Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Aptible Update Webinar - January 2018

7ee78ba49eaf26113318ac3597887cc5?s=47 Aptible
January 30, 2018

Aptible Update Webinar - January 2018

The Aptible Update Webinar Series is a quarterly presentation that covers recent features and changes to the Enclave container orchestration platform and Gridiron security management tool. We hosted our Q1 Update Webinar on January 25, 2018. In it, we covered:

- An overview of Meltdown and Spectre. We discussed Enclave's security architecture, and our team's response to the the vulnerabilities.
- Metric Drains: We launched this feature, which had been requested often by customers. Metric drains let you route your Enclave container metrics to the destination of your choice, and allows you to do more with your metrics.
- Other Enclave feature updates.



January 30, 2018


  1. Aptible Update Webinar January 2018

  2. 1. Meltdown & Spectre Panel Discussion 2. Enclave Metric Drains

    3. What else is new on Enclave? Agenda
  3. Meltdown & Spectre Panel Discussion

  4. Panel Discussion Meltdown & Spectre • Why Enclave is designed

    to protect you against this class of vulnerabilities • How we responded to this particular release
  5. None
  6. None
  7. None
  8. None
  9. None
  10. None
  11. Remediation: Timeline Date Actions January 3, 2018 Early notification on

    our status page about upcoming maintenance January 4, 2018 Shared-Tenancy • Patched all app and database instances Dedicated-Tenancy: • Patched all app instances • Scheduled maintenance windows for database instances, notified customers January 9, 2018 All patching complete
  12. • Identify abstract threats ◦ Where are you vulnerable? ◦

    Architecturally, what can you do to mitigate? • Respond to concrete vulnerabilities ◦ Prepare an incident response program ahead of time ◦ Execute on it • Assess and improve your security posture on an ongoing basis ◦ Enclave wasn’t built like this from day 1: re-architect as you identify new threats ◦ Continuously refine your incident response strategies and methods Meltdown & Spectre: Key Takeaways
  13. Metric Drains (Container Performance Monitoring) Feature Focus

  14. Metric Drains: Overview • Container Metrics captured every 30 seconds

    • Routed every 15 seconds to the destination of your choice ◦ InfluxDB (self-hosted on Enclave) ◦ InfluxDB (anywhere, e.g. hosted InfluxData) ◦ Datadog ◦ More third-party providers to come… feedback welcome!
  15. Metric Drains: What is captured? • Metrics: ◦ Running status

    ◦ CPU Usage ◦ Memory Usage (RSS / Total) & Limit ◦ Disk I/O ◦ Disk Usage & Limit (DB Only) • Each destination has its own metric format, review the documentation: ◦ go.aptible.com/metrics-influxdb ◦ go.aptible.com/metrics-datadog • Documentation also covers what these metrics mean
  16. Metric Drains Use Cases Empowering you to do more with

    your metrics
  17. Retention Retain metrics for as long as you’d like across

    as many releases as you’d like
  18. Alerting Respond to performance issues before they become user-facing problems

  19. Correlation Incorporate in Dashboards, Correlate with APM

  20. Metric Drains Tips

  21. InfluxDB Support Ideal for time series data Integrates with Metric

  22. Metric Drains: Tips • InfluxDB is now a supported Database

    on Enclave ◦ InfluxDB is a great choice to use as a Metric Drain ◦ It’s what we use ourselves for Dashboard metrics • InfluxDB pairs very well with Grafana ◦ Grafana provides visualization & alerting ◦ Grafana is trivial to deploy on Enclave with Direct Docker Image Deploy ◦ go.aptible.com/grafana
  23. What’s new on Enclave? Feature Review

  24. Feature Review • Managed HIDS: Now generally available • VPC

    Peers & VPN Tunnels in Dashboard • Smarter CLI ◦ JSON Output ◦ Versions for aptible db:create • Smarter Databases ◦ MongoDB Replica Set Re-configuration on backup:restore ◦ Databases Auto Optimization • InfluxDB support
  25. Managed HIDS (Host Intrusion Detection System) Now Generally Available!

  26. Managed HIDS Audit-ready weekly PDF + CSV reports Satisfy compliance

    requirements for intrusion detection
  27. Managed HIDS • Fully managed: enable it, we take care

    of everything else • All major compliance frameworks give credit for HIDS • Free for shared tenancy stacks. $0.02 / GB / hour for dedicated tenancy stacks. Try it out! Download reports through the Dashboard
  28. VPC Peers & VPN Tunnels in Dashboard

  29. VPC Peers Connect to any AWS VPC No maintenance 100%

  30. VPN Tunnels Connect to any VPN network Requires a VPN

    Gateway $99 / VPN connection
  31. VPC Peers & VPN Tunnels: Setup • Setup is through

    support: contact.aptible.com • Once setup, connection details are visible in the Dashboard
  32. Smarter CLI

  33. JSON Output Enhanced Scriptability More Data

  34. Select any available version aptible db:versions aptible db:create

  35. Smarter Databases

  36. MongoDB Replica Set Re-configuration • Restored instances no longer attempt

    to join the existing replica set ◦ Required manual re-configuration before (potentially risky) ◦ Now fully automated
  37. Database Auto Optimization • Databases now configure according to their

    container size ◦ Get the most out of the resources you choose ◦ Easier to experiment with new footprints
  38. Thanks! Register for the next Aptible Product Update Webinar April

    25, 2018 2 p.m. ET / 11 a.m. PT http://go.aptible.com/product-webinar-apr-2018