1. This document provides an overview and agenda for a presentation on vSphere 6.x host resource deep dive topics including compute, storage, and network.
2. It introduces the presenters, Niels Hagoort and Frank Denneman, and provides background on their expertise.
3. The document outlines the topics to be covered under each section, including NUMA, CPU cache, DIMM configuration, I/O queue placement, driver considerations, RSS and NetQueue scaling for networking.
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...VMworld
The document discusses the future of software-defined storage in 3 years. It predicts that storage media will continue to advance with higher capacities and lower latencies using technologies like 3D NAND and NVDIMMs. Networking and interconnects like NVMe over Fabrics will allow disaggregated storage resources to be pooled and shared across servers. Software-defined storage platforms will evolve to provide common services for distributed data platforms beyond just block storage, with advanced data placement and policy controls to optimize different workloads.
STO7535 Virtual SAN Proof of Concept - VMworld 2016Cormac Hogan
This document provides an overview of tools that can help administrators successfully conduct a Virtual SAN proof of concept. It discusses the Virtual SAN Health Check plugin, capacity views, performance service, HCIbench, and Virtual SAN Observer for monitoring and validating Virtual SAN configurations. Validation scenarios covered include successfully deploying Virtual SAN, deploying VMs on VSAN storage, VM availability during host and storage failures, and measuring rebuild activity.
VMware VSAN Technical Deep Dive - March 2014David Davis
Virtual SAN 5.5 provides a software-defined storage solution that is integrated with VMware vSphere. It allows storage resources on standard servers to be pooled into a shared datastore. Virtual SAN uses SSDs to provide flash-accelerated performance and HDDs for capacity. It delivers high performance scaling linearly with the addition of servers. Storage policies can be set on a per-VM basis to control capacity, performance and availability without using LUNs or volumes. Virtual SAN simplifies storage management and provides resilience, flexibility and savings over external storage arrays.
VMworld 2015: Advanced SQL Server on vSphereVMworld
Microsoft SQL Server is one of the most widely deployed “apps” in the market today and is used as the database layer for a myriad of applications, ranging from departmental content repositories to large enterprise OLTP systems. Typical SQL Server workloads are somewhat trivial to virtualize; however, business critical SQL Servers require careful planning to satisfy performance, high availability, and disaster recovery requirements. It is the design of these business critical databases that will be the focus of this breakout session. You will learn how build high-performance SQL Server virtual machines through proper resource allocation, database file management, and use of all-flash storage like XtremIO. You will also learn how to protect these critical systems using a combination of SQL Server and vSphere high availability features. For example, did you know you can vMotion shared-disk Windows Failover Cluster nodes? You can in vSphere 6! Finally, you will learn techniques for rapid deployment, backup, and recovery of SQL Server virtual machines using an all-flash array.
The popularity of Virtual SAN is growing daily. Server admins are finally free to aggregate storage in their servers to create a shared storage system that scales with their compute needs. The underlying key to making it all work is networking. All Virtual SAN data flows through it, and correct selection and configuration of networking components will mean the difference between disruptive success or dramatic failure. This session will give deep insight in the do's and don'ts of Virtual SAN networking. Best practices for physical and virtual switch configuration and performance testing will be discussed. Virtual SAN 5.5 and 6.0 will be covered, and the networking differences discussed. Methods of troubleshooting network issues will be covered. For those configuring a Virtual SAN network for the first time, for labs or enterprise scale, this session is a must-see.
VMworld 2015: Extreme Performance Series - vCenter Performance Best PracticesVMworld
This presentation discusses vCenter performance best practices. It provides an overview of the vCenter architecture and how various components like the database, inventory service, and web client can influence performance. The document outlines factors that impact vCenter resource usage and strategies for optimizing deployment based on inventory size and workload. It also covers techniques for monitoring performance and tips for ensuring sufficient hardware resources.
STO7534 VSAN Day 2 Operations (VMworld 2016)Cormac Hogan
This document discusses day-to-day Virtual SAN operations and troubleshooting. It begins with an introduction and agenda for the presentation. The presentation then covers monitoring Virtual SAN with tools like logging, trace files, and core dumps. It discusses alerting options like vSphere alarms, vRealize Operations, and vRealize Log Insight. A section covers Virtual SAN upgrades, including prerequisites, the multi-phase process, and potential issues. It ends with a demo of how to handle a Virtual SAN failure using the various monitoring and troubleshooting tools.
What is coming for VMware vSphere?
Delivered at VMUG DK/UK/BE in November 2014. Session is all about vSphere futures, what can be expected in the near future.
A look at the new enhancements to core storage in vSphere 6.5, including VMFS6, Automated UNMAP, I/O Filters, and much more, as delivered by Cormac Hogan and Cody Hosterman
Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld
VMworld 2013
Vyenkatesh (Venky) Deshpande, VMware
Marcos Hernandez, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Not content to simply describe the Virtual Volume (VVOL) framework, this session instead examines practical use cases: How different configurations and workloads benefit from VVOLs. Learn how Storage Policy Based Management (SPBM) couples with VVOLs to provide VM configuration options not previously available. We demonstrate a handful of real-life scenarios, specifically covering how VVOLs benefits oversubscribed systems, disaster recovery preparation and multi-tenant requirements for customers. Specific configuration options and constraints are covered in detail, including how they work with underlying storage.
VMworld 2016: Troubleshooting 101 for HorizonVMworld
This document provides an overview of troubleshooting tools and techniques for Horizon. It begins with introductions and disclaimers. It then covers defining problems, identifying symptoms, gathering additional information, determining possible causes, identifying the root cause, resolving problems, and documenting solutions. Common troubleshooting tools are discussed, including ESXCLI commands, vSphere CLI commands, and log file locations and contents. Methods for collecting log files from Horizon components like desktops, clients, and servers are also provided.
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld
This document provides an overview and technical deep dive of new features in vSphere Distributed Switch 6.0. Key highlights include expanded use of Network I/O Control version 3.0 to set network guarantees on virtual machines and distributed port groups. It also details using multiple TCP/IP stacks to support routed vMotion traffic between vCenters. The presentation explores fully leveraging the vSphere Distributed Switch for all workloads, including vCenter server and other management dependencies.
VMware Virtual SAN 6.0 includes the following new features and improvements:
1. Increased performance and scalability with support for up to 64 hosts and 9,000 components per host. Virtual machines can now have VMDKs up to 62TB in size.
2. Enhanced all-flash and hybrid architectures with new caching architectures that deliver up to 90,000 IOPS per host.
3. Usability improvements like default storage policies, visualization of storage utilization in policies, and a resynchronization status dashboard.
4. Failure resilience enhancements such as fault domains that account for failures across racks, and proactive rebalancing to leverage new nodes.
Virtual san hardware guidance & best practicessolarisyougood
This document provides guidance on building and designing Virtual SAN hardware solutions. It discusses considerations for components like boot devices, flash-based devices, and capacity sizing. It also provides an overview of Virtual SAN certified hardware platforms and best practices for designing a balanced and fault-tolerant configuration.
SaltStack can be used to automate and orchestrate the provisioning of virtual machines on VMware ESXi 6.0. It implements the VMware APIs to allow defining VM profiles and templates that specify VM configurations, and then uses Salt commands to rapidly deploy new VMs from templates with customized configurations. Open-VM tools must be installed on templates to enable customizing VMs, such as setting the network configuration. Salt files define VM profiles and provider credentials, separating configuration from deployment logic for flexibility and reusability.
VMworld 2013: Automating the Software Defined Data Center: How Do I Get Started VMworld
VMworld 2013
Thomas Corfmat, VMware
Alan Renouf, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...Haidee McMahon
For details on Intel's Out of The Box Network Developers Ireland meetup, goto https://www.meetup.com/Out-of-the-Box-Network-Developers-Ireland/events/237726826/
Intel Talk : Enhanced Platform Awareness for Openstack to increase NFV performance
By Andrew Duignan
Bio: Andrew Duignan is an Electronic Engineering graduate from University College Dublin, Ireland. He has worked as a software engineer in Motorola and now at Intel Corporation. He is now in a Platform Applications Engineering role, supporting technologies such as DPDK and virtualization on Intel CPUs. He is based in the Intel Shannon site in Ireland.
OVS uses AF_XDP to provide a fast userspace datapath. AF_XDP is a Linux socket that receives frames with low overhead via XDP. OVS implements an AF_XDP netdev that passes packets to the OVS userspace datapath with minimal processing in the kernel. Optimizations like batching and pre-allocation reduce cache misses and system calls. Prototype tests show L2 forwarding at 14Mpps and PVP at 3.3Mpps, approaching but still slower than DPDK performance. Further optimizations to AF_XDP and OVS are needed to achieve wire speed processing without dedicated hardware.
Build an High-Performance and High-Durable Block Storage Service Based on CephRongze Zhu
This document discusses building a high-performance and durable block storage service using Ceph. It describes the architecture, including a minimum deployment of 12 OSD nodes and 3 monitor nodes. It outlines optimizations made to Ceph, Qemu, and the operating system configuration to achieve high performance, including 6000 IOPS and 170MB/s throughput. It also discusses how the CRUSH map can be optimized to reduce recovery times and number of copysets to improve durability to 99.99999999%.
Ceph Day Beijing - Ceph all-flash array design based on NUMA architectureCeph Community
This document discusses an all-flash Ceph array design from QCT based on NUMA architecture. It provides an agenda that covers all-flash Ceph and use cases, QCT's all-flash Ceph solution for IOPS, an overview of QCT's lab environment and detailed architecture, and the importance of NUMA. It also includes sections on why all-flash storage is used, different all-flash Ceph use cases, QCT's IOPS-optimized all-flash Ceph solution, benefits of using NVMe storage, and techniques for configuring and optimizing all-flash Ceph performance.
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA ArchitectureDanielle Womboldt
This document discusses an all-flash Ceph array design from QCT based on NUMA architecture. It provides an agenda that covers all-flash Ceph and use cases, QCT's all-flash Ceph solution for IOPS, an overview of QCT's lab environment and detailed architecture, and the importance of NUMA. It also includes sections on why all-flash storage is used, different all-flash Ceph use cases, QCT's IOPS-optimized all-flash Ceph solution, benefits of using NVMe storage, QCT's lab test environment, Ceph tuning recommendations, and benefits of using multi-partitioned NVMe SSDs for Ceph OSDs.
The document provides information about virtual machine extensions (VMX) on Juniper Networks routers. It discusses hardware virtualization concepts including guest virtual machines running on a host machine. It then describes the different types of virtualization including fully virtualized, para-virtualized, and hardware-assisted. The rest of the document goes into details about the VMX product, architecture, forwarding model, and performance considerations for different use cases.
PLNOG16: Obsługa 100M pps na platformie PC, Przemysław Frasunek, Paweł Mała...PROIDEA
Modern CPUs have many cores and advanced instruction sets like AVX that allow performing multiple operations simultaneously. To handle 100 million packets per second, a platform needs network interfaces with speeds of at least 10 Gbps and a PCIe bus and memory fast enough to keep up. The Linux networking stack is not optimized for these speeds, so achieving line rate requires implementing the network processing in userspace using techniques like DPDK that avoid kernel overhead.
The document provides recommendations for optimizing an OpenStack cloud environment using Ceph storage. It discusses configuring Glance, Cinder, and Nova to integrate with Ceph, as well as recommendations for the Ceph cluster itself regarding OSDs, journals, networking, and failure domains. Performance was improved by converting image formats to raw, enabling SSD journals, bonding network interfaces, and adjusting scrubbing settings.
Best Practices & Performance Tuning - OpenStack Cloud Storage with Ceph - In this presentation, we discuss best practices and performance tuning for OpenStack cloud storage with Ceph to achieve high availability, durability, reliability and scalability at any point of time. Also discuss best practices for failure domain, recovery, rebalancing, backfilling, scrubbing, deep-scrubbing and operations
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
This demo/lab will guide you to install and configure FD.io Vector Packet Processing (VPP) on Intel® Architecture (AI) Server. You will also learn to install TRex* on another AI Server to send packets to the VPP, and use some VPP commands to forward packets back to the TRex*.
Speaker: Loc Nguyen. Loc is a Software Application Engineer in Data Center Scale Engineering Team. Loc joined Intel in 2005, and has worked in various projects. Before joining the network group, Loc worked in High-Performance Computing area and supported Intel® Xeon Phi™ Product Family. His interest includes computer graphics, parallel computing, and computer networking.
Deep Dive on Amazon EC2 Instances (March 2017)Julien SIMON
This document provides an overview of Amazon EC2 instance types and performance optimization best practices. It discusses the factors that go into choosing an EC2 instance, how instance performance is characterized, and how to optimize workloads through choices like instance type, operating system, and configuration settings. Specific tips are provided around topics like timekeeping, CPU credit monitoring, NUMA, and kernel optimizations. The goal is to help users make the most of their EC2 experience through understanding instance internals and performance tradeoffs.
Training Slides: Basics 104: Simple Tungsten Clustering DeploymentsContinuent
This document provides an overview of installing a Tungsten cluster, including reviewing the cluster architecture and prerequisites, discussing installation methods, and demonstrating the installation process. It reviews decisions around the installation environment and Tungsten configuration. Key tools for controlling and monitoring the cluster like cctrl and trepctl are also introduced.
In this talk Jiří Pírko discusses the design and evolution of the VLAN implementation in Linux, the challenges and pitfalls as well as hardware acceleration and alternative implementations.
Jiří Pírko is a major contributor to kernel networking and the creator of libteam for link aggregation.
1. The document discusses using OpenStack for a 4G core network, including performance issues and solutions when virtualizing the EPC network functions using OpenStack.
2. Key performance issues identified include high CPU usage, competing for CPU resources, latency, throughput, and packet loss. Solutions proposed are CPU pinning, NUMA awareness, hugepages, DPDK, SR-IOV, and offloading processing to smart NICs.
3. Going forward, the next steps discussed are using OVS-DPDK for offloading, SDN, containers, and cloud architectures for 5G.
This document summarizes recent updates to Linux TCP and provides recommendations for tuning a 100G host. It finds that TCP is more stable in CentOS 7 than 6, and enabling Fair Queuing (FQ) improves throughput. Setting the CPU governor to "performance" and enabling FQ pacing to match the bottleneck link yield further gains. Configuring buffers, cores, and BIOS settings appropriately is also important for optimizing 100G host performance. Emerging TCP variants like BBR from Google show promising early results on some paths.
Similar to VMworld 2016: vSphere 6.x Host Resource Deep Dive (20)
VMworld 2016: Advanced Network Services with NSXVMworld
NSX provides network virtualization and security services including distributed firewalling, load balancing, and VPN connectivity. It reproduces traditional network and security functions in software throughout the virtual infrastructure for improved performance, agility, and security compared to physical appliances. Over 1700 customers use NSX across various industries, with growth of 100% year-over-year. NSX services can be distributed across hypervisors for massive scalability. The platform also integrates with security and application delivery partners to enhance its native capabilities.
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
This document provides an overview of how to deploy VMware NSX with Cisco infrastructure, including:
- NSX has minimal requirements of 1600 MTU and IP connectivity and is agnostic to the underlying network topology.
- When using Cisco Nexus switches, VLANs must be configured for various traffic types and SVIs created with consistent IP subnets. Jumbo MTU is required across all links.
- NSX is also compatible with Cisco ACI fabrics using Fabric Path or DFA topologies, with the VXLAN VLAN spanning multiple pods/clusters across the fabric.
Horizon 7 introduces several new features including just-in-time desktops that instantly provision desktops and applications when users log in using VMware's instant clone technology. It also features smart policies that dynamically change desktop configurations based on user location or device. Infrastructure updates improve scalability and failover capabilities. The user experience is enhanced with support for 3D graphics, new protocols like Blast Extreme for optimized mobile access, and expanded capabilities for hosted applications and RDS desktops.
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
Virtual Volumes provide a more efficient operational model for external storage management in vSphere. They integrate storage capabilities directly into virtual machines at the individual disk level through Storage Policy-Based Management. This simplifies operations by removing the need for static LUN/volume provisioning and allows storage services to be applied non-disruptively on a per-virtual machine basis according to policies. A key component is the VASA Provider, which is used to publish an array's storage capabilities and manage the creation of VM-level objects called Virtual Volumes on behalf of vSphere.
VMworld 2016: The KISS of vRealize Operations! VMworld
This presentation introduces new features in vRealize Operations 6.3 that simplify operations management. It begins with an overview of the vRealize Operations architecture and dashboard. New features are then demonstrated, including a recommended actions page, cluster resource dashboard, data collection notifications, workload balancing through rebalancing containers, guided remediation through alerts, integration with vRealize Log Insight, capacity management of clusters and projections, and extensibility with management packs. Finally, related VMworld sessions are listed that provide further information on capacity planning, troubleshooting, intelligent operations management, log insight, and network insight.
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
This document is a disclaimer stating that the presentation may include features still under development and not committed to be delivered in final products. Any features discussed are subject to change based on technical feasibility and market demand, and pricing and packaging have not been determined for any new technologies presented. The document is confidential.
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
Iain Leiter from A.T. Still University discussed their organization's migration from a hardware-based firewall to NSX to improve performance and compliance. Some key advantages of NSX include distributed firewalling for high performance and scalability, pay-as-you-grow flexibility, and advanced security features like microsegmentation. Their deployment process involved installing NSX, defining security groups, building security policies using syslog data from "recon rules", and applying a common services policy. Discoveries included many backdoors, application architecture issues, and the security benefits of microsegmentation.
VMworld 2015: Troubleshooting for vSphere 6VMworld
The document provides an overview of troubleshooting tools and techniques for vSphere 6. It discusses gathering diagnostic information, identifying potential causes, and resolving problems. The vSphere ESXi Shell and vCLI commands can be used to troubleshoot issues locally or remotely via SSH. An example troubleshooting process is provided to demonstrate defining a vMotion failure problem, gathering logs, testing connectivity, and resolving an incorrect VMkernel interface IP address.
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
This year VMware vSphere 6 combined with vRealize Operations 6.1 (vR Ops 6) adds critical features to increase technical agility in the infrastructure, and reduce Mean time to Repair. With a new Automated remediation action framework in vR Ops, vSphere 6’s ability to vMotion Physical Raw Device mappings (RDMs), and a complete Management Pack Ecosystem for monitoring Infrastructure to applications, administrators have the tools needed to get to maintain 5 9’s uptime, shorten Mean Time to Repair (MTTR), and predict capacity requirements as and when the business requires.. This session will be a deep technical explanation, and live demonstration of these tools. It will give administrators a solid understanding of how they can use these tools to monitor and manage their application clusters, keep applications running during Infrastructure maintenance, and get deep holistic visibility into the entire Application ecosystem, from Storage to Networking.
VMworld 2015: Building a Business Case for Virtual SANVMworld
This presentation discusses building a business case for VMware Virtual SAN. It provides an overview of Virtual SAN and its benefits for customers like choice, integration, cost savings and performance. A case study is presented of how Dominos Pizza implemented Virtual SAN which resulted in roughly 40% lower costs compared to a traditional storage array. The presentation concludes by demonstrating the Virtual SAN assessment tool and various ways customers can try Virtual SAN.
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld
This document provides a technical deep dive on virtual volumes. It begins with an overview of the challenges with today's LUN-centric storage architectures, such as complex provisioning, wasted resources, and lack of granular control. It then introduces an application-centric model using virtual volumes that provides dynamic storage service levels, fine-grained control at the VM level, and common management across arrays. The rest of the document details the management plane, data plane, consumption model using storage policy-based management, virtual machine lifecycles, snapshots, and offloading operations with virtual volumes.
This presentation discusses the concept of a software-defined data center (SDDC) and its benefits. An SDDC virtualizes and automates all infrastructure, delivering it as a service. This ideal architecture can be used for private, hybrid, and public clouds. An SDDC can dramatically accelerate innovation, reduce costs, streamline operations, improve security and control, and deliver better IT outcomes. The presentation then introduces a panel of representatives from various organizations discussing their SDDC experiences. Attendees are polled to vote for the best SDDC.
VMworld 2015: Conversation with the VMware CIO Suggestions on being an IT LeaderVMworld
Bask Iyer, VMware's CIO, discusses how IT leaders can shift from a back office orientation to front office leadership focused on business outcomes and the customer experience. He emphasizes catching the right innovation waves like mobile and cloud computing. Iyer also outlines how the cloud can help businesses increase agility and flexibility while reducing costs over time. Lastly, he shares examples of how VMware has transformed its internal IT organization to operate like a business, focusing on customer experience and simplicity.
VMware 2015: Next Horizon for Cloud Networking and SecurityVMworld
Software Defined Networking (SDN) and network virtualization has become an accepted part of modern data center architecture. The transformation of networking into a software industry has accelerated innovation and given rise to a number of new technologies and use cases that were previously impossible. Network virtualization is starting to have profound impact on services, security, the underlying physical networks and the organization of the IT organizations that use them. How will network virtualization impact the next horizon for cloud networking and security?
In this session Guido Appenzeller presents a tech-preview of NSX working with Docker Containers and Amazon Web Services (AWS). Additional speakers include Scott Lowe, Mukesh Hira and Jacob Cherkas from VMware and Suneet Nandwani from eBay.
This document provides an overview and deep dive into VMware's NSX networking and security virtualization platform. It begins with a brief introduction to NSX's architecture, including its data plane, control plane, and management plane components. The presentation then covers key NSX capabilities like logical switching, distributed routing, microsegmentation using the distributed firewall, and network services. It aims to provide attendees with an in-depth understanding of the NSX platform and how it implements virtual networking and security functions.
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld
This presentation introduces application self-service with networking and security using VMware's vRealize Automation and NSX products. It discusses how these products allow for automated, on-demand provisioning of complete application environments including compute, networking, and security resources. Specifically, it shows how vRealize Automation blueprints and catalogs can be used to define reusable application topologies that dynamically configure NSX networking and security groups during deployment. This enables applications to be provisioned in minutes with all required infrastructure and policies.
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld
See how vRealize Operations Manager can help you to quickly isolate and troubleshoot "My VM is slow!" issues. We'll look at three real-world performance and capacity problems and demonstrate how to troubleshoot them using vRealize Operations Manager on a live environment with real infrastructure issues..
VMworld 2015: Extreme Performance Series - vSphere Compute & MemoryVMworld
This presentation provides an overview of new vSphere CPU and memory management technologies:
- It discusses VM CPU sizing and the meaning of %RDY time, highlighting that the same %RDY can have different performance impacts depending on the workload. It also cautions against oversizing VMs.
- It reviews ESXi's NUMA-aware scheduling and importance of adhering to vNUMA defaults.
- It covers memory terminology and techniques like reservation, preallocation, page sharing, and large pages. Guidance is provided on memory overcommitment.
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecJames Anderson
The lecture titled "Automating AppSec" delves into the critical challenges associated with manual application security (AppSec) processes and outlines strategic approaches for incorporating automation to enhance efficiency, accuracy, and scalability. The lecture is structured to highlight the inherent difficulties in traditional AppSec practices, emphasizing the labor-intensive triage of issues, the complexity of identifying responsible owners for security flaws, and the challenges of implementing security checks within CI/CD pipelines. Furthermore, it provides actionable insights on automating these processes to not only mitigate these pains but also to enable a more proactive and scalable security posture within development cycles.
The Pains of Manual AppSec:
This section will explore the time-consuming and error-prone nature of manually triaging security issues, including the difficulty of prioritizing vulnerabilities based on their actual risk to the organization. It will also discuss the challenges in determining ownership for remediation tasks, a process often complicated by cross-functional teams and microservices architectures. Additionally, the inefficiencies of manual checks within CI/CD gates will be examined, highlighting how they can delay deployments and introduce security risks.
Automating CI/CD Gates:
Here, the focus shifts to the automation of security within the CI/CD pipelines. The lecture will cover methods to seamlessly integrate security tools that automatically scan for vulnerabilities as part of the build process, thereby ensuring that security is a core component of the development lifecycle. Strategies for configuring automated gates that can block or flag builds based on the severity of detected issues will be discussed, ensuring that only secure code progresses through the pipeline.
Triaging Issues with Automation:
This segment addresses how automation can be leveraged to intelligently triage and prioritize security issues. It will cover technologies and methodologies for automatically assessing the context and potential impact of vulnerabilities, facilitating quicker and more accurate decision-making. The use of automated alerting and reporting mechanisms to ensure the right stakeholders are informed in a timely manner will also be discussed.
Identifying Ownership Automatically:
Automating the process of identifying who owns the responsibility for fixing specific security issues is critical for efficient remediation. This part of the lecture will explore tools and practices for mapping vulnerabilities to code owners, leveraging version control and project management tools.
Three Tips to Scale the Shift Left Program:
Finally, the lecture will offer three practical tips for organizations looking to scale their Shift Left security programs. These will include recommendations on fostering a security culture within development teams, employing DevSecOps principles to integrate security throughout the development
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
How to Avoid Learning the Linux-Kernel Memory ModelScyllaDB
The Linux-kernel memory model (LKMM) is a powerful tool for developing highly concurrent Linux-kernel code, but it also has a steep learning curve. Wouldn't it be great to get most of LKMM's benefits without the learning curve?
This talk will describe how to do exactly that by using the standard Linux-kernel APIs (locking, reference counting, RCU) along with a simple rules of thumb, thus gaining most of LKMM's power with less learning. And the full LKMM is always there when you need it!
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
What's Next Web Development Trends to Watch.pdfSeasiaInfotech2
Explore the latest advancements and upcoming innovations in web development with our guide to the trends shaping the future of digital experiences. Read our article today for more information.
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
AC Atlassian Coimbatore Session Slides( 22/06/2024)apoorva2579
This is the combined Sessions of ACE Atlassian Coimbatore event happened on 22nd June 2024
The session order is as follows:
1.AI and future of help desk by Rajesh Shanmugam
2. Harnessing the power of GenAI for your business by Siddharth
3. Fallacies of GenAI by Raju Kandaswamy
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
How Netflix Builds High Performance Applications at Global ScaleScyllaDB
We all want to build applications that are blazingly fast. We also want to scale them to users all over the world. Can the two happen together? Can users in the slowest of environments also get a fast experience? Learn how we do this at Netflix: how we understand every user's needs and preferences and build high performance applications that work for every user, every time.
22. Align To CPU Topology
• Resize vCPU configuration to match core count
• Use vcpu.numa.preferHT
• Use cores per socket (CORRECTLY)
• Attend INF8089 at 5 PM in this room
24. Storage
( H o w f a r a w a y i s y o u r d a t a ? )
25. The Importance of Access Latency
Location of operands CPU Cycles Perspective
CPU Register 1 Brain (Nanosecond)
L1/L3 cache 10 End of this room
Local Memory 100 Entrance of building
Disk 10^6 New York
27. Industry Moves Toward NVMe
• SSD bandwidth capabilities exceeds current
controller bandwidth
• Protocol inefficiencies dominant contributor to
access time
• NVMe architected from the ground up for non -
volatile memory
33. • Additional layer of packet processing
• Consumes CPU cycles for each packet for
encapsulation/de-capsulation
• Some of the offload capabilities of the NIC cannot
be used (TCP based)
• VXLAN offloading! (TSO / CSO)
VXLAN
36. [root@ESXi02:~] vmkload_mod -s bnx2x
vmkload_mod module information
input file: /usr/lib/vmware/vmkmod/bnx2x
Version: Version 1.78.80.v60.12, Build: 2494585, Interface: 9.2 Built on: Feb 5 2015
Build Type: release
License: GPL
Name-space: com.broadcom.bnx2x#9.2.3.0
Required name-spaces:
com.broadcom.cnic_register#9.2.3.0
com.vmware.driverAPI#9.2.3.0
com.vmware.vmkapi#v2_3_0_0
Parameters:
skb_mpool_max: int
Maximum attainable private socket buffer memory pool size for the driver.
skb_mpool_initial: int
Driver's minimum private socket buffer memory pool size.
heap_max: int
Maximum attainable heap size for the driver.
heap_initial: int
Initial heap size allocated for the driver.
disable_feat_preemptible: int
For debug purposes, disable FEAT_PREEMPTIBLE when set to value of 1
disable_rss_dyn: int
For debug purposes, disable RSS_DYN feature when set to value of 1
disable_fw_dmp: int
For debug purposes, disable firmware dump feature when set to value of 1
enable_vxlan_ofld: int
Allow vxlan TSO/CSO offload support.[Default is disabled, 1: enable vxlan offload, 0: disable vxlan offload]
debug_unhide_nics: int
Force the exposure of the vmnic interface for debugging purposes[Default is to hide the nics]1. In SRIOV mode expose the PF
enable_default_queue_filters: int
Allow filters on the default queue. [Default is disabled for non-NPAR mode, enabled by default on NPAR mode]
multi_rx_filters: int
Define the number of RX filters per NetQueue: (allowed values: -1 to Max # of RX filters per NetQueue, -1:
use the default number of RX filters; 0: Disable use of multiple RX filters; 1..Max # the number of RX filters
per NetQueue: will force the number of RX filters to use for NetQueue
........
37. [root@ESXi01:~] esxcli system module parameters list -m bnx2x
Name Type Value Description
---------------------------- ---- ----- -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------
RSS int Control the number of queues in an RSS pool. Max 4.
autogreeen uint Set autoGrEEEn (0:HW default; 1:force on; 2:force off)
debug uint Default debug msglevel
debug_unhide_nics int Force the exposure of the vmnic interface for debugging purposes[Default is to hide the nics]1. In SRIOV mode expose the PF
disable_feat_preemptible int For debug purposes, disable FEAT_PREEMPTIBLE when set to value of 1
disable_fw_dmp int For debug purposes, disable firmware dump feature when set to value of 1
disable_iscsi_ooo uint Disable iSCSI OOO support
disable_rss_dyn int For debug purposes, disable RSS_DYN feature when set to value of 1
disable_tpa uint Disable the TPA (LRO) feature
dropless_fc uint Pause on exhausted host ring
eee set EEE Tx LPI timer with this value; 0: HW default
enable_default_queue_filters int Allow filters on the default queue. [Default is disabled for non-NPAR mode, enabled by default on NPAR mode]
enable_vxlan_ofld int Allow vxlan TSO/CSO offload support.[Default is disabled, 1: enable vxlan offload, 0: disable vxlan offload]
gre_tunnel_mode uint Set GRE tunnel mode: 0 - NO_GRE_TUNNEL; 1 - NVGRE_TUNNEL; 2 - L2GRE_TUNNEL; 3 - IPGRE_TUNNEL
gre_tunnel_rss uint Set GRE tunnel RSS mode: 0 - GRE_OUTER_HEADERS_RSS; 1 - GRE_INNER_HEADERS_RSS; 2 - NVGRE_KEY_ENTROPY_RSS
heap_initial int Initial heap size allocated for the driver.
heap_max int Maximum attainable heap size for the driver.
int_mode uint Force interrupt mode other than MSI-X (1 INT#x; 2 MSI)
max_agg_size_param uint max aggregation size
mrrs int Force Max Read Req Size (0..3) (for debug)
multi_rx_filters int Define the number of RX filters per NetQueue: (allowed values: -1 to Max # of RX filters per NetQueue, -1: use the default number of RX filters; 0: Disable use of
multiple RX filters; 1..Max # the number of RX filters per NetQueue: will force the number of RX filters to use for NetQueue
native_eee uint
num_queues uint Set number of queues (default is as a number of CPUs)
num_rss_pools int Control the existence of a RSS pool. When 0,RSS pool is disabled. When 1, there will bea RSS pool (given that RSS > 0).
........
38. • Check the supported features of your pNIC
• Check the HCL for supported features in the driver
module
• Check the driver module; does it requires you to
enable features?
• Other async (vendor) driver available?
Driver Summary
39. RSS & NetQueue
• NIC support required (RSS / VMDq)
• VMDq is the hardware feature, NetQueue is the
feature baked into vSphere
• RSS & NetQueue similar in basic functionality
• RSS uses hashes based on IP/TCP port/MAC
• NetQueue uses MAC filters
44. Intel examples:
Intel Ethernet products RSS for VXLAN technology
Intel Ethernet X520/540 series Scale RSS on VXLAN Outer UDP information
Intel Ehternet X710 series Scale RSS on VXLAN Inner or Outer header information
X710 series = better at balancing over queues > CPU threads
45. “What is the maximum performance of
the vSphere (D)vSwitch?”
46. • By default one transmit (Tx) thread per VM
• By default, one receive (Netpoll) thread per pNIC
• Transmit (Tx) and receive (Netpoll) threads
consume CPU cycles
• Each additional thread provides capacity
(1 thread = 1 core)
Network IO CPU consumption
48. Netpoll Thread
%SYS is ± 100% dur ing tes t. pN IC r ec eives .
( this is the N ETPOLL thr ead)