Professional Documents
Culture Documents
• Cloud Techie
@DCgubbins
Goal 1
Goal 2
Goal 3
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Customer Priorities
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
CLOUD is foundational to
digital transformation
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
CLOUD is an operating model
an application execution venue
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Where is the best location to deploy my application?
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
CLOUD – Public | Private | Hybrid | Multi | Super | Neutral
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Cisco CLOUD – Solutions, integrations and partnerships
SECUREX INTERSIGHT
NEXUS NEXUS VMANAGE CALISTI
Operations
dashboard cloud
Connectivity
NDFC APIC CNC
Data
Infrastructure
Converged Hyperconverged Modular Network Storage 3rd Party
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Cisco CLOUD – Delivered –as-code
PIPELINE
SECUREX INTERSIGHT
NEXUS NEXUS VMANAGE CALISTI
Kubernetes Operations
First dashboard cloud
GitOps
Observability Workload Optimizer
Declarative
Infrastructure PANOPTICA INSIGHTS ANALYTICS WORKLOAD
Security
Everything-as-code
Connectivity
CICD NDFC APIC CNC
Cloud Data
Agnostic
DevOps/SRE/
Platform Infrastructure
Converged Hyperconverged Modular Network Storage 3rd Party
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Cisco CLOUD – Delivered –as-code
CALISTI
Kubernetes Operations
First
GitOps
Observability
Declarative
Infrastructure PANOPTICA
Security
Everything-as-code
Connectivity
CICD
Cloud Data
Agnostic
DevOps/SRE/
Platform Infrastructure
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
An Awesome benet of Cloud Native
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Calisti
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Istio Service Mesh in 3 minutes
K8S Control Plane
Service Mesh
Cluster 1
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Istio Service Mesh in 3 minutes
K8S Control Plane
• Traffic Forwarding
Istio Control Plane
• A/B Testing
Connection Load
Management Authentication
Balancing
• Canary Rollouts
• Rate Limiting
• Load Balancing
• Security
• End to end authentication
Service Mesh
Cluster 1
• Metric and Monitoring
A Service Mesh is a dedicated infrastructure layer for • Behavioural insights
handling reliable service-to-service communication
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Istio Service Mesh in 3 minutes
K8S Control Plane
• Lifecycle management
Istio Control Plane
Connection Load
Management Authentication
Balancing
• Disparate/fragmented observability
Logging & Request Security
metrics Routing
• Multi-cluster challenges:
• Availability
• Multi-Tenancy
Service Mesh
Cluster 1
• Handling asynchronous messaging
A Service Mesh is a dedicated infrastructure layer for
handling reliable service-to-service communication
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Calisti: Service Mesh Lifecycle Management
integrations
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Calisti: Architecture
Kubernetes cluster
telemetry
CLI
Cert-manager
traces
install
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Istio Service Mesh – Single Mesh per cluster
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Istio Service Mesh – Single Mesh Multi-cluster
Service Mesh
Cluster 1 Cluster 2
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Istio Service Mesh – Single Mesh Multi-primary
Service Mesh
Cluster 1 Cluster 2
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Istio Service Mesh – Multi-Gateway Support
Direct Connect
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Next Steps
Calisti
Free offer includes:
• Supports up to 10 nodes, across 2 clusters
• No credit card required
• No time restriction
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Panoptica
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Panoptica
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
OPTION 3
Panoptica
93%
of companies had a Kubernetes security
incident in the last 12 months
$4.35 million
Average cost of a data breach in 2022
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Lots of risk
Gartner: Threat vectors in the container lifecycle
1. Development system
2. Git-based repository
3 Fetch dependencies
3. Retrieval of dependencies
4. Image registry
Build Servers
5
Object
SQL NoSQL
10.Increased number of databases
Storage
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial Source: Gartner
Cisco Cloud Security
APIs APIs
Containers
Panoptica Containers
Cloud Native Application Security
Service Mesh Service Mesh
Kubernetes Kubernetes
Compute Compute
Secure Analytics Secure Firewall
Storage Storage
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Simplied Cloud Native Security
for DevSecOps, Platform and DevOps teams
APIs API
Software Supply Chain
Prevents attacks with SBOMs Secure microservices an APIs
and runtime verication with visibility, scoring and
Containers enforcement
Service Mesh
Kubernetes Serverless
Comprehensive protection for your Ensure consistent security by
Kubernetes orchestration environment and applying role-based policies and
containers permissions
Virtualization
Data Centre
Compute
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Panoptica
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Panoptica
Write one policy and propagate Dashboard highlighting MITRE Application runs on a single pod
across containers or code ATT&CK vectors aligned to that covers your entire
deployments to ensure new Kubernetes risks environment – even across
code has less risk clouds
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Panoptica
Cloud/Co-Lo/
Code Container Cluster Corporate
Datacenter
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial
Panoptica
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Next Steps
Panoptica
Free offer includes:
• Supports up to 10 nodes, across 2 clusters
• No credit card required
• No time restriction
• mTLS security for service-to-service traffic
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Improving API Quality & Security
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Improve API Quality
API Security
Open Source
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
1 Analy4cs Engine and Dashboard UI
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
1 Analytics Engine and Dashboard UI
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
2 VS Code IDE Extension
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
3 CLI Integration with CI/CD pipeline
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
API Insights Workow
Developers Tech Lead
Security/Compliance Ops
Spec Authoring
Spec Version/Revision
Analyzing Spec
Spec Upload
Runtime Drift
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Open Source Open Source SaaS
Panoptica
The Cisco Secure
Application Cloud
© 2 0 2 2 C isco and/or its a liate s. All rights re se rve d. C isco C onde ntial 44
Next Steps
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
Open Source @ Cisco
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial
https://eti.cisco.com/open-source
Cloud Native for the discerning network engineer
Goal 1
Goal 2
Goal 3
© 2 0 2 2 C isco and/or its affiliate s. All rights re se rve d. C isco C onfide ntial