Loading…
This event has ended. Visit the official site or create your own event on Sched.
View analytic
Wednesday, November 9 • 9:00am - 9:40am
Sentinel: A Platform for Fine-grained Application Security - Sudheendra Murthy, eBay, Inc.

Sign up or log in to save this to your schedule and see who's attending!

This talk presents Sentinel, a platform for security policy management that is currently being used to secure workloads running on eBay's cloud. Sentinel provides a robust declarative model to express policies between applications, security zones, subnets, etc. for workloads running on a variety of platforms, including Kubernetes, OpenStack and legacy infrastructures. The highly-scalable policy engine evaluates the policies and automatically enforces the rules on multiple types of endpoints, including OpenStack VMs, containers, legacy systems and vendor Firewall devices. The system continuously reacts to topology changes and seamlessly applies the rules on endpoints. In addition, the system provides near real-time monitoring, visualization of the policy violations on endpoints.

The Sentinel architecture is based on declarative programming. The implementation is based on the Kubernetes API, controller framework. In particular, the Kubernetes API and controller framework is used to represent the desired state of different objects, including policy, firewall state, etc. and to implement control loops to reconcile the current state with the desired state. Efforts are currently underway to opensource the project.

The talk will be organized as follows.

* Overview of Cloud architecture at eBay
* Sentinel Architecture & Policy Language
* Policy Evaluation & Enforcement
* Use of Kubernetes API & controller framework for declarative programming
* Monitoring & real-time visualization of policy violations
* Challenges

Speakers
SM

Sudheendra Murthy

Member of Technical Staff 2, eBay, Inc.
Software professional with extensive experience ranging from Software Defined Networking, OpenStack, Open vSwitch, Enterprise Software development, designing highly scalable and performant web-services at Internet scale. Currently involved in architecture and development of a distributed network security solution for eBay's production Kubernetes, OpenStack and legacy infrastructure.


Wednesday November 9, 2016 9:00am - 9:40am
Grand Ballroom B

Attendees (56)