Docker, DevOps & Security in Enterprise

Docker, Microservices, Kubernetes, DevOps, Continuous Integration/ Deployment/Delivery, Container – all of those terms heavily dominate modern application development teams and processes. 

This course will explain all of the mentioned terms and focus on the following main questions:

  • How strong and reliable are the isolation capabilities of Docker/Linux/OS containers?
  • How do containers affect typical application and network architectures?
  • Which changes are introduced by the CI/CD/Microservice paradigm into traditional development environments?
  • How does a typical CI/CD pipeline look?
  • How can security be integrated into these new development/architecture paradigms?
  • What additional attack surface and security challenges are introduced by the changed development landscape and additional tools?

All agenda topics will be supported by practical exercises and/or demos. At the end of the course, each attendee will have an automated environment where code changes can be deployed to stage hosting environments while being covered by various functional and/or security-related tests. The attendees will also know the concept behind the main buzzwords and tools described above and understand how they impact application architectures, development, and security posture.

Benefits

Upon completion of the course participants will be able to:

  • understand the technology behind the recent and common buzzwords listed above.
  • be able to evaluate the isolation capabilities of container solutions.
  • get ideas on how to integrate security into typical DevOps environments and continuous workflow.
  • learn about potential security vulnerabilities in common practices and tools.
  • understand the concerns of the security people.
  • improve their development chain by adding automated security checks.

Content

Day 1, DevOps Technology Basics:

  • What are DevOps & Microservices?
  • Competitors / Technology overview (Docker, rkt, LXC, Windows Containers)
  • Docker Ecosystem Overview (Docker Engine, container, runC, OCI)
  • Docker Management
  • Container & Images: 
- Tagging
- Docker build process
- Docker run process
- Dockerfile
- LayerFS
- Volumes
  • Basic Networking
  • Docker Compose: File reference and structure: 
- Docker Compose Services
  • Docker Machine
  • Docker Registries (Docker Registry, Nexus, Artifactory, et. al.)
  • Docker Swarm: Overlay & Advanced Networking:
- Application Stacks
- Rolling Upgrades
  • Persistence Approaches
  • Monitoring + Logging

Day 2, Container Management & Security

  • Container Management Solutions Overview: Marathon/Mesos/DC/OS:
- Rancher/ Cattle / RancherOS
- CoreOS
- PhotonOS
- Kubernetes
- OpenShift

  • Kubernetes Architecture: Cluster Management Mechanisms:
- Neto
- Network Plugin Infrastructure
- Detailed Overview of Contrail/Calico/Canal/Flannel
- OpenVSwitch
- Weave

  • Security Analysis, Attack surface and known attacks for: OS Container in general:
- Docker & Docker Swarm
- Kubernetes

  • Hardening (including attack surface reduction, secure management, access control) of: Linux Containers:
- Docker Swarm
- Kubernetes

Day 3, Security Architecture & Integration

  • Security and Sample Architecture of: Docker Swarm
- Kubernetes
- Supporting components (such as Registries and Distributed Configuration Management Systems)

  • Integration of Security into agile/DevOps development and deployment processes: Governance Secrets:
- Management
- Container Vulnerability Management
- Architecture Analysis
- Continuous Integration/Deployment pipelines

Target group

IT security professionals, software architects and developers.

At a glance

  • Form of learning: Classroom training
  • Location: München-Flughafen
  • Language: English

Date

On request

Duration: 3 days

Costs

2.490,- € plus 19% VAT

Price includes event attendance, food and drinks during the event.

Location

  • ISH - Information Security Hub

  • Street Südallee 1 
  • Zip code / City 85356   München-Flughafen

Contact

Team International Training

AirportAcademy - Munich Airport

Tell us your specific questions 

Due to the large amount of tools and technologies, this training will not be able to cover security aspects of every single technology in detail. However, we’re happy to receive specific questions before the course begins to potentially prepare additional material and you will get an overview of how to approach unknown/new technologies from a security perspective