Sysdigand Red Hat Empowering OpenShift And Prometheus

Sysdig and Red HatEmpowering OpenShift andPrometheusDmitriy SandlerSenior Sales Engineer@dmitriy sandler

Sysdig snapshotMISSION: Enable enterprises to operate reliable and secure containerized cloud-native applicationsCompany Snapshot Founded in 2013 HQ in San Francisco;global presence 120M in capital fromtop-tier VCs Built on an open core withmillions of downloads anda strong communityPROM ive CustomersStrong Momentum ARR growingexponentially Customers have apattern of expandingscope and use cases Strong eco-systemalliances

Buying Catalyst: Containers in Production / Scale“I cannot be in production with no ability to troubleshoot issues”Bank Of New York“Our internal audit has decided that OpenShift is now large enough and it is within the purview of theiraudit. They found a host of issues that we need to address immediately”Barclays“Moving to a more modern platform using Openshift - Data needs to be more resilient and highlyavailable because when sabre has issues., it makes the news”Sabre“We are moving all our applications to the cloud we need to know what happened, not just that ithappened”DnB

The challenge with cloud-native applicationsPolling every 60 seconds is not enoughwhen containers can come and go inseconds”“We need to be able to drill down fromhigh level views all the way tomounted file systems withincontainers”“Top 5 Global Investement BankFasthosts InternetRUNBUILD“How do we ensure PCI compliance forour Kubernetes environment in AWSand GCP?”NordstromRESPOND“We have Newrelic but need operationalmonitoring things are going to go wrong andwe need to know within 5 minutes”Premiere Global Services

NTREASP IONAN TATRE T ENQU RUMIUN ERSysdig ArchitectureSYSDIGSYSTEM CALLSHOST / OS KERNELKernel instrumentation sees all app, container, host, and network system calls.Monitor, detect, protect, and troubleshoot from a single instrumentation point.

Our ApproachOur Mission: Enable enterprises to operate reliable andsecure containerized cloud-native applicationsDataComprehensive,scalable and contextrich record of allactivityCloud-nativeIntelligence PlatformCore principles:1. No instrumentation2. No pre-meditation always on3. Container-native4. Applications and infrastructure5. Deeper dataInsightsAutomated monitoring,detection andforensics/troubleshooting

Cloud-native operations is fundamentally a data challengeHow can we scan & block vulnerable images and enforcebest practices pre-production?BUILDBUILDDevOpsHow can we block threats, enforce compliance andmonitor application and service performance?RUNRUNHow can we proactively alert on incidents, reduce MTTRwith forensics, and capture detailed audit records?RESPONDRESPOND

SYSDIGSolution Portfolio.Robust commercial software offerings Built on the most popular cloud-native open source solutions.

Stronger me DetectionIncident ResponseForensicsDeep troubleshooting andobservability across the stackApplicationsMiddlewareInfrastructure (hosts & containers)OrchestratorsCloud PlatformsNetwork connectionsProcess and syscall activityCustom pleSecureSupportedService Topology andworkflows

Telemetry across the stack, across clusters, across cloudsApplications MTTR: Reduce time and resources of sifting throughLOBService OwnerMicro-ServicesCustom Metrics (JMX, StatsD, Promehteusetc)Golden Signals (HTTP, response time,throughput etc)Cloud-NativeApplication Stackmultiple tools to identify root cause and resolutionexponentially faster. Reliability: Gain confidence and reliability ofOpenShift accelerating more workloads through theSDLC pipeline into production.Application MetricsApplication OpsSysdigModernInfrastructureInfrastructure MetricsPlatform OpsDashboardsAlertsAnalyticsCapturesAlerting Systems(e.g., PagerDuty)Network OpsNetworkNetwork Metrics

Dynamic Service Monitoring & Troubleshooting Dynamic discovery of micro servicesDeep Kubernetes insights (native monitoring of kube components, kube-state metrics, Istio monitoring, out of the box dashboards & alerts)Service level topology, dashboards and alertsIn depth troubleshooting from service level down to infrastructure level to system call levelMulti-tenant, service based teams and rolesEnd-to-end visibilityService TopologyService , application & infrastructure DashboardsCluster Topology

Massive scale.100s of Millions of metrics per 10 sec10K hosts100K metrics per host /min200 containers per hostMulti-dimensional queryingLive stream Kafka tapQuery language for metric analyticsCorrelated events metrics

Prometheus Customer journey: adopt, expand,scaleStage #1: dev-led, single app,DIYStep #2: scale out, multi-cluster, multi-cloudHow do I ?Sysdig’s Enterprise Prometheus (Turn key) scale metrics per host per sec (1,000 à 15,000) view multi-cluster / multi-cloud? run a global query across clusters? view data older than 2 weeks view service-to-service performance? integrate with enterprise workflow?. What is my troubleshooting workflow?Scale out w/ Thanos / Cortex / M3 (DIY)

Enterprise Prometheus from SysdigAuto-discovery,Auto-discovery, collectioncollection andand tagging: Ingest and visualize Prometheus metrics automaticallywithwith nono developerdeveloper changes.changes.Scalability,Scalability, reliabilityreliability and long-term data: Industry-leading, horizontally scalable metric store,long-termdatalong-term data retention,retention, fullfull HAHA andand highlyhighly performantperformant queryingquerying atat 100s100s ofof millionsmillions ofof metrics/sec.metrics/sec.Multi-cluster, multi-cloud visibility: Aggregate, query, and visualize metrics and events acrossacrossdata centers, clusters, and clouds.Service-oriented workflow and topology maps: Tooling and workflows designed formicroservices without code instrumentation or pre-meditationDeep troubleshooting out-of-the-box: Full-stack telemetry from services, applicationsand infrastructure down to the container process with network level data with eventcorrelation. No hooks, plugins or additional configurations to collect data at any layer.Lower total cost of ownership with an enterprise-ready solution: Role-based access control,Teams, encryption, audit and compliance, support and more.

How does it work?Comparing standalone Prometheus andSysdig with PrometheusPrometheus ServerPrometheus ServerAlert ManagerPrometheusServerAlert lert GrafanaManagerPrometheus ServerGrafana Prometheus ServerPrometheusServerPrometheusServerAlert ManagerAlert ManagerPrometheusServerPrometheusServerAlert ManagerAlert verAlert ManagerAlertManagerGrafanaGrafanaAlertManagerAlert ManagerGrafanaGrafanaGrafanaGrafana!100s ofstandaloneservers!GrafanaDashboardsSysdig MonitorCross-cluster Dashboards,Alert, Correlation andAnalyticsSysdig APISysdig agentsautomatically scrapePrometheus metricsPromQLSysdigbackendAll system metrics network metrics Kubernetes metrics custom metrics:Prometheus StatsD JMXPrometheus instrumented appsand infrastructure exporters

Dashboarding and Alerting Rich and flexible dashboarding Real time alerting and anomaly detection Best practices based out-of-the-box dashboards and alerts

Building charts with Prom Query Language

End-to-End Security for AGEMENTRUNTIMEDETECTIONFULL STACKFORENSICSAUDIT& COMPLIANCECI/CD, static imagescanning, runtimevulnerabilitymanagement.Openshift provides withOpenSCAP.Identify and blockthreats in real time,prevent lateralmovements based onbehavioralintelligenceDrill down from policyviolations into 100%granularity capturesof pre- and postattack activity.Schedule compliancescans, log useractions, andcommand-linearguments.SERVICE ORIENTED SECURITYProtect distributed, dynamic, and ephemeral services with a single service policy and no manual configuration.

Red Hat and Sysdig – Stronger TogetherPillar 1: Security- Openshift provides Image Scanning and integration with CI/CD process via OpenSCAP. Better together with system calllevel security and behavioral analysis along with deep forensics to better understand the internal or external actors motives and addressaccordingly. Run time security: stop zero day and internal threats, prevent lateral movements based on behavioural intelligenceEnforcement & Forensic Captures: Create detailed system captures for any policy violation or incident enabling ability to take actions against malicious activity.Service Oriented Incident Response: View of your security policy violations based on orchestrated services.Pillar 2: Troubleshooting/ Reliability - Sysdig’s unique instrumentation point allows Openshift users to take advantage of troubleshootingcapabilities to provide your nodes, pods, services, and deployments an additional highly potent reliability tool even after your pods orservices are no longer there providing better Root Cause and Mean Time to Repair MTTR: Reduce time and resources of sifting through logs to identify root cause and resolution exponentially faster.Reliability: Gain confidence and reliability of OpenShift accelerating more workloads through the SLDC pipeline into production.Pillar 3: Enterprise Grade Prometheus- what does that mean on top of all the goodness you receive with OpenShift’s excitingPrometheus OOTB support: The 5 S’s will help your OpenShift Platform be your platform of choice for your container workloads. Scale: Provides a horizontally scalable distributed Collector that handles tens of millions of metrics per second with cross-cluster aggregation to keep pace withlarge, complex environments.Scope: Collects, analyzes, and correlates Prometheus metrics with granular metrics and events for system processes, applications, cloud platforms, networks,orchestrators, and customer metrics like StatsD and Java TM Management Extensions (JMX), with advanced visualizations like topology maps.Simplicity: Reduces complexity with a turn-key solution that eliminates the headaches of managing multiple isolated monitoring systems and services.Security: Integration with Openshift’s Industry leading RBAC and Secrets ManagementSupport: Extends technical support and services to enterprise Prometheus users to resolve issues more rapidlyAll this with one platform .OpenShift Sysdig

Enforcement & Forensic Captures:Create detailed system captures for any policy violation or incident enabling ability to take actions against malicious activity. Service Oriented Incident Response:View of your security policy violations based on orchestrated services.