ABSTRACT. Challenges of Non-Functional Requirements for computing in Space Keynote

ABSTRACT. This experience-sharing lecture will present key engineering and operations challenges typically faced by legacy applications. We will introduce how exponential growth in the number of customers and site traffic results in the phenomenal success of the application, at the same time, the engineering and reliability issues they pose. We will also share our experience on how full-stack engineering transformation and operations automation improves the application's resilience, reduces security and compliance risk, and improves the efficiency of the developers, testers and site reliability engineers. We share the benefits of bringing a cultural change in the team to think and act with a DevOps and SRE mindset.

Speakers will share real-life examples from transforming the DevOps and Operations practices at a large bank in India.

Participants will learn about the common pitfalls as applications mature in an agile business environment, gain success and build up engineering technical debt. They will learn best practices on how to avoid such pitfalls. If they are already facing these challenges, they will learn techniques to transform themselves using a changed mindset and adopt a governance model.

Session type: Experience sharing Delivery Method: Lecture

ABSTRACT. Performance Testing applications in Containers

Learning objectives More solutions are being delivered on the cloud, built from cloud-native components and middleware. This session provides guidance on how to plan and execute performance tests for solutions running in containers. The guidance is based on best practice built up through real-world experience of performance testing on large complex solutions.

The session will cover changes recommended to the Performance Test Approach when testing applications in containers. It will explain what additional activities the Performance Test types need to include and what additional measurements should be taken.

The session will briefly cover the tools currently available to support performance testing of applications in containers.

Finally, the session will also discuss a number of case studies – performance test experience from real-world projects and how the approach is applied.

Expected outcomes The student will understand what is different about performance testing applications in containers and will gain valuable information on how plan and execute the performance test. The student will understand the additional activities to complete and the tools that are available to support them.

Session type The session is a presentation – a learning module and sharing of experience.

Delivery Method Lecture

Biography • William Portal is a performance architect, based in Hursley. He works in CPMA IBM Consulting and has experience of working on large complex engagements in the telecommunications, health and life sciences and banking. He frequently supports the performance testing activities and has experience of cloud solutions. • Varsha Raghu is a test lead, based in Bangalore. She has experience of leading performance testing on large complex solutions in the telco and banking sectors. She has worked on cloud-based projects for over 4 years. • Neshoo Kachroo works in IBM Consulting and is currently working in the UK. She is test specialist with more than 8 years experience of performance testing and of working on complex engagements. She has experience of working on cloud solutions and of Kubernetes and Docker.

ABSTRACT. With over a decade of work and over 9 billion dollars invested, the James Webb Space Telescope had to launch perfectly and every single point of failure had to pass successfully. This is a deployment any SRE would be proud of!

In this session you will learn many SRE lessons through NASA's experiences in developing and launching exploratory probes.

These lessons will range from redundant development of multiple components, through repairable components (both repairable monoliths and repairable orchestration platforms) culminating in techniques of developing reliable components and services.

ABSTRACT. Data Observability is getting more prominence and research attention, as it can provide end-to-end AIOps and intelligent inference of system behavior. Cloud Native Application deployments are growing exponentially (especially k8s based across on-prem, cloud, and edge).

In this session, we discuss different aspects of getting the storage resource, alert, and performance information for heterogeneous storage. We also discuss our thoughts and work on the open source solution for Kubernetes native storage observability.

We will provide a detailed architecture and demo based on our existing Delfin project which provides heterogeneous storage monitoring.

Finally, we would like to explore how we can build it in open source together!

ABSTRACT. Vision of our customer: Artificial intelligence (AI) shall automatically detect vehicle damages like scratches or stone chippings on close-up photos.

This use case can e.g., help automate: - Return of rental and leasing cars - daily security compliance check for commercial vehicles - quality assurance at transfer of perils (shipping of vehicles) - automatic repair cost evaluation (e.g., for insurances)

What we built: Cloud based AI workflow easily adaptable to: - a variety of existing and future business cases - multiple customers and requirements - different on-site hardware setups - altering workloads (auto scalability) - individual sets of performance-, accuracy- and cost requirements

Main challenges: - flexibility to handle different requirements at the same time - performance vs. cost optimization vs. accuracy - reliability / resilience while working with high volume data

How we achieved it: Microservices implementing both, AI and controlling tasks, are being loosely coupled by using asynchronous messaging, subscription filtering and auto scaling. This enables building highly scalable, configurable, and resilient interconnections to create a network of different business scenarios running in parallel. The per service auto scalability allows immediate cost optimization (scale down) as well as performance/throughput optimization (scale up) on demand.

ABSTRACT. Hybrid cloud brings increasing challenges controlling security compliance including a rapidly changing inventory that is scattered across multiple landing zones and a new set of deployment practices with DevOps. A compliance management system needs to process millions of data points continuously with a need to handle deviations, custom configuration and compensating controls.

A compliance management system is more than just technology - it is a system guided by human behaviors and motivations. This session builds on the compliance strategies that were successfully applied to a global compliance program using a combination of policy-driven compliance, deviation management, enterprise reporting and lifecycle management.

A set of enterprise compliance management practices for hybrid cloud are discussed including how human behaviors, and therefore compliance, can be changed. Providing a system that automates the full lifecycle is essential to removing the need for manual processing.

ABSTRACT. Most organisations rely solely on maturity-based assessments to drive both the content and the order of the initiatives of their zero trust program. IBM Security has added a new capability to this approach by combining maturity assessments with risk quantification. Add threat intelligence to this mix and organisations gets a revealing insight about their zero trust strategy and the resulting potential financial impact leveraging industry specific threat data. Such combined approach has several additional benefits: * Prioritisation of initiatives based on the combination of maturity, financial impact, and current threats * Insight on the financial risk reduction that a zero trust based solution implementation can have for a given application stack within an organisation * Review and tune zero trust program initiatives and priorities based on the financial impact to the organisation in relation to the active threat landscape

During this presentation you will learn how adding risk quantification to a zero trust maturity assessment improves your zero trust program holistically.

1. Understand risk quantification foundational concepts 2. Learn how the combined approach of maturity assessment and risk quantification can help to improve both the zero trust strategy as the related zero trust program of your organisation. 3. Learn about a real life use case where Risk Quantification was used to improve the prioritisation of the zero program

ABSTRACT. The influence of technology is two-way - while people and society drive technological change, changing technologies can in turn shape society and the individual with new applications and devices literally transforming the way we work and live. The messy reality is that technology impacts lives, in both positive and negative ways. At its best, technology supports initiatives of all kinds. At its worst, there are unanticipated consequences or even malevolent uses and unfortunately even well meaning applications and devices are being manipulated to cause real-world harm. Those same technologies that connect and protect us are being exploited to exert an unprecedented level of control over vulnerable individuals.

Recognising this as a growing issue, in May 2020 IBM published Five Technology Design Principles to Combat Domestic Abuse, proposing a way of resisting melevolent manipulation of technology through thoughtful design. However, while many technologists have a key desire to build safe applications and devices, identifying how perpetrators may manipulate technology to harm vulnerable individuals, and devising measures to lessen those manipulations, is no easy task.

This talk will introduce the MISUSE threat model frameworks. Just as technologists put on an imaginary hacker’s hat, seeing their product through a hacker's eyes when pinpointing security threats - so too can they now put on an imaginary abuser's hat, focusing on perpetrator intent to recognise the full range of harms their technology could pose to individuals. With this understanding they can work towards mitigating those malicious intents by advancing the security, privacy, and usability of their technologies - improving the lives of some of society’s most vulnerable people.