addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Aporeto: Virtualization Innovations for Securing Containers

As Docker and other container runtimes are growing their user base, the merits and the weaknesses of Linux containers as a technology for isolation are under scrutiny. Due to the large surface of attack exposed by the porous POSIX interface, avoiding multi-tenant containers deployments is still recommended. Clear Containers by Intel propose to solve the problem by running Docker containers as KVM virtual machines. Is that really the way forward?

This talk will compare traditional container models in terms of security, performance and integration with Docker. The talk will go into details on why protecting the kernel and monitoring syscalls is important. It will propose a novel approach to running containers securely, one that provides stronger security and isolation together with the flexibility that Docker offers today.

In addition to hardening Linux kernel structures for containers, this session will also cover an alternate implementation of network policy within Kubernetes for Docker Containers that does not require any external policy controller or any central state and is based on  a completely distributed architecture.  
The goal is to demonstrate how cloud-native applications can be made secure with a combination of HW-assisted isolation for containers and a simplified, controller-less method for segmenting distributed applications.

Dimitri Stilliadis, Co-Founder and CEO, Aporeto

Dimitri has a background in distributed systems, security and networking and holds more than 25 patents. Prior to Aporeto, he was the co-founder and CTO of Nuage Networks, where he led the development of the industry-leading Virtualized Services Platform. He was also the CTO and co-founder of the NonStop Laptop Guardian, an end-point security solution. He has held several leading roles in Bell Labs Research, where he led a series of research programs with fundamental contributions in networking, algorithms, and distributed systems.

Amir Sharif, Co-Founder and VP of Products, Aporeto

Amir has 20 years of experience in virtualization, networking technologies and low-latency I/O.  His experience includes running business development, product management and software development teams, with his last position being at Nuage Networks, where the led the business development efforts. Before that, Amir worked at Violin Memory, Parallels, VMware, Cisco and Sun. He was the ESX product manager at VMware, who helped lead the hypervisor architectural transition from ESX to ESXi.  


Join us and Aporeto to discuss this topic.

Our meetings are scheduled for 7:30pm on the third Thursday of each month.

BayLISA includes system and network administrators across a range of skill levels. BayLISA meets to discuss topics of interest to system administrators and managers. The meetings are free and open to the public.

We always welcome presentation topics and volunteer speakers. Use the "Contact us" link on this page to get in touch with BayLISA's directors.

Join or login to comment.

  • John S.

    Recording of the event is now available on Five Minutes of Cloud: https://youtu.be/hJmIiZbclk0

    November 10

  • John S.

    The Periscope feed has been taken down today - sorry if you did not have a chance to watch. We will be posting a recorded (and higher quality) version in about a week on the 5MoC video channel: https://www.youtube.com/channel/UCDns3t_P5wuPNSvMaHwTeLQ

    You can subscribe to the channel and get notified when it's posted and we'll also post a link to this page. Look for it around Nov. 1.

    October 21

    • Ravi K.

      Is it possible to post the link? Thanks in advance.

      1 · November 3

    • John S.

      Finishing up the editing - look for the link by the end of today.

      November 3

  • Georgiana C.

    great presentation and demo

    1 · October 20

    • Rob M.

      This will change the World of Containers.

      1 · November 1

  • John S.

    Just a reminder. Aporeto just released the open source Trireme they described at the meetup. Details are here: https://www.aporeto.com/trireme/

    November 1

    • Rob M.

      Thanks John, you're awesome!

      1 · November 1

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy