New Year Docker Meetup - Special Security Edition

Dear Dockers,

For this New Year Meetup we'll have Mohammad Arab, Lead Cloud Engineer at Stylight and Dmitry Voytik, System Software Engineer at Huawei European Research Center.

Agenda:

7:00 : Doors open

7:00 - 7:30: Pizza, Drinks, and Networking

7:30 - 8:15: Docker Security: Now a First Class Citizen by Mohammad Arab

8:15 - 8:30: Break

8:30 - 9:15: VM-Based Secure Container by Dmitry Voytik

9:15 - 10:00: Networking

10:00 Doors close

Title: Docker Security: Now first class citizen

Abstract:

When we talk about production environments and deployments, one thing that pops up immediately is how to deal with the security aspects, closely followed by ease of operation. With the recent security enhancements of the latest Docker releases, we'll see how can have the cake and eat it. Mohammad will delivers a very hands on presentation and will show security features that you probably will fall in love with!

Bio: Mohamad is currently Lead Cloud Engineer at Stylight. He is from Mechanical Engineering background and has been in IT field for more than 10 years working with various technologies. He’s passionate about cloud technologies and dust computing. He is Automation enthusiast and lean practitioner.

During his free time he blogs, plays guitar and spends his time with his family. He also likes to explore new foods and cuisines

Title: VM-Based Secure Container

Abstract:

Due to sharing the same kernel, native containers may never provide alone enough isolation and security without being run inside virtual infrastructure. Wei & Claudio have been workiing on a new VM-based Secure Container based on “RunV” which is an open source and an OCI-compatible runtime similar to “RunC”.

In the RunV community Wei has been working with developers from hyper.sh to make RunV compatible to the Docker API, so that it can integrate with higher level frameworks like Kubernetes and OpenStack and be deployable as easily as native containers.

Claudio has been optimizing virtualization components for this use case, removing legacy features and employing existing methods (Clear Containers) and new ways to boot quickly, decrease overheads, and improve performance. Novel work in the virtualizer and virtual firmware enables further improvements at the expense of fidelity to PC compatibility.