apps? • If you naively do heavy computation in Node, you suddenly become a very uncooperative single-tasker. (i.e. – applying a filter on photo, find primes, etc) • But there are ways! • You can sometimes break calculations with setImmediate i.e. creating a none-blocking-forEach • We can use the Cluster module and break the server into micro services • Sometimes, we can spawn some of the calculations to be handled on the client side with Web Workers!
  • 20. Summary Slides and Demos: http://bit.ly/misterbit-electron Node.js Single Threaded model makes our life easier and safer!
  • 21. Slides and Demos: http://bit.ly/misterbit-electron Node.js is Great Javascript is Great, And Angular2 is coming. http://angularworkshop.co.il/
  • 25. About Codefresh A Docker platform for development teams w automated Docker Flow (Workflow for Docker images). Build, Run & Test Docker based applications
  • 26. Is “Micro Services Architecture” a really new concept Back to “SOA” day : • Abstract Service Definition • Agnostic to technological stack • Decoupled and isolated Containerization technologies (Docker) provides standard way to build and deploy services based solutions
  • 27. So what is Micro Service? Logically / Business wise independent Unit Deployable Scalable
  • 28. Micro Services + Docker , in right place at right time Standard creation of deployable units Ability to deploy images on different environments. Easy scale of distributed application Growing tool chain helps to orchestrate containers (SWARM , Kubernetes , Mesos)
  • 29. From Monolithic App to Micro Services
  • 30. And now back to reality
  • 32. In reality it might look like
  • 33. From Monolith to Micro Service Definition of services Discovery pattern Testing Practices Release lifecycle Deployment strategy
  • 35. WebUI CommandLine API Team Management Workflow Manager Entity Manager Monitoring Routing Template Manager Integrations (Jira,etc) Builder Builder Runner Runner Runner Build Mongo Redis Hosted in Codefresh Run WebHook Local Registry DockerHub Registry
  • 36. Lessons learned Architecture should evolve over time based on use case and customer feedback. It will include adding new micro services from one side and rearranging existing one. Testing - Make sure that every service testes through unit and API tests. Development environment - Stable development environment that will enable to focus on developing specific service without need to setup all system locally Release process should be adopted and continuously improved. Continues deployment with an ability to push every micro service in independent way Monitoring and logging of both single micro services and consolidate log
  • 37. Release life cycle monolithic vs microservices Push1 Push2 V1.0 V1.1 V1.2 Push2 Service 1 V1.0 V1.2 V1.3 Service 2 No change V1.0 No change Service 3 No change No change V1.0
  • 38. Development Environment for Micro service based architecture Docker Compose Vagrant OttO AZY other
  • 39. @codefresh additional resources Codefresh blog blog.codefresh.io Containers #101 http://www.meetup.com/Containers-101-online-meetup/ Get your own account www.codefresh.io
  • 41. 4 Steps for Developing a Secured Containerized NodeJS Application Amir Jerbi | CTO @ Scalock | @jerbia
  • 42. Building a Secured Containerized NodeJS App 1. Secure Coding 2. Containerized! 3. Monitor Changes 4. Update Packages 42
  • 44. Know Your HTTP Headers Reference: https://www.owasp.org/index.php/List_of_useful_HTTP_headers HTTP Headers Why? Example Strict-Transport-Security Make sure channel is encrypted. Always. Strict-Transport-Security: max- age=16070400; includeSubDomains X-Frame-Options Hidden iframes can be used for clickjacking attacks X-Frame-Options: deny X-XSS-Protection Browser based XSS protection X-XSS-Protection: 1; mode=block X-Content-Type-Options Prevent mime type sniffing X-Content-Type-Options: nosniff 44
  • 45. Secure & Verify Data Received from User ● Sanitize inputs: ○ SQL Injections ○ Form field sanitation ○ URL query string sanitation ● Sign or Encrypt Sensitive Cookie data ● CSRF References: https://www.npmjs.com/package/csrf https://www.npmjs.com/package/sanitize-html https://www.npmjs.com/package/cookie-encryption 45
  • 46. Authentication ● Complex passwords ● Authenticate your REST API - JSON Web Tokens ● Brute force protection - rate limit authentications References: http://passportjs.org/ https://github.com/jhurliman/node-rate-limiter https://www.npmjs.com/package/owasp-password-strength-test 46
  • 47. Remove Secrets from Your Code! What are Secrets? ● Hard-coded username and passwords ● Encryption keys ● Access Keys (AWS, Google) Where to Store them? ● Fetch from Secured location ● Keep in memory, git rid when not needed ● Encrypt Reference: https://security.web.cern.ch/security/recommendations/en/password_alternatives.sht ml https://square.github.io/keywhiz/ 47
  • 49. What are Software Containers? Server Virtualization method that is: ● Lightweight, has a small footprint ● Allows running multiple isolated processes on a shared kernel (OS) ● Little to no overhead 49
  • 51. How Easy it is? Very. ● Ready made NodeJS packages from https://dockerhub.com ● No need to install or configure - simply run it... 51
  • 52. Build - Deploy - Run ● Create a Dockerfile to automate build of your application. ● Easily run as daemon using “docker run -d” command. 52
  • 53. Security Benefits of Containers ● Better control on dependencies: ship your code with its packages ● Compromised applications are still contained within container boundaries ● Built-in mechanisms to identify changes in container ● Better control on your deployment environment 53
  • 55. Did Someone Change My Container? ● Use “docker diff” to see changes made in a running container. ○ C - modified ○ A - new ○ D - deleted 55
  • 57. Common Vulnerabilities and Exposures (CVEs) ● Almost every software package has security issues. ● The older the package is - the chances it has more issues. ● Node nsp can be used to find vulnerable npm packages. References: https://web.nvd.nist.gov/view/vuln/search https://nodesecurity.io/tools 57
  • 58. Peekr - Check Image Vulnerabilities References: https://peekr.scalock.com 58
  • 59. Putting it All Together 59
  • 60. Summary ● Containers are not the cure for everything. Good programming is still the basis for good security. Take a look at OWASP top 10 vulnerabilities: https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet ● CVEs are serious problem. Make sure you have a process to manage them. ● Containers adds to your visibility and control - better manage what’s being deployed. ● If you’ve been hacked then at least compromised code is running inside a container. 60
  • 62. Node.js - concurrency, microservices, docker Dreaming on a job at Palo Alto? Get a real one in Palo Alto Networks Palo Alto Networks TLV is hiring experienced Node.js developers! Send your CV to: jobs-il@paloaltonetworks.com & Yaron Biton Oleg Verhovsky Amir Jerbi