ServiceMeshCon North America 2020: Full Schedule

Virtual Event
November 17, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

10:00am EST

Opening Remarks - Marco Palladino, Kong

Speakers

Marco Palladino

CTO and Co-Founder of Kong, Kong

Marco Palladino is an inventor, software developer and entrepreneur. He is currently the CTO and co-founder of Kong, the leading cloud connectivity company that created widely adopted open source projects such as Kong Gateway, Kuma and Insomnia. Before Kong, Marco co-founded Mashape... Read More →

Text Transcript GNTD 9934 txt

Tuesday November 17, 2020 10:00am - 10:10am EST
Virtual

General Session

10:15am EST

Service Mesh - The New Single Point of Failure - Mitch Connors, Google, Sabeen Syed, HashiCorp & Thomas Rampelberg, Buoyant

Interested in knowing why your favorite service mesh was implemented that way? Architecture decisions have real user impact. When building a service mesh, it is possible to fall into a trap of choosing implementation that is easier to build but makes it difficult to operate in the real world. While service meshes enable new levels of resiliency for users’ applications, they suffer from a chicken and egg problem: How do you build a resilient and scalable service mesh without having a service mesh to rely on?
Maintainers of Istio, Linkerd2 and Consul will walk through tradeoffs the projects have made during implementation and the impact on users. Topics will include:

Why it is important to verify environments before installation.
How to build a service mesh which can be safely upgraded.
What regular security updates mean for upgrades.
How to give users the same stability for config changes as they require for code changes
What to do when the mesh breaks.
Why the division of responsibility is important.

Speakers

Sabeen Syed

Senior Engineering Manager, HashiCorp

Sabeen Syed is a Senior Engineering Manager at HashiCorp, working on the Consul Service Mesh and Consul API Tooling teams. She enjoys cultivating and nourishing teams to enable taking products and processes from ideas to execution. She has spoken at a number of conferences and meetups... Read More →

Thomas Rampelberg

Software Engineer, Buoyant

Thomas Rampelberg is a Software Engineer at Buoyant Inc. He has made a career of building infrastructure software that allows developers and operators to focus on what is important to them. He is a contributor to Linkerd and has been maintaining Kubernetes applications at scale and... Read More →

Mitch Connors

Sr. Principal Engineer, Aviatrix

Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →

Service Mesh The New Single Point of Failure pdf

Text Transcript MZUR 9815 txt

Tuesday November 17, 2020 10:15am - 11:00am EST
Virtual

Session Presentation

11:05am EST

Taking Service Mesh a Step Further with WebAssembly - Christian Posta, Solo.io

WebAssembly (WASM) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable target for compilation of high-level languages like C/C++/Rust, enabling deployment on the web for client and server applications. Wasm support in Envoy means that that opens up new possibilities in customizing service meshes built on Envoy with modules that modify the behavior of the sidecar proxy in any language. The possibilities are endless and in this talk we will explain: - The state of Wasm in Envoy and how it works - Demonstrate the developer experience in building, sharing, and deploying modules - Demonstrate a range of modules types and the kind of behavior it can customize in the sidecar proxy

Speakers

Christian Posta

Global Field CTO, Solo.io

Christian Posta (@christianposta) is VP, Global Field CTO at Solo.io. He is the author of Istio in Action as well as many other books on cloud-native architecture and is well known in the cloud-native community for being a speaker, blogger (https://blog.christianposta.com) and contributor... Read More →

Text Transcript VPAD 3382 txt

Tuesday November 17, 2020 11:05am - 11:50am EST
Virtual

Session Presentation

11:55am EST

Break

Tuesday November 17, 2020 11:55am - 12:20pm EST
Virtual

Break

12:25pm EST

Multi-Cluster & Multi-Cloud Service Mesh with CNCF’s Kuma and Envoy - Marco Palladino, Kong

Learn how to run a distributed Envoy-based service mesh on multiple Kubernetes clusters and multiple clouds in just a few steps with Kuma, a CNCF project. In this session, we'll be firing up Kubernetes clusters in multiple regions to demonstrate how we can secure, route, connect and observe service connectivity in a distributed service mesh. In this session, we will learn to: - Use Kuma’s multi-zone deployment to spin up a multi-cluster and multi-region service mesh. - Leverage the global/remote control separation to scale reliability with HA. - Use the built-in service discovery and ingress capability for out of the box service connectivity across multiple zones, clusters and regions. - Use Kuma’s policy to determine the behavior of traffic across different clusters, like Traffic Route, mTLS, Traffic Permission and so on.

Speakers

Marco Palladino

CTO and Co-Founder of Kong, Kong

ServiceMeshCon2020 pdf

Text Transcript WNXL 0023 txt

Tuesday November 17, 2020 12:25pm - 12:45pm EST
Virtual

12:50pm EST

Istio Service Mesh Simplified Beyond a Single Cluster - Lin Sun, IBM & Sven Mawson, Google

We have made numerous improvements to the Istio project over the past year to simplify the experience for users and operators in a single cluster. This year we have been focusing on improving the experience beyond a single cluster, simplifying multicluster deployment by merging the replicated control plane and shared control plane patterns. Within this unified multicluster pattern, users can choose a control plane and network topology based on their business needs and requirements. We have also been simplifying Istio's usage beyond containers, making it easier for users to securely onboard VMs into the service mesh. In this talk, we will be demoing the new and improved experience for using Istio with multiple clusters and expanding the mesh to VMs.

Speakers

Sven Mawson

Principal Software Engineer, Google

Sven is one of the founders of Istio, the open source Service Mesh, and he is a Principal Software Engineer at Google. He joined Google in 2006, and has spent the past 15+ years working on several generations of Google's API and Service Management platforms, beginning with the AtomPub-based... Read More →

Lin Sun

Senior Technical Staff Member, IBM

Lin has been working on container and cloud-native since 2014 from Docker to Kubernetes to Service Mesh. She is currently an Istio maintainer, a member of the Istio steering committee and technical oversight committee. She is passionate about new technologies and loves to play with... Read More →

istio simplified beyond single cluster smcna2020 master pdf

Text Transcript ZGEE 1195 txt

Tuesday November 17, 2020 12:50pm - 1:35pm EST
Virtual

Session Presentation

1:40pm EST

How the DoD Use Istio for End-to-End Encryption and Authentication - Zack Butcher, Tetrate & Jeff McCoy, Platform One

Security remains one of the primary drivers behind service mesh adoption today. We’ll describe why and how Platform One is using a service mesh - Istio - to provide both encryption in transit as well as end-user authentication via SSO for applications across the Department of Defense. We’ll dig into the practical challenges involved in deploying the Istio ecosystem’s authservice, which implements Envoy’s external auth API to provide SSO, and the design considerations that went into making the system incredibly simple for application teams running on Platform One to consume. Finally, we’ll briefly introduce an upcoming NIST IR covering the usage of a service mesh to provide authentication and authorization for applications.

Speakers

Zack Butcher

Founding Engineer, Tetrate, Tetrate

Zack helps large enterprises adopt Envoy and Istio. An early engineer building Istio at Google, he served on its Steering Committee and co-authored “Istio: Up and Running” (O'Reilly). He works with NIST and co-authored a series of Special Publications defining microservice security... Read More →

Jeff McCoy

CTO, DoD Platform One

Text Transcript UMBR 9090 txt

Tuesday November 17, 2020 1:40pm - 2:25pm EST
Virtual

Session Presentation

2:30pm EST

Break

Tuesday November 17, 2020 2:30pm - 2:45pm EST
Virtual

Break

2:50pm EST

Service Mesh use cases for Telco and Edge - Kunal Shukla & Prajakta Joshi, Google

Service Mesh is a key paradigm for Telco, 5G and Edge. In this session, the speakers deep dive into how Service Mesh delivers technical and business value for use cases like: - Service Mesh for modern service ops for Telco - Service Mesh for managing heterogeneous environments with container and openstack/VM services - Service Mesh for 5G Core service based architecture - Telco Security - Consistent service management across multi-cloud and Edge - Extending the experience of Cloud to the Edge The speakers also describe some of the new capabilities that are needed in service mesh for these use cases and the road ahead.

Speakers

Prajakta Joshi

Group PM, Cloud Networking, Telco and Edge, Google

Prajakta is Group PM in Google Cloud leading Cloud Networking, Telco and Edge. In this role, she manages a broad product portfolio spanning areas of Cloud Load Balancing, Content Delivery, modern application networking/service mesh, gRPC, Telco modernization, and 5G/4G Edge Computing... Read More →

Kunal Shukla

Key Account Executive, Google

Kunal Shukla is the Key Account Executive at Google Cloud focusing in Telecommunication, Media , Entertainment and Gaming vertical for select strategic accounts. Kunal is responsible for sales, business and technology strategy for key customers across 5G/Edge, Telco/IT Cloud, AI/ML... Read More →

Text Transcript ZHVT 7867 txt

Tuesday November 17, 2020 2:50pm - 3:35pm EST
Virtual

Session Presentation

3:40pm EST

Multi(Control Plane/Network/Mesh)??: A Practical MultiCluster Deployment - Nicholas Nellis & Vikas Choudhary, Tetrate

While Working with several traditional customers spanning defense, finance, etc., we found that the service mesh multicluster models that exist today are completely unusable from an enterprise point of view. They are designed with the network administrator in mind, focusing on how to connect two clusters, and not on how developers across teams like to consume the services exposed by other teams. The multicluster models that app teams want, turned out to be dramatically simpler than the ones out there today. This talk discusses our experiences working with these teams, our learnings from how they built out an API-centric multicluster model and what we as a community of (mostly) infrastructure developers should do to better support the application teams

Speakers

Nicholas Nellis

Software Engineer, Tetrate

I enjoy working on the latest and greatest cloud technology. Currently working to improve multi cluster application management using service mesh!

Vikas Choudhary

Software Engineer, Tetrate

Vikas has been contributing code in the virtualisation and cloud computing domain since 2013. SDN networking to OpenStack to Docker to Kubernetes to ServiceMesh.Currently he is focussed on Istio/Service Mesh to solve some hard problems in the application networking space.

servicemeshcon na 2020 ppt pptx

Text Transcript MZVE 0444 txt

Tuesday November 17, 2020 3:40pm - 4:25pm EST
Virtual

Session Presentation

4:30pm EST

L7mp: A Multiprotocol Service Mesh for Legacy Applications - Gábor Rétvári, Budapest University of Technology and Economics (BME)

The service mesh is too cool to keep it HTTP-only! Despite the increasing use of HTTP as a common application transport protocol, there are tons of legacy non-HTTP applications that would greatly benefit from the traffic management and monitoring capabilities provided by a service mesh. Primary examples are anything that runs on top of UDP or SCTP, including telco apps, VPN, IoT, video-gaming, or DNS. Currently, these applications are left behind by the cloud-native community. Taking a real telco media-plane use case as demonstrator, this talk makes the case for l7mp, a joint industry-academy effort to build a service mesh prototype with first-class support for legacy applications. L7mp aspires to serve as an incubator project to experiment with radically new service mesh designs and features, including full multi-protocol support, programmable protocol L7 parsing, native stream-management, and kernel-based offload for sidecar proxy acceleration.

Speakers

Gábor Rétvári

Budapest University of Technology and Economics (BME)

Gábor Rétvári is an Associate Professor at BME, Hungary, and a Senior Researcher at Ericsson. As an academic scholar he coauthored 70+ scientific papers, among them a recent paper on the intersection of software-defined networks (SDN) and service meshes. He is leading the joint... Read More →

Nov17 L7mp A Multiprotocol Service Mesh for Legacy Applications Gabor Retvari pdf

Tuesday November 17, 2020 4:30pm - 4:40pm EST
Virtual

Lightning Talk

4:40pm EST

Confident Canary Deployment to Production With Istio - Raju Dawadi, Oyster

The session covers covers the production use case of Oyster Financial on using Istio service mesh for handling traffic. The testing in non-production environment and rolling out to live users was not effective for fintech product where the usage is critical. Also, due to the inconsistent in third party, there was need to test traffic in live environment for internal user and that has to be for selective or all services. The usage of Istio feature on routing traffic based on header as well as percentage rollout was used effectively which has made deployment to Prod0 seamless. Also measuring the performance as well as real use case test of newer version helped in providing a good end user experience for evolving fintech startup in Mexico. But the management complexity rises when number of services increases and there are too may configs to be managed. Combination of helm helped a lot throughout the process.

Speakers

Raju Dawadi

Site Reliability Engineer, Oyster Financial

Raju, a Google Developer Expert(GDE) in Cloud Platform is a DevOps enthusiast and is currently diving into SRE(Site Reliability Engineering) along with building DevOps and Cloud Native community in Kathmandu, Nepal. He enjoys learning, implementing & sharing experiences over cloud... Read More →

17Nov Confident Canary Deployment to Production With Istio Raju Dawadi pdf

Tuesday November 17, 2020 4:40pm - 4:50pm EST
Virtual

Lightning Talk

4:50pm EST

Service Mesh Security in a Nutshell - Venil Noronha & Manish Chugtu, VMware, Inc.

Security is one of the greatest challenges in the cloud-native world today. Service meshes promise several benefits including better connectivity, and observability, and most importantly security. Securing a cloud-native service involves securing it at several levels i.e. at the perimeter (ingress/egress gateways), when accessing other services, when persisting data, when processing requests, etc., and using a service mesh one can address several of these issues in a consistent and maintainable manner. In this talk, we will present some of the key patterns that one can use for securing cloud-native services when working with north-south and east-west traffic. We will talk about available TLS choices (passthrough, mTLS, etc.), AuthN/AuthZ constructs, JWT support, and extension mechanisms within Envoy/Istio that you can leverage for building customized policy frameworks. We will also discuss application security in the context of multi-cluster service mesh deployments. Come join us!

Speakers

Manish Chugtu

Enterprise Technologist, Strategy and Innovation, VMware

Manish is an innovative thought leader with 20+ years of experience in architecture, design and product development with extensive experience in architecting and developing highly scalable enterprise solutions. Currently as “Enterprise Technologist - Strategy, Community and Innovation... Read More →

Venil Noronha

Sr. Member of Technical Staff, VMware, Inc.

Venil Noronha is an engineer with the Tanzu Service Mesh team at VMware. He also contributes upstream to open source projects in the service mesh domain, like Istio and Envoy proxy. In the past, he has contributed to several open source projects including Kubernetes, Spring, and... Read More →

Service Mesh Security in a Nutshell pdf

Tuesday November 17, 2020 4:50pm - 5:00pm EST
Virtual

Lightning Talk

5:15pm EST

Break

Tuesday November 17, 2020 5:15pm - 5:30pm EST
Virtual

Break

5:35pm EST

Running Machine Learning Workloads on a Service Mesh

Data security is one of the key pillars to ensure successful operationalization of machine learning workloads. A service mesh can help build capabilities around mTLS, authorization checks combined with some other goodies to add security, resilience and observability to existing services and applications. JupyterHub is one of the most popular open source tools of choice for teams running machine learning environments. There has been a lot of demand in the community to add support for running JupyterHub with a service mesh on Kubernetes. This talk would cover the journey of adding Istio ServiceMesh support to JupyterHub, the roadblocks, the troubleshooting journey and how Istio makes operating and securing machine learning workloads easier despite the heterogeneous nature of tools that the data scientists use. This combined with network policies and other security best practices for running workloads on Kubernetes makes for a great operational and usability combo.

Speakers